Jump to content


Photo

vírus http://www_getwindowinfo/

Started By Lord Spy, 28/01/2006, 15:30

  • This topic is locked This topic is locked
22 replies to this topic

#16 Shake

Shake

    Novato no fórum

  • Usuários
  • 2 posts
  • Sexo:Não informado

Posted 16/07/2007, 19:08

@Choco

Seu problema está aqui:
C:\WINDOWS\system32\orgut.exe (Trojan.ORGUT.Process)

Vá em Iniciar > Executar e escreva estes comando (um de cada vez):
cmd /c del /q /f /A C:\WINDOWS\system32\orgut.exe aperte enter
cmd /c del /q /f /A /S C:\WINDOWS\temp\*.* aperte enter
cmd /c del /q /f /A /S C:\WINDOWS\prefetch\*.* aperte enter

Se dessa forma não eliminar tente fazer isso em modo de segurança!
Mais informações clique aqui.

Abraços

#17 eriiika

eriiika

    Novato no fórum

  • Usuários
  • 1 posts
  • Sexo:Não informado

Posted 28/09/2007, 15:49

Logfile of HijackThis v1.99.1
Scan saved at 15:34:44, on 28/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Arquivos de programas\Wapp.exe
C:\Arquivos de programas\QuickTime\QTTask.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\System.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\WinZip\WZQKPICK.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mgmsgr.exe
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\DOCUME~1\Erikaa\CONFIG~1\Temp\Rar$EX06.750\HijackThis.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe
C:\WINDOWS\system32\IExplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O1 - Hosts: 207.56.138.212 www.caixa.com.br207.56.138.212 www.caixa.gov.br207.56.138.212 www.cef.com.br207.56.138.212 www.cef.gov.br207.56.138.212 www.caixaeconomica.com.br207.56.138.212 www.caixaeconomicafederal.com.br207.56.138.212 caixa.com.br207.56.138.212 caixa.gov.br207.56.138.212 cef.com.br207.56.138.212 cef.gov.br207.56.138.212 caixaeconomica.com.br207.56.138.212 caixaeconomica.gov.br198.65.56.55 www.itau.com.br198.65.56.55 www.itaupersonnalite.com.br198.65.56.55 itau.com.br198.65.56.55 itaupersonnalite.com.br198.173.100.23 www.bradesco.com.br198.173.100.23 www.bradescoempresas.com.br200.211.27.145 www.nossacaixa.com.br200.211.27.145 wwws.nossacaixa.com.br128.241.196.26 www.real.com.br128.241.196.26 www.bancoreal.com.br
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Wapp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://200.212.184.2...re_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://200.212.184.2...te_2_0_0_25.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.atrativa....nx.1.0.0.55.cab
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown Installer ActiveX Control Portuguese) - http://idownload.br....-portuguese.cab
O16 - DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} (ChatWebX Control) - http://servers.centr...web/ChatWeb.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.2...ds_2_0_0_32.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://200.212.184.2...90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.2...vy_2_0_0_23.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GameDesire Checkers) - http://200.212.184.2...rs_2_0_0_16.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa....mjolauncher.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.2...er_2_0_0_45.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - http://www.atrativa....bugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://200.212.184.2...er_2_0_0_17.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://200.212.184.2...70_2_0_0_33.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://200.212.184.2...no_2_0_0_33.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://200.212.184.2...oku_2_0_0_5.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://200.212.184.2...es_2_0_0_32.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://200.212.184.2...ts_2_0_0_30.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://200.212.184.2...ut_2_0_0_19.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.2...ds_2_0_0_50.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://200.212.184.2...le_2_0_0_47.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa....outLauncher.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa....sh.1.0.0.58.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.2...ss_2_0_0_21.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa....opcaploader.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://200.212.184.2...ng_2_0_0_29.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.2...d8_2_0_0_35.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://200.212.184.2...dt_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://200.212.184.2...er_2_0_0_28.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.mucao.net.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B60AB39D-4468-4F32-994E-7D542EAD34CA}: NameServer = 201.10.128.2 201.10.120.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

alguem me ajuda. por favor? ^^

#18 betão colorado

betão colorado

    Novato no fórum

  • Usuários
  • 1 posts
  • Sexo:Não informado

Posted 24/11/2007, 00:01

PESSOAL, ESTOU COM ESTE MESMO ERRO TB: http://www_getwindowinfo/ fica abrindo uma página atrás da outra com este erro, já passei de tudo aqui no meu PC, spybot, adware, CWShredder, e outros. o log do HijackThis é este, veja se alguém consegue me ajudar por favor.

Logfile of HijackThis v1.99.1
Scan saved at 23:36:35, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Eset\nod32krn.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\help\svhost.exe
C:\WINDOWS\Prefetch\msn.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Taskmgrr.exe
C:\Arquivos de programas\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\Taskmgrr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\schtasks.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\Documents and Settings\Gilberto\Desktop\HijackThis.exe
C:\WINDOWS\system32\IEXPLORE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about-blank.in
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 204.3.128.65 www.caixa.com.br
O1 - Hosts: 204.3.128.65 www.caixa.gov.br
O1 - Hosts: 204.3.128.65 www.cef.com.br
O1 - Hosts: 204.3.128.65 www.cef.gov.br
O1 - Hosts: 204.3.128.65 www.caixaeconomica.com.br
O1 - Hosts: 204.3.128.65 www.caixaeconomicafederal.com.br
O1 - Hosts: 204.3.128.65 caixa.com.br
O1 - Hosts: 204.3.128.65 caixa.gov.br
O1 - Hosts: 204.3.128.65 cef.com.br
O1 - Hosts: 204.3.128.65 cef.gov.br
O1 - Hosts: 204.3.128.65 caixaeconomica.com.br
O1 - Hosts: 204.3.128.65 caixaeconomica.gov.br
O1 - Hosts: 198.65.56.55 www.itau.com.br
O1 - Hosts: 198.65.56.55 www.itaupersonnalite.com.br
O1 - Hosts: 198.65.56.55 itau.com.br
O1 - Hosts: 198.65.56.55 itaupersonnalite.com.br
O1 - Hosts: 207.56.138.131 www.bb.com.br
O1 - Hosts: 207.56.138.131 www.bancodobrasil.com.br
O1 - Hosts: 198.173.100.23 www.bradesco.com.br
O1 - Hosts: 198.173.100.23 www.bradescoempresas.com.br
O1 - Hosts: 200.211.27.145 www.nossacaixa.com.br
O1 - Hosts: 200.211.27.145 wwws.nossacaixa.com.br
O1 - Hosts: 128.241.196.26 www.real.com.br
O1 - Hosts: 128.241.196.26 www.bancoreal.com.br
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [renascimento] C:\WINDOWS\help\svhost.exe
O4 - HKLM\..\Run: [Msn Messenger Live 80] C:\WINDOWS\Prefetch\msn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Micro Office] C:\WINDOWS\system32\Taskmgrr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Micro Office] C:\WINDOWS\system32\Taskmgrr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191555722781
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopc...oad/SOPCORE.CAB
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D67A61-842E-4B71-A3AF-B44C64991CAC}: NameServer = 201.10.128.3,201.10.120.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

#19 beto

beto

    Doutor

  • Ex-Admins
  • 840 posts
  • Sexo:Masculino

Posted 24/11/2007, 19:08

bom cara.. olhando assim nao tem nada de anormal no seu log...

mas copie e cole ele nesse site que ele dará os erros para vc: http://hjt.networktechs.com/

passa o AVG Anti-Spyware tambem que é bom.. muitas vezes ele pega spywares que o Spybot não pega...

(y)

_________________________________________________________________________

para deixar claro aos usuários do Webfórum:

esse tópico, apartir de hoje, é apenas para tirar dúvidas quanto ao vírus...
se caso queira mandar o Log do HiJackthis, abra um novo tópico com a descrição do Log e do vírus..



tudo isso para apenas deixar mais organizado o tópico...

(y)

Edição feita por: betocps, 09/01/2008, 19:52.
includ alert

twitter: @robertorcezar

#20 Tulio de Mello

Tulio de Mello

    Novato no fórum

  • Usuários
  • 7 posts
  • Sexo:Não informado

Posted 26/08/2008, 14:13

Baixem o Anti-Virus Avira AntiVir que é free que seus problemas acabam... Todos esses logs que vocês colaram ai foi de Keyloggers bankers e semelhantes... O AntiVir já bloqueia antes do download ser concluido. Ele detecta na hora os códigos maliciosos dos Loaders... e hoje é dificil encontrar loader`s que não venham da mesma base de criação no caso o Delphi. E tirar um loader de outros Anti-Virus comuns como AVG - Norton - Panda - Avast! - NOD é tão simples que vocês não imaginam e pra eles atualizarem demora semanas.


Espero ter ajudado =)

#21 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 10/12/2008, 07:35

Só rodar o Combofix

Baixe o ComboFix em: ComboFix

1) Desabilite o seu anti-vírus temporariamente;
2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
5) Reabilite o seu anti-vírus;
6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.


#22 ducks

ducks

    Novato no fórum

  • Usuários
  • 1 posts
  • Sexo:Não informado

Posted 08/01/2009, 22:21

@Choco

Seu problema está aqui:
C:\WINDOWS\system32\orgut.exe (Trojan.ORGUT.Process)

Vá em Iniciar > Executar e escreva estes comando (um de cada vez):

cmd /c del /q /f /A C:\WINDOWS\system32\orgut.exe aperte enter
cmd /c del /q /f /A /S C:\WINDOWS\temp\*.* aperte enter
cmd /c del /q /f /A /S C:\WINDOWS\prefetch\*.* aperte enter

Se dessa forma não eliminar tente fazer isso em modo de segurança!
Mais informações clique aqui.

Abraços



Isso é a coisa mais perfeita!
Funcionou aki de boa!

Parabens!

#23 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 12/02/2009, 08:37

Problema Resolvido!

Caso o autor necessite que seu tópico seja reaberto, entrar em contato com a equipe de moderação.


Voltar para Casos Solucionados


1 user(s) are reading this topic

0 membro(s), 1 visitante(s) e 0 membros anônimo(s)

  1. Fórum WMO
  2. Troubleshooting - resolvendo problemas
  3. Segurança
  4. Remoção de Pragas Virtuais
  5. Casos Solucionados
  6. Privacy Policy
  7. Regras ·
IPB Skin By Virteq