Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
BankerFix 2.5b - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
Data: 26/3/2008 - 19:28
-------------------------------------------------------
Lista de Definição: 2008-02-22-1
=======================================================
Arquivo infectado detectado: C:\WINDOWS.0\avg.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS.0\smss.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Arquivos de programas\WindowsUpdate.scr
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS.0\Tasks\startt.job
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\smss.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\calculadora.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc086r.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc086t.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc106r.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc106t.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc107r.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc107t.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc127r.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc127t.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc128r.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emc128t.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emcbrain.gif
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emcspam.gif
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\emcssetup.gif
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\tpk001.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\tpk002.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\xmt1rep.dll
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\System\xmt2rep.dll
Arquivo infectado removido com sucesso!
Killando arquivos em Help
-----------------------------------
Killing '*'
Removendo Arquivos em Help
-----------------------------------
----- Fim -------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:45:14, on 26/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205284524582
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A83FEE-34BB-4E43-8948-9228FB58B2BE}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFA911D-8243-467F-9958-781ECEF3E61D}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O20 - Winlogon Notify: gb - C:\WINDOWS.0\SYSTEM32\gbh.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
ComboFix 08-03-30.4 - Administrador 2008-03-31 21:28:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.94 [GMT -3:00]Executando de: C:\Documents and Settings\Administrador.INTER-5\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((( Ficheiros criados de 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))
.
2008-03-24 17:35 . 2008-03-24 17:35 <DIR> d-------- C:\Arquivos de programas\Watchtower
2008-03-24 17:35 . 2002-10-25 10:53 1,044,480 -ra------ C:\WINDOWS.0\system32\Roboex32.dll
2008-03-24 17:35 . 2002-10-25 10:53 40,960 -ra------ C:\WINDOWS.0\system32\wh2robo.dll
2008-03-11 22:37 . 2008-03-18 15:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\Messenger Plus!
2008-03-11 22:06 . 2008-03-11 22:10 <DIR> d-------- C:\WINDOWS.0\SxsCaPendDel2008-03-11 22:01 . 2008-03-11 22:12 904 --a------ C:\WINDOWS.0\Active Setup Log.BAK
2008-03-10 14:51 . 2008-03-10 14:52 <DIR> d-------- C:\telefone
2008-03-10 12:04 . 2008-03-10 12:04 <DIR> d-------- C:\Arquivos de programas\Ares2008-03-09 08:48 . 2008-03-09 08:48 4,128 --a------ C:\WINDOWS.0\system32\DllCache\INFCACHE.1
2008-03-08 21:31 . 2008-03-11 21:49 <DIR> d-------- C:\WINDOWS.0\system32\DllCache
2008-03-08 21:31 . 2008-01-11 11:35 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2008-03-08 21:27 . 2001-10-28 14:07 68,608 --a------ C:\WINDOWS.0\system32\plugin.ocx
2008-03-08 21:19 . 2008-03-08 21:38 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData
2008-03-08 20:39 . 2008-03-11 22:03 <DIR> d-------- C:\Documents and Settings\Administrador.INTER-5\Tracing2008-03-08 19:00 . 2008-03-08 19:00 244 --ah----- C:\sqmnoopt18.sqm
2008-03-08 19:00 . 2008-03-08 19:00 232 --ah----- C:\sqmdata19.sqm
2008-03-08 19:00 . 2008-03-08 19:00 136 --ah----- C:\sqmnoopt19.sqm
2008-03-04 19:00 . 2008-03-04 19:00 24,842 --a------ C:\ACT Provedor de Internet.htm
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:40 --------- d-----w C:\Arquivos de programas\GbPlugin
2008-03-12 01:36 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live
2008-03-12 01:05 --------- d-----w C:\Arquivos de programas\Windows Live
2008-03-09 14:50 --------- d-----w C:\Arquivos de programas\RALINK
2008-03-09 14:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-03-09 00:14 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-03-08 23:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\WLInstaller
2008-02-27 13:32 --------- d-----w C:\Arquivos de programas\MSN Messenger
2008-02-23 20:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe
2008-02-19 11:30 --------- d-----w C:\Arquivos de programas\PicPerk
2008-02-14 22:41 --------- d-----w C:\Arquivos de programas\Serviços on-line
2008-02-10 19:09 73,728 ----a-w C:\WINDOWS.0\system32\OdbcJdbcSetup.dll
2008-02-10 19:09 212,992 ----a-w C:\WINDOWS.0\system32\IscDbc.dll
2008-02-10 19:09 188,416 ----a-w C:\WINDOWS.0\system32\OdbcJdbc.dll
2008-02-10 19:09 --------- d-----w C:\Arquivos de programas\Firebird ODBC
2008-02-09 10:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\GbPlugin
2008-01-11 14:35 26,112 ----a-w C:\WINDOWS.0\system32\idndl.dll
2008-01-11 14:35 24,576 ----a-w C:\WINDOWS.0\system32\nlsdl.dll
2008-01-11 14:35 23,552 ----a-w C:\WINDOWS.0\system32\normaliz.dll
.
------- Sigcheck -------
2005-09-19 16:44 577536 3ed0a4d74efd5aaf8408095f452e2613 C:\WINDOWS.0\system32\user32.dll
2005-09-19 16:45 661504 cb38f344faa2cc14a3c6d4e64073f07b C:\WINDOWS.0\system32\wininet.dll
2005-09-19 16:46 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS.0\system32\drivers\tcpip.sys
2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntkrnlpa.exe
2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntkrnlpa.exe
2005-09-19 16:54 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS.0\system32\ntkrnlpa.exe
2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntoskrnl.exe
2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntoskrnl.exe
2005-09-19 16:44 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS.0\system32\ntoskrnl.exe
2005-09-19 16:43 1034240 07af0154923df6dec6de9ca0d4b04f8f C:\WINDOWS.0\explorer.exe
2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS.0\SoftwareDistribution\Download\ded860808e92d18393ff7e54f31e0110\sp2gdr\explorer.exe
2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS.0\SoftwareDistribution\Download\ded860808e92d18393ff7e54f31e0110\sp2qfe\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota entradas vazias & legítimas por defeito não são mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 00:45 15360]
"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-02-20 11:33 963072]
"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]
"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-16 07:40 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-04 00:45 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
C:\Arquivos de programas\GbPlugin\gbiehcef.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gb]
gbh.dll 2007-11-02 21:29 86016 C:\WINDOWS.0\system32\gbh.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS.0\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Iniciar^Programas^Inicializar^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Iniciar\Programas\Inicializar\Ralink Wireless Utility.lnk
backup=C:\WINDOWS.0\pss\Ralink Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 11:33 963072 C:\Arquivos de programas\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 07:06 79224 C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GbpSV]
C:\WINDOWS\Fonts\GbpSV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaScriptMsxrs]
--a------ 2007-12-10 16:03 25088 C:\WINDOWS\Msxrs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS.0\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kill]
c:\windows\avg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2003-04-14 19:30 1491216 C:\Arquivos de programas\Messenger\MSMSGS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newbi]
C:\WINDOWS\Fonts\newbi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newRE]
C:\WINDOWS\Fonts\newre.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss]
C:\WINDOWS.0\smss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverDll]
c:\windows\system\dllhost-103.dll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tr4nkPOD]
C:\WINDOWS\msnmsnr.scr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
C:\Arquivos de programas\WindowsUpdate.scr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winexec32]
--a------ 2008-01-30 19:19 3569678 C:\windows\winexec32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSend]
C:\WINDOWS\Fonts\WinSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ ]
C:\WINDOWS.0\system32\sys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"C:\\Arquivos de programas\\Ares\\Ares.exe"=
"C:\\WINDOWS.0\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS.0\system32\DRIVERS\ipfnd51.sys [2005-04-06 10:30]
R3 trid3d;trid3d;C:\WINDOWS.0\system32\DRIVERS\trid3dm.sys [2005-09-19 13:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 21:34:07
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS.0\system32\winlogon.exe
-> C:\WINDOWS.0\system32\gbh.dll
.
Tempo para conclusão: 2008-03-31 21:41:00
ComboFix-quarantined-files.txt 2008-04-01 00:40:52
Pre-Run: 13,396,992,000 bytes disponíveis
Post-Run: 13,389,627,392 bytes disponíveis
Logfile of HijackThis v1.99.1
Scan saved at 21:57:46, on 31/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS.0\System32\svchost.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205284524582
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A83FEE-34BB-4E43-8948-9228FB58B2BE}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFA911D-8243-467F-9958-781ECEF3E61D}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O20 - Winlogon Notify: gb - C:\WINDOWS.0\SYSTEM32\gbh.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Boa Noite! Decinho Game
>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.
>@< Abrirá a página: < BitDefender OnLine Scanner >
>@< Clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://download.bitdefender.com/resources/scan8/images/agree2.gif&key=8a0323e2c684d5ae59014251de80036e265826c904a9013169d010738e2b288c" alt="agree2.gif" /> >
>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.
<!> Leia o Tutorial: < Link >
________________________
>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.
>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt
Abraços!
Caro Digram, muito obrigado por vossa ajuda...
Mais precisei formatar o pc, por outros problemas...
pode fechar o topico...
PROBLEMA RESOLVIDO!
Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.
Boa Dia! Decinho Game
>@< Faça o download do ComboFix.
>@< Baixe-o para o Desktop!
>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.
>@< Feche todas as janelas e execute a ferramenta!
Ps: Nomeie durante o salvamento,e não após salvá-la!
>@< Abrirá a janela Auto Scan. Aguarde!
>@< Digite a opção para continuar e < Enter >
>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!
___________________________
>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.
Abraços!