[Arquivado] Não consigo me livrar de um Malware

[Rodolfus 0]

O PC está lento e a todo momento uma janela com Winantivirus abre. Alguém pode ajudar?

O Spybot e o antivirus eliminam o problema, porém a cada "boot" o problema reaparece com nomes diferentes.

Ah, não consigo também restaurar o sistema. Socorro!

 

 

Como tenho visto que é de praxe, segue o log do HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:41:17, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\VM_STI.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.112.139.108:3124

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jkddtgjq.dll",forkonce

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [PPWebCap] C:\ARQUIV~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4685DF-2E95-4C0B-BDF4-A58D783DBDAC}: NameServer = 192.168.251.254

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

[Denis Dias 0]

1 Baixe o BankerFix em:

 

http://p.download.uol.com.br/linhadefensiv...x/bankerfix.exe

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

OBS: você USA PROXY ?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.112.139.108:3124

 

Abraços.

[Rodolfus 0]

Fiz tudo conforme solicitado.

 

Obs: O proxy eu utilizo somente quando vou me conectar a um servidor de um curso. Pode verificar que agora ele deve sumir.

 

Quanto ao BankerFix, apareceu uma tela informando que a execução foi concluída com êxito e que nenhum problema foi encontrado no computador. Segue abaixo...

 

Novo log do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:53:55, on 11/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\dabppxwm.dll",forkonce

O4 - HKCU\..\Run: [PPWebCap] C:\ARQUIV~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4685DF-2E95-4C0B-BDF4-A58D783DBDAC}: NameServer = 192.168.251.254

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

 

Relatório do BankerFix:

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 11/7/2007 - 17:50

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[Denis Dias 0]

Execute o Hijacks

 

Click em "Do a system scan and save a logfile"

 

Agora feche o txt que aparecera.

 

e Marque as seguintes entradas:

 

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jkddtgjq.dll",forkonce

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

 

Click em fix checked

 

2 Passo

 

Baixe o FixwareOut em :

 

http://downloads.subratam.org/Fixwareout.exe

 

http://www.bleepingcomputer.com/file...Fixwareout.exe

 

Agora fecha todos os programas para fluir a ferramenta

-> Rode-o. Instale o programa e no fim deixe marcado Run fixit.

Clique em Finish

-> se a ferramenta pedir reboot -> aceite

 

Reiniciar o computador pela 2ª. vez

 

-> veja lá o -> o arquivo C:\fixwareout\report.txt. -> no C:\fixwareout

 

cole-o na resposta. faça um log hijackthis depois que reiniciou pela 2ª. Vez

 

Baixe o CCleaner e faça uma limpeza!

 

http://download.ccleaner.com/ccsetup140.exe

 

Aguardo sua resposta!

[Rodolfus 0]

Olá, Denis. Já sinto uma melhora considerável no sistema!

 

 

 

Log do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:38:39, on 12/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [PPWebCap] C:\ARQUIV~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4685DF-2E95-4C0B-BDF4-A58D783DBDAC}: NameServer = 192.168.251.254

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

 

Segue o relatório do Fixwareout:

 

Username "Rodolfus" - 2007-07-12 11:31:39 [Fixwareout edited 2007/07/05]

 

»»»»»Prerun check

 

Liberação do cache do DNS Resolver bem-sucedida.

 

 

System was rebooted successfully.

 

»»»»» Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

»»»»» Misc files.

....

»»»»» Checking for older varients.

....

 

»»»»» Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE A4 Tech USB PC Camera"

"avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"Acronis Scheduler2 Service"="\"C:\\Arquivos de programas\\Arquivos comuns\\Acronis\\Schedule2\\schedhlp.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPWebCap"="C:\\ARQUIV~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

 

 

Após seguir os passos o acesso à internet ficou mais rápido.

 

Depois de fazer o que você recomendou e passar o CCleaner, passei novamente o SpyBot. Ele detectou 2 Malwares: Fastclick e Virtumonde. Removi com o SpyBot, reiniciei o computador, e novamente ele detectou 2 Maleares: Fastclick e Statcounter.

 

Tenho que fazer mais alguma coisa?

 

Abraços e obrigado pela ajuda.

[Denis Dias 0]

SEU LOG ESTA APARENTEMENTE LIMPO!!!!!!!!!!!!

Mais porem, não sei o pq, as vezes o log parece limpo e quando eu rodo o combofix, aparece varias

coisas.

Então indico a ultima ferramenta.

 

Baixe o combofix em : http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

 

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado;

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta

 

 

 

A Paginá do Winantivirus continua aparecendo ?

 

ps: Estou em treinamento, não sei resolver os problemas, sei procurar e tentar.

 

 

Qualquer um com mais experiencia, pode conferir novamente esses logs, e add mais alguma coisa ?

 

 

Agradecido Denis!

[Rodolfus 0]

A página com o Winantivirus não aparece mais :clap: Obrigado!

 

Bem, fiz os passos que pediu e incluo abaixo o log:

 

 

ComboFix.txt

 

"Rodolfus" - 2007-07-12 22:15:33 - ComboFix 07-07-13 - Service Pack 2

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\ackvdelt.dll

C:\WINDOWS\system32\dabppxwm.dll

C:\WINDOWS\system32\uykmwmxa.dll

C:\WINDOWS\system32\wxakmsjh.exe

C:\WINDOWS\system32\awtrrst.dll

C:\WINDOWS\system32\ljjkheb.dll

C:\WINDOWS\system32\tledvkca.ini

C:\WINDOWS\system32\qstwa.bak1

C:\WINDOWS\system32\qstwa.bak2

C:\WINDOWS\system32\qstwa.ini

C:\WINDOWS\system32\mwxppbad.ini

C:\WINDOWS\system32\awtsq.dll

C:\WINDOWS\system32\urqqpmj.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\retadpu2000352.exe

 

 

((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))

 

 

2007-07-12 22:14 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-12 11:48 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-12 11:31 6,807 --a------ C:\dnsbak.reg

2007-07-11 10:18 66,624 --a------ C:\WINDOWS\system32\cvnhxdqa.dll

2007-07-11 10:17 66,112 --a------ C:\WINDOWS\system32\rcihoiwx.exe

2007-07-10 21:40 <DIR> d-------- C:\HijackThis

2007-07-09 23:50 <DIR> dr------- C:\DOCUME~1\ADMINI~1.OEM\Menu Iniciar

2007-07-09 23:50 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.OEM\Ambiente de rede

2007-07-09 23:50 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.OEM\Ambiente de impressÆo

2007-07-09 23:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1.OEM\Meus documentos

2007-07-09 23:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1.OEM\Favoritos

2007-07-09 22:42 524,288 --ah----- C:\DOCUME~1\ADMINI~1.OEM\NTUSER.DAT

2007-07-09 22:42 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.OEM\Dados de aplicativos

2007-07-09 22:42 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.OEM\Modelos

2007-07-09 22:42 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.OEM\Configura‡äes locais

2007-07-08 18:45 <DIR> d-------- C:\Arquivos de programas\SolidDocuments

2007-07-08 18:39 1,024 --a------ C:\WINDOWS\system32\pdfpg.dat

2007-07-08 18:31 <DIR> d-------- C:\Arquivos de programas\PDF Split-Merge v2.2

2007-07-08 11:31 <DIR> d-------- C:\DOCUME~1\Rodolfo\DADOSD~1\SolidDocuments

2007-07-08 11:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SolidDocuments

2007-07-08 11:26 1,024 --a------ C:\WINDOWS\system32\pwdremover.dat

2007-07-08 11:24 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v2.5

2007-06-30 17:10 <DIR> d-------- C:\Arquivos de programas\IKEA HomePlanner

2007-06-30 17:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-06-30 16:19 <DIR> d-------- C:\Arquivos de programas\furnish

2007-06-13 20:05 <DIR> d-------- C:\DOCUME~1\Rodolfo\DADOSD~1\MegauploadToolbar

2007-06-13 20:05 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-13 01:15:00 -------- d-----w C:\DOCUME~1\Rodolfo\DADOSD~1\Free Download Manager

2007-07-12 17:30:25 -------- d-----w C:\Arquivos de programas\GbPlugin

2007-07-08 14:00:21 49,152 ----a-w C:\WINDOWS\VM_STI.EXE

2007-06-14 22:26:41 -------- d-----w C:\Arquivos de programas\eMule

2007-06-06 19:39:55 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-06-04 15:45:26 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-06-04 15:45:25 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Filseclab

2007-06-04 12:43:26 -------- d-----w C:\Arquivos de programas\MSXML 4.0

2007-06-04 12:39:28 -------- d-----w C:\Arquivos de programas\Comodo

2007-06-04 12:35:36 -------- d-----w C:\DOCUME~1\Rodolfo\DADOSD~1\Comodo

2007-06-03 12:44:41 -------- d-----w C:\DOCUME~1\Rodolfo\DADOSD~1\Autodesk

2007-06-03 12:40:41 -------- d-----w C:\Arquivos de programas\Autodesk

2007-06-03 12:40:38 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2007-06-03 12:40:18 -------- d-----w C:\Arquivos de programas\AutoCAD 2005

2007-06-03 12:39:37 -------- d-----w C:\Arquivos de programas\AnswerWorks 4.0

2007-06-03 12:30:03 69,002 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-06-03 12:30:03 430,150 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-06-02 14:28:07 -------- d-----w C:\Arquivos de programas\Blue Iris

2007-06-02 13:41:31 -------- d-----w C:\Arquivos de programas\LEDSET

2007-05-31 20:54:16 -------- d-----w C:\Arquivos de programas\Free Download Manager

2007-05-25 01:45:05 88,064 ----a-w C:\WINDOWS\system32\JpgDll32.dll

2007-05-25 01:45:05 28,160 ----a-w C:\WINDOWS\system32\Scanner32.dll

2007-05-25 01:45:05 27,648 ----a-w C:\WINDOWS\system32\ZLib.dll

2007-05-20 14:07:48 -------- d-----w C:\Arquivos de programas\eRightSoft

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-27 23:07:00 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-20 18:50:25 493,141 --sh--w C:\WINDOWS\system32\qtvwa.bak2

2007-04-19 02:25:42 468,670 --sh--w C:\WINDOWS\system32\qtvwa.bak1

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2005-09-09 21:55:53 35 ----a-w C:\Arquivos de programas\SCSSDist.ini

2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

2006-11-02 15:09 259584 --a------ C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

2007-06-05 17:52 1935304 --a------ C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 00:04 853672 --a------ C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

2007-06-25 09:24 332616 --a------ C:\WINDOWS\Downloaded Program Files\gbieh.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

2006-08-20 18:55 81920 --a------ C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPWebCap"="C:\ARQUIV~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 10:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAddPrinter"=0 (0x0)

"NoDeletePrinter"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2007-06-25 09:24]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32]

wincqt32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 22:19:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-12 22:20:22 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-12 22:20

 

--- E O F ---

 

 

 

O problema é que o SpyBot continua detectando 4 Malwares:

- Advertising.com

- DoubleClick

- FastClick

- Statcounter

[Denis Dias 0]

Amigo comigo tbm sempre aparece esses... não sei o porque ainda...

Peço algum moderador, ou alguem com mais experiencia para explicalo.

 

mais indico a você passar o PANDA.

 

DESATIVE SEU ANTIVIRUS,DEPOIS EXECUTE O PANDA!

Depois passa spybot pra ver se os arquivos estão lá ainda... vlw

 

http://www.pandasoftware.com/activescan/pt...n_principal.htm

[Rodolfus 0]

Passei o Panda, mas ele chega ao final e fala que é pago... é isso mesmo?Quando passo o SpyBot ainda aparecem Malwares...

[Rodolfus 0]

Após instalar e desinstalar vários programas anti-spy, acho que consegui resolver o problema. Usei o AVG Anti Spyware 7.5, ele encontrou duas ameaças e as removeu. Vamos dar um tempo para ver se algo acontece...

[Rodolfus 0]

Continuo encontrando problemas em meu computador :( não sei o que pode estar acontecendo...

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.