Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá!!!
Sempre tomo o máximo cuidado possível, nunca clico em links suspeitos, mas dessa vez fui abrir um e-mail de um amigo, e tinha um anexo, mas meu e-mail sempre verifica os anexos antes de abrir. E pelo nome do anexo, "Currículo.doc" não achei que seria perigoso, e cliquei!
Nossa esse arquivo tinha a extensão .zip
E minutos depois, meu Explorer não funcionava mais, dando várias mensagens. E logo a seguir, meu anti-vírus detectou 2 Trojan horses PSW.Banker5.CJU e
Trojan Horse PSW.Banker5.CJW.
Tenho o AVG 8.0, fiz duas varreduras, mas não encontrou vírus. Não sei se ele foi eliminado. Como faço para remover esses vírus completamente do meu pc??
Li que rouba senhas de bancos e tudo que a gente digita, POR FAVOR ME AJUDEM!!!!
Obrigada!!! :cry:
Olá Mario, boa noite!
Segue abaixo o logo do hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:44, on 21/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Garmin\gStart.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\252K8MBG\HiJackThis[1].exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\Windows\System32\DirectX\Dinput\diagx3d.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6743 bytes
Leia
Regra Nº 02 - Utilizando O Hijackthis.
Post um log
Boa Noite! omnia_7
<!> Preventivamente,rode esta ferramenta: BankerFix
------------------------------
<@> Baixe: < BankerFix 3.0 >
<@> Salve-o no Disco Local-C!
<@> Desabilite,temporariamente,o seu anti-vírus.
<@> Dê um duplo-clique sobre o bankerfix.exe.
<@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.
<@> A janela do BankerFix 3.0,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.0?" <-- Traduzido!
<@> Clique em Sim!
<@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á.
<@> Clique OK. <-- Aguarde!
<@> Na próxima janela,clique em OK.
<@> O BankerFix 3.0 será iniciado!
<@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!
<@> Terminado o scan,leia a mensagem na tela e aperte Enter.
<@> Habilite o seu anti-vírus.
<@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <--
<@> Poste,também,HijackThis atualizado.
Abraços!
Olá DigRam!!! Boa tarde!
Fiz conforme você falou, executei o bankerfix, scaneei e aqui vai o log do hijack e o relatório do bankerfix!
Analise, por favor!!!
Segue o log do hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:50, on 23/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Garmin\gStart.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\Filzip\Filzip.exe
C:\Users\Andre\AppData\Local\Temp\HijackThis.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\Windows\System32\DirectX\Dinput\diagx3d.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6944 bytes
Segue o relatório do Banker fix:
BankerFix 3.0 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2009-01-23 - 17:36
-------------------------------------------------------
Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1
=======================================================
Arquivo infectado detectado: C:\MSDOS.INF
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\pagefile.log
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\desktop.inf
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\Driver\1\desktop.inf
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\Driver\1\oobebaln.js
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\Driver\1\services.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\Driver\1
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Windows\System32\DirectX\Dinput\Driver\2
Arquivo infectado removido com sucesso!
----- Fim -------------------------
Aguardo sua resposta!!!!!
Desde já agradeço!!!!
Bom Dia! omnia_7
<!> Delete a pasta: C:\LinhaDefensiva <--
-----------------------------
<@> Baixe: < CCleaner >
<@> Salve-o no Desktop!
<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!
<@> Terminando,clique em Executar Cleaner.
<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!
<@> Selecionando a opção Registro,clique em Procurar erros.
<@> Terminando,clique em Corrigir erros selecionados...
<@> Na pergunta,clique em Sim!
<@> Nomeie os backups e clique em Salvar.
<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup. ( .reg )
<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"
<@> Clique em Ok --> Fechar.
<@> Para maiores detalhes,leia o Tutorial: < Link >
-----------------------------
<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.
<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.
<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.
<!> Depois,desmarque novamente! --> Aplicar --> Ok.
<!> Para maiores detalhes,vá em: < Docs >
-----------------------------
<!> O log está limpo! :thumbsup:
<!> Tudo Ok?
Abraços!
Boa tarde DigRam!!!
Eu entendi os passos do CCleaner, mas não entendi direito essa parte de criar um ponto limpo na Restauração do Sistema. Gostaria que me explicasse melhor como faço isso. :unsure:
Desde já agradeço! E obrigada pela atenção!
Uma ótima semana!
----------------------
Olá DigRam!
Eu novamente
É que estou com algumas dúvidas, e gostaria que você me esclarecesse!!! Quando fui para deletar a pasta Linha Defensiva, tinha várias subpastas com blocos de notas, e eu estava lendo.
E dentro da subpasta Bat, havia esse bloco de notas error-removing:
ATENCAO!!!
Ocorreu um erro ao apagar alguns arquivos infectados!
Voce pode consultar o relatorio no arquivo relatorio.txt
para saber quais os arquivos ruins que nao puderam ser removidos.
E também dentro da subpasta vb, há um bloco de notas postreboot dizendo:
Houverem problemas para remover alguns arquivos. %CRLF% Tente executar o BankerFix novamente me Modo Seguro.
Gostaria de saber o que isso significa, e se há algo de errado ainda?? E o explorer às vezes de repente abre do nada!
Obrigada mais uma vez!
------------------------
Boa noite DigRam!!!
Estava verificando umas coisas e estou com mais um problema!!!
É o seguinte; fui hj tentar ouvir música no media player, mas o som não está saindo nos meus alto falantes externos, e tbm está com chiado, será que houve algum dano no driver depois de removidos os arquivos infectados, e isso afetou o som??
Te agradeço mais uma vez, e espero que possa me ajudar!
Abraços!
Opa! omnia_7
<!> Rode,novamente,o BankerFix em Modo de Segurança. É provável que a informação,contida na subpasta,seja um erro!
------------------------------
<@> Baixe: < ComboFix.exe > ( ...by sUBs )
<@> Salve-o no Desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
-----------------------------
<@> Terminando,poste os relatórios: C:\ComboFix.txt + Relatorio.txt + HijackThis,atualizado.
Abraços!
Olá DigRam! Boa tarde!!!
Aqui vão os relatórios do ComboFix e Hijack This para sua análise:
ComboFix 09-01-21.04 - Andre 2009-01-27 16:45:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.2037.1239 [GMT -3:00]
Executando de: c:\users\Andre\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning disabled (Updated)
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GbpSv
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-27 to 2009-01-27 ))))))))))))))))))))))))))))
.
2009-01-26 15:26 . 2008-04-26 05:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-26 15:26 . 2008-04-12 00:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-01-26 15:26 . 2008-04-04 22:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-01-26 15:26 . 2008-04-05 00:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-01-25 23:27 . 2009-01-25 23:27 <DIR> d-------- C:\PerfLogs
2009-01-24 19:10 . 2008-01-19 04:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
2009-01-24 19:10 . 2008-01-19 04:36 1,541,120 --a------ c:\windows\System32\onex.dll
2009-01-24 19:10 . 2008-01-19 04:42 51,768 --a------ c:\windows\System32\PSHED.DLL
2009-01-24 19:08 . 2008-01-19 00:12 3,662,296 --a------ c:\windows\System32\locale.nls
2009-01-24 19:07 . 2008-01-19 04:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2009-01-24 19:06 . 2008-01-19 04:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2009-01-24 19:05 . 2008-01-19 03:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-01-24 19:04 . 2008-01-19 04:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2009-01-24 19:03 . 2008-01-19 04:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2009-01-24 19:03 . 2008-01-19 04:36 218,624 --a------ c:\windows\System32\wdscore.dll
2009-01-24 19:03 . 2008-01-19 04:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2009-01-24 19:03 . 2008-01-19 04:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2009-01-24 19:03 . 2008-01-19 04:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2009-01-24 19:02 . 2008-01-19 04:34 246,784 --a------ c:\windows\System32\drvstore.dll
2009-01-24 19:01 . 2008-01-19 04:34 305,152 --a------ c:\windows\System32\msdelta.dll
2009-01-24 19:01 . 2008-01-19 04:34 258,560 --a------ c:\windows\System32\dpx.dll
2009-01-24 19:01 . 2008-01-19 04:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2009-01-23 17:45 . 2009-01-23 17:45 318,369 --a------ C:\HiJackThis.zip
2009-01-23 17:28 . 2009-01-23 17:29 178,591 --a------ C:\bankerfix.exe
2009-01-23 16:48 . 2009-01-23 16:48 269,312 --a------ c:\windows\System32\es.dll
2009-01-22 18:23 . 2009-01-22 18:23 2,927,104 --a------ c:\windows\explorer.exe
2009-01-22 18:20 . 2008-01-19 04:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2009-01-22 18:20 . 2006-11-02 06:46 8,704 --a------ c:\windows\System32\hccoin.dll
2009-01-22 18:12 . 2009-01-22 18:12 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-22 14:27 . 2008-01-02 16:37 180,224 --a------ c:\windows\System32\igfxres.dll
2009-01-22 14:15 . 2009-01-22 14:15 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-22 14:15 . 2009-01-22 14:15 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-22 14:15 . 2009-01-22 14:15 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-22 14:15 . 2009-01-22 14:15 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-22 14:14 . 2009-01-22 14:14 1,820 --a------ c:\windows\System32\rasctrnm.h
2009-01-22 14:13 . 2009-01-22 14:13 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-22 14:13 . 2009-01-22 14:13 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-22 14:13 . 2009-01-22 14:13 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-22 14:03 . 2009-01-22 14:03 428,544 --a------ c:\windows\System32\EncDec.dll
2009-01-22 14:03 . 2009-01-22 14:03 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-01-22 14:03 . 2009-01-22 14:03 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-01-22 14:03 . 2009-01-22 14:03 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-01-22 14:03 . 2009-01-22 14:03 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-22 14:03 . 2009-01-22 14:03 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-22 14:03 . 2009-01-22 14:03 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-22 13:58 . 2009-01-22 13:58 296,960 --a------ c:\windows\System32\gdi32.dll
2009-01-22 13:56 . 2009-01-22 13:56 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-22 13:55 . 2009-01-22 13:55 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-22 13:52 . 2009-01-22 13:52 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-22 13:52 . 2009-01-22 13:52 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-01-22 13:52 . 2009-01-22 13:52 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-22 13:51 . 2009-01-22 13:51 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-22 13:50 . 2009-01-22 13:50 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-01-22 13:49 . 2009-01-22 13:49 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-01-22 13:49 . 2009-01-22 13:49 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-22 13:43 . 2009-01-22 13:43 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-22 13:32 . 2009-01-22 13:32 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-22 04:35 . 2009-01-22 04:35 6,917,120 --a------ c:\windows\System32\NlsLexicons0c1a.dll
2009-01-22 04:35 . 2009-01-22 04:35 4,495,360 --a------ c:\windows\System32\NlsData0816.dll
2009-01-22 04:35 . 2009-01-22 04:35 1,965,056 --a------ c:\windows\System32\NlsData0c1a.dll
2009-01-22 04:35 . 2009-01-22 04:35 1,965,056 --a------ c:\windows\System32\NlsData081a.dll
2009-01-22 04:31 . 2009-01-22 04:31 988,216 --a------ c:\windows\System32\winload.exe
2009-01-22 04:31 . 2009-01-22 04:31 927,288 --a------ c:\windows\System32\winresume.exe
2009-01-22 04:31 . 2009-01-22 04:31 615,992 --a------ c:\windows\System32\ci.dll
2009-01-22 04:31 . 2009-01-22 04:31 378,368 --a------ c:\windows\System32\srcore.dll
2009-01-22 04:31 . 2009-01-22 04:31 318,464 --a------ c:\windows\System32\rstrui.exe
2009-01-22 04:31 . 2009-01-22 04:31 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2009-01-22 04:31 . 2009-01-22 04:31 40,960 --a------ c:\windows\System32\srclient.dll
2009-01-22 04:31 . 2009-01-22 04:31 19,000 --a------ c:\windows\System32\kd1394.dll
2009-01-22 04:31 . 2009-01-22 04:31 14,848 --a------ c:\windows\System32\srdelayed.exe
2009-01-22 04:31 . 2009-01-22 04:31 6,656 --a------ c:\windows\System32\kbd106n.dll
2009-01-22 04:25 . 2009-01-22 04:25 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-22 04:25 . 2009-01-22 04:25 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-22 04:25 . 2009-01-22 04:25 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-22 04:22 . 2009-01-22 04:22 443,392 --a------ c:\windows\System32\win32spl.dll
2009-01-22 04:22 . 2009-01-22 04:22 37,888 --a------ c:\windows\System32\printcom.dll
2009-01-22 04:21 . 2009-01-22 04:21 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-22 04:21 . 2009-01-22 04:21 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-22 04:20 . 2009-01-22 04:20 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-22 04:19 . 2009-01-22 04:19 2,868,736 --a------ c:\windows\System32\mf.dll
2009-01-22 04:19 . 2009-01-22 04:19 98,816 --a------ c:\windows\System32\mfps.dll
2009-01-22 04:18 . 2009-01-22 04:18 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-22 04:18 . 2009-01-22 04:18 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-22 04:18 . 2009-01-22 04:18 53,248 --a------ c:\windows\System32\rrinstaller.exe
2009-01-22 04:18 . 2009-01-22 04:18 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-01-22 04:18 . 2009-01-22 04:18 2,048 --a------ c:\windows\System32\mferror.dll
2009-01-22 04:17 . 2009-01-22 04:17 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-01-22 04:17 . 2009-01-22 04:17 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-22 04:16 . 2009-01-22 04:16 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-22 04:15 . 2009-01-22 04:15 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-01-22 04:14 . 2009-01-22 04:14 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-22 04:14 . 2009-01-22 04:14 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-22 04:13 . 2009-01-22 04:13 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-22 04:13 . 2009-01-22 04:13 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-01-22 04:13 . 2009-01-22 04:13 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-21 10:59 . 2009-01-21 10:59 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-21 10:59 . 2009-01-21 10:59 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-21 10:59 . 2009-01-21 10:59 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-21 10:59 . 2009-01-21 10:59 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-21 10:58 . 2009-01-21 10:58 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-21 10:58 . 2009-01-21 10:58 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-21 10:58 . 2009-01-21 10:58 34,328 --a------ c:\windows\System32\wups.dll
2009-01-21 10:57 . 2009-01-21 10:57 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-01-21 10:57 . 2009-01-21 10:57 31,232 --a------ c:\windows\System32\wuapp.exe
2009-01-21 08:17 . 2009-01-21 08:17 <DIR> d-------- c:\program files\Panda Security
2009-01-21 08:17 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-01-21 06:12 . 2009-01-21 06:12 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-01-21 06:12 . 2009-01-21 06:12 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-01-21 03:40 . 2009-01-23 22:07 <DIR> d--h----- C:\$AVG8.VAULT$2009-01-10 05:12 . 2009-01-10 05:12 268 --ah----- C:\sqmdata05.sqm
2009-01-10 05:12 . 2009-01-10 05:12 244 --ah----- C:\sqmnoopt05.sqm
2009-01-04 18:29 . 2009-01-04 18:29 <DIR> d-------- c:\program files\Google
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 18:12 174 --sha-w c:\program files\desktop.ini
2009-01-26 02:33 --------- d-----w c:\program files\Windows Sidebar
2009-01-26 02:33 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-26 02:33 --------- d-----w c:\program files\Windows Mail
2009-01-26 02:33 --------- d-----w c:\program files\Windows Journal
2009-01-26 02:33 --------- d-----w c:\program files\Windows Defender
2009-01-26 02:33 --------- d-----w c:\program files\Windows Collaboration
2009-01-26 02:33 --------- d-----w c:\program files\Windows Calendar
2009-01-22 21:15 --------- d-----w c:\program files\Microsoft Works
2009-01-22 16:52 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-22 16:52 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-22 16:52 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-22 16:52 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-22 16:52 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-22 16:52 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-22 07:27 --------- d-----w c:\program files\Windows Live
2009-01-22 00:30 --------- d-----w c:\users\Andre\AppData\Roaming\mIRC
2009-01-22 00:25 --------- d-----w c:\program files\mIRC
2008-12-11 02:33 --------- d-----w c:\programdata\GbPlugin
2008-12-11 02:01 --------- d-----w c:\program files\GbPlugin
2008-12-03 23:41 --------- d-----w c:\users\Andre\AppData\Roaming\gtk-2.0
2008-09-25 16:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-25 16:35 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-25 16:35 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2473508781-2528828070-2071102753-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CED169D9-076F-4BBC-93C0-C5776D98EC93}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{37A0A062-5074-4BD5-8458-FA3026F43799}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{69B1FC82-01E7-4899-BF3D-12324D141F8F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{186D9E77-79C9-4785-8788-977A90530280}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{4EECECC7-C745-4B09-89E7-757AE2815432}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{4699BFA2-E2DC-41B8-90B1-92A5725BBFA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-01-21 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-15 97928]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-09-15 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-09-15 180736]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
.
BHO-{83FDA784-0154-418F-810B-F1839272C361} - c:\windows\System32\DirectX\Dinput\diagx3d.dll
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 16:52:45
Windows 6.0.6001 Service Pack 1 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\conime.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\igfxsrvc.exe
c:\users\Andre\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-01-27 16:58:50 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-01-27 19:58:38
Pré-execução: 28.360.949.760 bytes disponíveis
Pós execução: 27,887,808,512 bytes disponíveis
235 --- E O F --- 2009-01-26 18:39:45
Segue abaixo o log do Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:39, on 27/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Garmin\gStart.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\PROGRA~1\Filzip\Filzip.exe
C:\Users\Andre\AppData\Local\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4520 bytes
*P.S.: Não tinha a pasta relatórios.txt só ComboFix.txt
Aguardo sua resposta!!!
Abraços!
Boa Tarde! omnia_7
<!> Desculpe-me a demora,pois fiquei sem Internet.
------------------------------
<@> Vá a este link,e baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.forospyware.com/images/smilies/malwarebyte.png&key=5c509c33fc2d9ad97960fc96f5785f5a9dda006368fb211863382040edc99f17" alt="malwarebyte.png" />alwarebytes >
<@> Atualize o programa!
<@> Escolha o escaneamento Rápido!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.
<@> Para maiores detalhes: < Link >
-----------------------
<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.
Abraços!
Boa tarde DigRam!!!
Imagina, não tem do que se desculpar! Está tudo ok! :joia:
Segue abaixo os relatórios do Malwarebytes e Hijack This para sua análise:
Malwarebytes' Anti-Malware 1.33
Versão do banco de dados: 1702
Windows 6.0.6001 Service Pack 1
2009-01-28 17:06:24
mbam-log-2009-01-28 (17-06-24).txt
Tipo de Verificação: Rápida
Objetos verificados: 46293
Tempo decorrido: 4 minute(s), 32 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
(Nenhum ítem malicioso foi detectado)
Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12, on 2009-01-28
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Garmin\gStart.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\PROGRA~1\Filzip\Filzip.exe
C:\Users\Andre\AppData\Local\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: G,avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4413 bytes
E gostaria de saber DigRam o que eu faço com as pastas Qoobox do ComboFix e com o ComboFix??
E mais uma perguntinha, que tenho uma dúvida! :mellow:
O que é essa pasta que o ComboFix excluiu, a C:\windows\system32\x64?? Ela é importante??
Muito obrigada pela atenção e pela ajuda!!!
Abraços! :thumbsup:
Bom Dia! omnia_7
E gostaria de saber DigRam o que eu faço com as pastas Qoobox do ComboFix e com o ComboFix??
<!> Digite ou cole,no Executar: combofix.exe /u --> Clique OK.
<!> O que restar,pode deletar.
E mais uma perguntinha, que tenho uma dúvida! O que é essa pasta que o ComboFix excluiu, a C:\windows\system32\x64?? Ela é importante??
<!> Parece ser importante,para alocar ficheiros,em aplicações emuladas de 32 bits.
<!> Não tenho certeza desse fato,mas...provavelmente,será recriada tão logo execute aplicações de 32 bits.
--------------------------
<!> Para reparar alguns problemas ocasiobados por malwares,ao sistema,utilize o CD do Windows.
--------------------------
<@> Vá em Iniciar --> Executar --> Digite ou cole: sfc /scannow --> Clique OK.
<@> Será pedido a colocação do CD-ROM,do Windows XP,no drive.
<@> Aguarde a conclusão do reparo!
--------------------------
<!> O log está limpo! :thumbsup:
Abraços!
Boa tarde DigRam!!!
Então vou fazer isso, por via das dúvidas, e para reparar algo. Meu Windows aqui é o Vista, uso o cd do XP?? :unsure:
Nossa que bom que agora está tudo ok com o pc!!!
Obrigada por essas informações! E muito obrigada pela ajuda e suporte!!! Valeu! :thumbsup:
Abraços!!!
Boa tarde DigRam!!!
Então vou fazer isso, por via das dúvidas, e para reparar algo. Meu Windows aqui é o Vista, uso o cd do XP?? :unsure:
Nossa que bom que agora está tudo ok com o pc!!!
Obrigada por essas informações! E muito obrigada pela ajuda e suporte!!! Valeu! :thumbsup:
Abraços!!!
------------------------
Opa! omnia
<!> No seu caso,o CD é do Windows Vista.
<!> Leia as informações,contidas neste Tutorial,para maiores detalhes.
<!> Execute o reparo e nos informe os resultados!
Abraços!
Boa tarde DigRam!
Me desculpe a demora. Então eu estava procurando aqui e não tenho o CD do Windows Vista, quando eu comprei o pc não veio o CD junto, e o meu é original. Agora eu vou tentar ver se eu consigo o CD onde eu comprei o pc, para poder estar fazendo esse scan, e reparar danos no sistema.
Infelizmente acho que vai demorar um pouco, mas assim que eu conseguir o CD e scanear o sistema, eu informarei os resultados, ok!!!
Obrigada! :thumbsup:
Abraços!
Boa tarde DigRam!
Me desculpe a demora. Então eu estava procurando aqui e não tenho o CD do Windows Vista, quando eu comprei o pc não veio o CD junto, e o meu é original. Agora eu vou tentar ver se eu consigo o CD onde eu comprei o pc, para poder estar fazendo esse scan, e reparar danos no sistema.
Infelizmente acho que vai demorar um pouco, mas assim que eu conseguir o CD e scanear o sistema, eu informarei os resultados, ok!!!
Obrigada! :thumbsup:
Abraços!
---------------------
Opa! omnia_7
<!> Tudo Ok! Estarei aguardando e,se não for possível sua aquisição,darei o caso como resolvido.
Abraços!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Leia
Regra Nº 02 - Utilizando O Hijackthis.
Post um log