alguém me ajuda?

[Chiclets]

Logfile of HijackThis v1.99.1

Scan saved at 01:35:52, on 10/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system32\IE6.EXE

C:\WINDOWS\system\msngrd.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\IE7.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\rsvp.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jonathan\CONFIG~1\Temp\Rar$EX00.422\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IE6.EXE

O4 - HKCU\..\Run: [firewals] C:\WINDOWS\system\msngrd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [internet Explorerr] C:\WINDOWS\system32\IE7.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181316313

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181289548

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

[miliane]

Olá Chiclets,

Por favor crie uma pasta na sua área de trabalho e salve o HijackThis nela, em seguida execute-o, gere novo log e poste em sua resposta.

[Chiclets]

Logfile of HijackThis v1.99.1

Scan saved at 12:28:52, on 10/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system32\IE6.EXE

C:\WINDOWS\system\msngrd.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\IE7.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\Grisoft\AVG7\avgw.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\Grisoft\AVG7\avginet.exe

C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IE6.EXE

O4 - HKCU\..\Run: [firewals] C:\WINDOWS\system\msngrd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [internet Explorerr] C:\WINDOWS\system32\IE7.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181316313

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181289548

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

[miliane]

Olá Chiclets,

Baixe o ComboFix e salve na área de trabalho.

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

Anexe o ComboFix.txt à sua resposta junto com um novo log do HijackThis.

[Chiclets]

[miliane]

Olá Chiclets,

Acesse o site VirusTotal, mande para análise os arquivos abaixo e poste os resultados em sua resposta.

C:\WINDOWS\system32\libmysql41.dll

C:\WINDOWS\system32\IE7.exe

C:\WINDOWS\system\msngrd.exe

C:\WINDOWS\system32\IE6.EXE

C:\WINDOWS\dsez5950.dat

C:\WINDOWS\java\Packages\Z1NL3DR1.ZIP

C:\WINDOWS\java\Packages\DFP3R3L3.ZIP

[Chiclets]

Arquivo libmysql41.dll recebido em 2008.03.11 02:22:00 (CET)

Antivírus - Versão - Última Atualização - Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 -

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 -

BitDefender 7.2 2008.03.11 -

CAT-QuickHeal 9.50 2008.03.10 -

ClamAV 0.92.1 2008.03.11 -

DrWeb 4.44.0.09170 2008.03.11 -

eSafe 7.0.15.0 2008.03.09 -

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 -

F-Secure 6.70.13260.0 2008.03.11 -

Ikarus T3.1.1.20 2008.03.11 -

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2935 2008.03.10 -

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 -

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 -

Sophos 4.27.0 2008.03.11 -

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 -

Informações adicionais

File size: 1056768 bytes

MD5: 65d0fddbe3294661acc40c3f8bd0849e

SHA1: 85196cc51c428f29d49e5de835268a774e1ffe88

PEiD: Armadillo v1.xx - v2.xx

Arquivo IE7.exe recebido em 2008.03.11 02:43:22 (CET)

Antivírus - Versão - Última Atualização - Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 -

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 -

BitDefender 7.2 2008.03.11 -

CAT-QuickHeal 9.50 2008.03.10 -

ClamAV 0.92.1 2008.03.11 Trojan.Packed-116

DrWeb 4.44.0.09170 2008.03.11 -

eSafe 7.0.15.0 2008.03.09 -

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 W32/Trojan-juke-based!Maximus

F-Secure 6.70.13260.0 2008.03.11 -

Ikarus T3.1.1.20 2008.03.11 Trojan-Downloader.Win32.Banload.kl

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2936 2008.03.11 -

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 -

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 -

Sophos 4.27.0 2008.03.11 -

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 -

Informações adicionais

File size: 919552 bytes

MD5: 7d84c03b849ed671bee9027c488cc43a

SHA1: 97f2f92f1cbc92ffacac8861873d27eb5447bfe6

PEiD: PECompact 2.xx --> BitSum Technologies

packers: PecBundle, PECompact

packers: PE_Patch.PECompact, PecBundle, PECompact

Arquivo msngrd.exe_ recebido em 2008.03.11 02:58:15 (CET)

Antivírus - Versão - Última Atualização - Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 Possibly a new variant of W32/NewMalware-LSU-based!Maximus

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 -

BitDefender 7.2 2008.03.11 DeepScan:Generic.Malware.MP!.0B731849

CAT-QuickHeal 9.50 2008.03.10 (Suspicious) - DNAScan

ClamAV 0.92.1 2008.03.11 -

DrWeb 4.44.0.09170 2008.03.11 -

eSafe 7.0.15.0 2008.03.09 Suspicious File

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 W32/NewMalware-LSU-based!Maximus

F-Secure 6.70.13260.0 2008.03.11 -

Ikarus T3.1.1.20 2008.03.11 Trojan-Spy.Win32.Banker.ark

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2936 2008.03.11 -

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 Suspicious file

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 Backdoor.Win32.Gpigeon.dfr

Sophos 4.27.0 2008.03.11 -

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 Worm.Win32.Malware.gen#PECompact!84 (suspicious)

Informações adicionais

File size: 211456 bytes

MD5: ce26b6d24c133cb93e7fa234030cb31d

SHA1: f6f42c6f4223b8a846badaa473f473ca8081e889

PEiD: PECompact 2.xx --> BitSum Technologies

packers: PecBundle, PECompact

packers: PE_Patch.PECompact, PecBundle, PECompact

Arquivo IE6.EXE_ recebido em 2008.03.11 03:09:12 (CET)

Antivírus - Versão - Última Atualização - Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 -

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 Generic9.BJGZ

BitDefender 7.2 2008.03.11 -

CAT-QuickHeal 9.50 2008.03.10 -

ClamAV 0.92.1 2008.03.11 Trojan.Packed-116

DrWeb 4.44.0.09170 2008.03.11 Trojan.PWS.Banker.origin

eSafe 7.0.15.0 2008.03.09 -

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 -

F-Secure 6.70.13260.0 2008.03.11 Suspicious:W32/Malware!Gemini

Ikarus T3.1.1.20 2008.03.11 Trojan-Downloader.Win32.Banload.kl

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2936 2008.03.11 probably unknown NewHeur_PE virus

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 Suspicious file

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 -

Sophos 4.27.0 2008.03.11 Sus/Behav-1000

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 Win32.Malware.gen#PECompact!84 (suspicious)

Informações adicionais

File size: 746496 bytes

MD5: 1f3bd052d851cbad957e5342b66d445a

SHA1: 9c2cecb9be55a1872e3830b3dc004fb5db6b043e

PEiD: PECompact 2.xx --> BitSum Technologies

packers: PecBundle, PECompact

packers: PE_Patch.PECompact, PecBundle, PECompact

Arquivo dsez5950.dat_ recebido em 2008.03.11 03:22:14 (CET)

Antivírus - Versão - Última Atualização - Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 -

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 -

BitDefender 7.2 2008.03.11 -

CAT-QuickHeal 9.50 2008.03.10 -

ClamAV 0.92.1 2008.03.11 -

DrWeb 4.44.0.09170 2008.03.11 -

eSafe 7.0.15.0 2008.03.09 -

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 -

F-Secure 6.70.13260.0 2008.03.11 -

Ikarus T3.1.1.20 2008.03.11 -

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2936 2008.03.11 -

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 -

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 -

Sophos 4.27.0 2008.03.11 -

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 -

Informações adicionais

File size: 45 bytes

MD5: 7aeac6f7d9dab8235f050f42735ad6f7

SHA1: fae8055401026dc5b9fdfb4a36cbe0a72abf893b

PEiD: -

Arquivo Z1NL3DR1.ZIP recebido em 2008.03.11 03:29:59 (CET)

Antivírus - Versão - Última - Atualização Resultado

AhnLab-V3 2008.3.4.0 2008.03.10 -

AntiVir 7.6.0.73 2008.03.10 -

Authentium 4.93.8 2008.03.11 -

Avast 4.7.1098.0 2008.03.10 -

AVG 7.5.0.516 2008.03.10 -

BitDefender 7.2 2008.03.11 -

CAT-QuickHeal 9.50 2008.03.10 -

ClamAV 0.92.1 2008.03.11 -

DrWeb 4.44.0.09170 2008.03.11 -

eSafe 7.0.15.0 2008.03.09 -

eTrust-Vet 31.3.5597 2008.03.07 -

Ewido 4.0 2008.03.10 -

FileAdvisor 1 2008.03.11 -

Fortinet 3.14.0.0 2008.03.11 -

F-Prot 4.4.2.54 2008.03.10 -

F-Secure 6.70.13260.0 2008.03.11 -

Ikarus T3.1.1.20 2008.03.11 -

Kaspersky 7.0.0.125 2008.03.11 -

McAfee 5248 2008.03.10 -

Microsoft 1.3301 2008.03.10 -

NOD32v2 2936 2008.03.11 -

Norman 5.80.02 2008.03.10 -

Panda 9.0.0.4 2008.03.10 -

Prevx1 V2 2008.03.11 -

Rising 20.35.02.00 2008.03.10 -

Sophos 4.27.0 2008.03.11 -

Sunbelt 3.0.930.0 2008.03.05 -

Symantec 10 2008.03.11 -

TheHacker 6.2.92.240 2008.03.10 -

VBA32 3.12.6.2 2008.03.05 -

VirusBuster 4.3.26:9 2008.03.10 -

Webwasher-Gateway 6.6.2 2008.03.11 -

Informações adicionais

File size: 558142 bytes

MD5: cd82587e344eb1c9fc46ba77b33d4b76

SHA1: aa76970160ecc6b7a7d40cde5875d39c2e4a19f3

PEiD: -

[miliane]

Olá Chiclets,

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Vá em Iniciar > Executar e digite (ou copie e cole): ComboFix /u

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.

Apague as pastas C:\ComboFix e X:\Qoobox, caso existam. Apague também os logs anteriores que estão em C:\, caso ainda existam.

Baixe o ComboFix novamente.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Selecione e copie o texto dentro do CODE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

OBS: Certifique-se de copiar começando pela letra "F" de File.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

File::
C:\WINDOWS\system32\IE7.exe
C:\WINDOWS\system\msngrd.exe
C:\WINDOWS\system32\IE6.EXE

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

* Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Faça um novo log do HijackThis e cole na sua resposta, juntamente com o novo log do ComboFix.

[Chiclets]

[miliane]

Olá Chiclets,

Reinicie o computador em Modo Seguro(pressione a tecla F8 continuamente, ou F5 em alguns casos, durante a inicialização);

Abra o HijackThis, clique em Do a system scan only e marque as entradas:

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IE6.EXE

O4 - HKCU\..\Run: [firewals] C:\WINDOWS\system\msngrd.exe

O4 - HKCU\..\Run: [internet Explorerr] C:\WINDOWS\system32\IE7.exe

- Feche todas as janelas, clique em e em Sim;

- Reinicie seu computador em Modo Normal, gere novo log e poste na sua resposta.