Amigo wolf segue o relatório do SDFIX, o ComboFIX continua não indo até o final, o computador reinicia! Deletei esta bosta de ESET NOD32 e vou rodar o Avira AntiVir FREE, cara se puderes dar uma luz... As atualizações continuam desativadas.
Seria interessante eu trocar as senhas dos forums, emails, bancos ou não há problema? Meu computador é ligado ao modem através de um roteador wireless... Talvez tenha ajudado ao barrar as informações pros malditos certo?
Grande abraço!
SDFix: Version 1.240
Run by Administrateur on 2008-11-13 at 20:31
Microsoft Windows XP [version 5.1.2600]
Running From: D:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
D:\WINDOWS\system32\geBULDss.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-13 20:52:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"D:\PROGRA~1\GbPlugin\GbpSv.exe"
"DisplayName"="Gbp Service"
"Group"="GbPlugin Group"
"ObjectName"="LocalSystem"
"Description"="Service for G-Buster Browser Defense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv\Security]
"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,d3,6c,99,26,97,bd,65,fb,ae,2a,27,dd,00,34,a7,86,a4,7f,21,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,d9,c1,e7,73,58,cb,8e,7e,f1,b9,38,5a,b2,1d,d0,0c,..
"khjeh"=hex:d3,16,a4,d3,5c,48,b4,f8,7d,57,d2,aa,76,73,ee,fc,55,e8,44,69,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,fa,4b,18,93,db,80,44,b7,30,95,dc,04,f7,58,60,e5,d9,27,7d,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"D:\PROGRA~1\GbPlugin\GbpSv.exe"
"DisplayName"="Gbp Service"
"Group"="GbPlugin Group"
"ObjectName"="LocalSystem"
"Description"="Service for G-Buster Browser Defense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GbpSv\Security]
"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,d3,6c,99,26,97,bd,65,fb,ae,2a,27,dd,00,34,a7,86,a4,7f,21,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,d9,c1,e7,73,58,cb,8e,7e,f1,b9,38,5a,b2,1d,d0,0c,..
"khjeh"=hex:d3,16,a4,d3,5c,48,b4,f8,7d,57,d2,aa,76,73,ee,fc,55,e8,44,69,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,fa,4b,18,93,db,80,44,b7,30,95,dc,04,f7,58,60,e5,d9,27,7d,28,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"="eavhjg.dll"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
![Mad :mad: :mad:](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
![Mad :mad: :mad:](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Steam\\steamapps\\gaminy\\counter-strike\\hl.exe"="D:\\Program Files\\Steam\\steamapps\\gaminy\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="D:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\\Nexon\\Combat Arms\\CombatArms.exe"="D:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\\Nexon\\Combat Arms\\Engine.exe"="D:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"D:\\Nexon\\Combat Arms\\NMService.exe"="D:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
![Mad :mad: :mad:](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
![Mad :mad: :mad:](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Nexon\\Combat Arms\\CombatArms.exe"="D:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\\Nexon\\Combat Arms\\Engine.exe"="D:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
Remaining Files :
File Backups: - D:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 9 Nov 2006 20,480 A..H. --- "D:\Nexon\Combat Arms\HShield\4e59468.dll"
Thu 9 Nov 2006 20,480 A..H. --- "D:\Nexon\Combat Arms\HShield\a230c0.dll"
Finished!