SOCORRO - Estou cercado por bicharada

J

jotabe

Power Member
Amigos, estou aqui a pedir a vossa ajuda porque tenho o PC
cheios de alertas e paragens

Fiz um scan com o anti-spyware que uso o Spyware Terminator que deu este log:
Logfile of Spyware Terminator v2.0.1.224 (db:1.0.025.788)
Scan Time: 20-11-2007 11:45:33 length: 385 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Limited
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 28933 (Critical:8)
Filter: No System items, No Safe items
Running Processes
erbixmhe.exe : C:\WINDOWS\system32\erbixmhe.exe
svchost.exe : C:\Program Files\Internet Explorer\svchost.exe
emule.exe [http://www.emule-project.net] : C:\Programas\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\emule.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: - {565CA5D7-1598-4754-B796-6C8F3D82D06A} - : C:\WINDOWS\system32\gebyy.dll
02 - BHO: - {58CEB5C5-B5FF-4A9C-BD52-18ABFB629083} - File not found
02 - BHO: - {A95B2816-1D7E-4561-A202-68C0DE02353A} - : C:\WINDOWS\system32\uqybvxin.dll
02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
02 - BHO: - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
Toolbars
03 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - : C:\WINDOWS\system32\uqybvxin.dll
StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : : C:\WINDOWS\system32\__c004FAE.dat
Shell Extensions
Apresentar extensão de panorâmica CPL - {42071714-76d4-11d1-8b24-00a0c9068ff3} - File not found
- {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
- {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
Barra de tarefas e menu 'Iniciar' - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
Contas de utilizadores - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} - [Simply Super Software] : C:\Programas\Trojan Remover\Trshlex.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programas\WinRAR\rarext.dll
NeroDigitalIconHandler Class - {B327765E-D724-4347-8B16-78AE18552FC3} - [Nero AG] : C:\Programas\Ficheiros comuns\Nero\Lib\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {7F1CF152-04F8-453A-B34C-E609530A9DC8} - [Nero AG] : C:\Programas\Ficheiros comuns\Nero\Lib\NeroDigitalExt.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programas\Real\RealPlayer\rpshell.dll
Services
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - : C:\WINDOWS\system32\erbixmhe.exe
23 - : C:\Program Files\Internet Explorer\svchost.exe
23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys
23 - [SiS Corporation] : C:\WINDOWS\system32\DRIVERS\sisnic.sys
23 - [STMicroelectronics] : C:\WINDOWS\system32\DRIVERS\stmatm.sys
23 - [STMicroelectronics] : C:\WINDOWS\system32\DRIVERS\torususb.sys
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uqybvxin, DLLName : : C:\WINDOWS\system32\uqybvxin.dll




Threat Files
<AdWare.SecToolBar.f> : C:\WINDOWS\system32\uqybvxin.dll
Advanced Files Report
%PROGRAMFILES%\WinAVI Video Converter\SimpleExt.dll [] MD5=88B49DA67C582976943F22B6581DEC28 SIZE=6656
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing LP] [WinZip] MD5=E819E2D346B943F9562436E1ABB50EAE SIZE=5120
%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=8A22F6B4976053924FE93DEA8218D68A SIZE=128512
%PROGRAMFILES%\Trojan Remover\Trshlex.dll [Simply Super Software] [Trojan Remover] MD5=B76FDC3CDB2580405FE8100D248B4821 SIZE=467552
%COMMONFILES%\Nero\Lib\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=781BBA40EC7C39F44FD3DC32B074F18D SIZE=1803560
%SYSDIR%\hpzlnt04.dll [HP] [HP DeskJet] MD5=6B94178802A0F6AB5418DF08C7554020 SIZE=114744
%SYSDIR%\erbixmhe.exe [] [DDC] MD5=91F46C522510D2F29D96D83C92D02547 SIZE=71232
%SystemDiskRoot%\Program Files\Internet Explorer\svchost.exe [] MD5=AFEA9A601C660B1A59F696B8C1C0AA80 SIZE=529408
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\emule.exe [http://www.emule-project.net] [eMule] MD5=EF27CE1084656E319F8F2189D3B3013F SIZE=5971968
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\lang\pt_PT.dll [http://www.emule-project.net] [eMule] MD5=8505E7C57EAA3A0FD9F224DD8CB2BD02 SIZE=110592
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\antiLeech.dll [http://xtreme-mod.net] [antiLeech Dynamic Link Library (DLL)] MD5=15B7240B8F26574C2A44B4C1C96E9A9A SIZE=81920
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=BB718CCD2F383FF8E3EC0E107E94268E SIZE=62776
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=C9ACB382326B55748B2FC38B8A6A0759 SIZE=754560
%SYSDIR%\Drivers\pcouffin.sys [VSO Software] [Patin couffin engine] MD5=5B6C11DE7E839C05248CED8825470FEF SIZE=47360
%SYSDIR%\DRIVERS\sisnic.sys [SiS Corporation] [NDIS 5.1 NIC Driver] MD5=3FBB6EF8B5A71A2FA11F5F461BB73219 SIZE=32768
%SYSDIR%\DRIVERS\stmatm.sys [STMicroelectronics] [Unicorn ADSL] MD5=2FC0C3D5615395585ABDB16660EFBC3A SIZE=60255
%SYSDIR%\DRIVERS\torususb.sys [STMicroelectronics] [Unicorn ADSL] MD5=940E5502374448F6C14B05EE7F16019D SIZE=542893
%SYSDIR%\systray.exe []
End of Report



Por favor ajudem-me que não queria formatar

Um abraço para todos vocês
 
Última edição pelo moderador:
jotabe disse:
Amigos, estou aqui a pedir a vossa ajuda porque tenho o PC
cheios de alertas e paragens

Fiz um scan com o anti-spyware que uso o Spyware Terminator que deu este log:
Logfile of Spyware Terminator v2.0.1.224 (db:1.0.025.788)
Scan Time: 20-11-2007 11:45:33 length: 385 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Limited
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 28933 (Critical:8)
Filter: No System items, No Safe items
Running Processes
erbixmhe.exe : C:\WINDOWS\system32\erbixmhe.exe
svchost.exe : C:\Program Files\Internet Explorer\svchost.exe
emule.exe [http://www.emule-project.net] : C:\Programas\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\emule.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: - {565CA5D7-1598-4754-B796-6C8F3D82D06A} - : C:\WINDOWS\system32\gebyy.dll
02 - BHO: - {58CEB5C5-B5FF-4A9C-BD52-18ABFB629083} - File not found
02 - BHO: - {A95B2816-1D7E-4561-A202-68C0DE02353A} - : C:\WINDOWS\system32\uqybvxin.dll
02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
02 - BHO: - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
Toolbars
03 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - : C:\WINDOWS\system32\uqybvxin.dll
StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : : C:\WINDOWS\system32\__c004FAE.dat
Shell Extensions
Apresentar extensão de panorâmica CPL - {42071714-76d4-11d1-8b24-00a0c9068ff3} - File not found
- {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
- {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
Barra de tarefas e menu 'Iniciar' - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
Contas de utilizadores - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} - [Simply Super Software] : C:\Programas\Trojan Remover\Trshlex.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programas\WinZip\WZSHLSTB.DLL
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programas\WinRAR\rarext.dll
NeroDigitalIconHandler Class - {B327765E-D724-4347-8B16-78AE18552FC3} - [Nero AG] : C:\Programas\Ficheiros comuns\Nero\Lib\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {7F1CF152-04F8-453A-B34C-E609530A9DC8} - [Nero AG] : C:\Programas\Ficheiros comuns\Nero\Lib\NeroDigitalExt.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programas\Real\RealPlayer\rpshell.dll
Services
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - : C:\WINDOWS\system32\erbixmhe.exe
23 - : C:\Program Files\Internet Explorer\svchost.exe
23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys
23 - [SiS Corporation] : C:\WINDOWS\system32\DRIVERS\sisnic.sys
23 - [STMicroelectronics] : C:\WINDOWS\system32\DRIVERS\stmatm.sys
23 - [STMicroelectronics] : C:\WINDOWS\system32\DRIVERS\torususb.sys
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uqybvxin, DLLName : : C:\WINDOWS\system32\uqybvxin.dll




Threat Files
<AdWare.SecToolBar.f> : C:\WINDOWS\system32\uqybvxin.dll
Advanced Files Report
%PROGRAMFILES%\WinAVI Video Converter\SimpleExt.dll [] MD5=88B49DA67C582976943F22B6581DEC28 SIZE=6656
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing LP] [WinZip] MD5=E819E2D346B943F9562436E1ABB50EAE SIZE=5120
%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=8A22F6B4976053924FE93DEA8218D68A SIZE=128512
%PROGRAMFILES%\Trojan Remover\Trshlex.dll [Simply Super Software] [Trojan Remover] MD5=B76FDC3CDB2580405FE8100D248B4821 SIZE=467552
%COMMONFILES%\Nero\Lib\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=781BBA40EC7C39F44FD3DC32B074F18D SIZE=1803560
%SYSDIR%\hpzlnt04.dll [HP] [HP DeskJet] MD5=6B94178802A0F6AB5418DF08C7554020 SIZE=114744
%SYSDIR%\erbixmhe.exe [] [DDC] MD5=91F46C522510D2F29D96D83C92D02547 SIZE=71232
%SystemDiskRoot%\Program Files\Internet Explorer\svchost.exe [] MD5=AFEA9A601C660B1A59F696B8C1C0AA80 SIZE=529408
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\emule.exe [http://www.emule-project.net] [eMule] MD5=EF27CE1084656E319F8F2189D3B3013F SIZE=5971968
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\lang\pt_PT.dll [http://www.emule-project.net] [eMule] MD5=8505E7C57EAA3A0FD9F224DD8CB2BD02 SIZE=110592
%PROGRAMFILES%\eMule.Xtreme.6.1.by.eXec0101\eMule.Xtreme.6.1.by.eXec0101\eMule Xtreme 6.1\antiLeech.dll [http://xtreme-mod.net] [antiLeech Dynamic Link Library (DLL)] MD5=15B7240B8F26574C2A44B4C1C96E9A9A SIZE=81920
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=BB718CCD2F383FF8E3EC0E107E94268E SIZE=62776
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=C9ACB382326B55748B2FC38B8A6A0759 SIZE=754560
%SYSDIR%\Drivers\pcouffin.sys [VSO Software] [Patin couffin engine] MD5=5B6C11DE7E839C05248CED8825470FEF SIZE=47360
%SYSDIR%\DRIVERS\sisnic.sys [SiS Corporation] [NDIS 5.1 NIC Driver] MD5=3FBB6EF8B5A71A2FA11F5F461BB73219 SIZE=32768
%SYSDIR%\DRIVERS\stmatm.sys [STMicroelectronics] [Unicorn ADSL] MD5=2FC0C3D5615395585ABDB16660EFBC3A SIZE=60255
%SYSDIR%\DRIVERS\torususb.sys [STMicroelectronics] [Unicorn ADSL] MD5=940E5502374448F6C14B05EE7F16019D SIZE=542893
%SYSDIR%\systray.exe []
End of Report



Por favor ajudem-me que não queria formatar

Um abraço para todos vocês
Clicar para expandir...
...
 
Formata isso e instala Linux...
Ou entao, deixa ai a bicharada e mete-lhe Linux :D
e depois por Linux vais copiando as coisas... ate teres tudo... e qdo isso acontecer eliminas a selva com o format :D
 
bem! realmente tens ai algumas dlls a dar te cabo do juizo!

como por exemplo as

02 - BHO: - {565CA5D7-1598-4754-B796-6C8F3D82D06A} - : C:\WINDOWS\system32\gebyy.dll
02 - BHO: - {58CEB5C5-B5FF-4A9C-BD52-18ABFB629083} - File not found
02 - BHO: - {A95B2816-1D7E-4561-A202-68C0DE02353A} - : C:\WINDOWS\system32\uqybvxin.dll
02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
02 - BHO: - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
Toolbars
03 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - : C:\WINDOWS\system32\uqybvxin.dll
Clicar para expandir...

antes de mais desactiva o restauro do sistema, e faz uma passagem com o spybot.. para a primeira limpeza
 
eu faria um repair ao windows!!! que assim os dll eram recolocados e assim depois corria um antivirus e a partida o prob. taria resolvido.... boa sorte!!
 
Kral disse:
eu faria um repair ao windows!!! que assim os dll eram recolocados e assim depois corria um antivirus e a partida o prob. taria resolvido.... boa sorte!!
Clicar para expandir...

Nem por isso. A reparação do windows simplesmente iria substituir os ficheiros do Windows e não os ficheiros (dll's) infectados/suspeitos.

Correndo o Antivírus/Hijackthis/Spybot o resultado iria ser o mesmo de agora..por isso não adiantava de nada.

cump's
 
DekkeR disse:
Este também é suspeito :D
Clicar para expandir...
entre outros que lá estão :D não sei como é possivel alguem se descuidar a este ponto, desculpem me a sinceridade
legion disse:
Nem por isso. A reparação do windows simplesmente iria substituir os ficheiros do Windows e não os ficheiros (dll's) infectados/suspeitos.

Correndo o Antivírus/Hijackthis/Spybot o resultado iria ser o mesmo de agora..por isso não adiantava de nada.

cump's
Clicar para expandir...

sobrescrevo.. eu sinceramente formatava era o PC.. mas começa com o spybot, e vai limpando as coisas suspeitas com o hijackthis
 
Romani48 disse:
entre outros que lá estão :D não sei como é possivel alguem se descuidar a este ponto, desculpem me a sinceridade
Clicar para expandir...

Deve ser do género, instalar tudo e mais qualquer coisa. E claro o SO é quem sofre.

Desculpa jotabe...mas sinceramente o melhor é formatares..tal como o Romani disse e bem.

cump's
 
Skorzen disse:
jotabe, já alguma vez pensaste em mudar para Linux?

Acho que chegou a altura certa. :cool:
Clicar para expandir...
ja alguma vez pensaste em fazer um comentario pertinente para resolver o problema de spyware dele?
Acho que chegou a altura certa.

É como eu ter um toyota que tem um problema nos pneus e me dizerem para comprar um Fiat. FTLOG...
 
Inicie sessão ou registe-se para poder participar.
Back
Topo