[Resolvido!]encontrei troianos

leonina · Julho 17, 2007

Logfile of HijackThis v1.99.1

Scan saved at 11:10:50 PM, on 7/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ESRI\License\arcgis9x\ARCGIS.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\windows\system32\rlvknlg.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Cameno\Cameno.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Grisoft\AVG7\avgwb.dat

C:\Documents and Settings\Leticia\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb105\Dealio.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb105\Dealio.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [au] C:\Arquivos de programas\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [Cameno] C:\Arquivos de programas\Cameno\Cameno.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Arquivos de programas\Dealio\kb105\res\DealioSearch.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb105\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127333430093

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Arquivos de programas\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Arquivos de programas\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Arquivos de programas\AutoCAD 2002\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Arquivos de programas\AutoCAD 2002\AcPreview.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: ARCGIS License Manager - Unknown owner - C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

jgarcia · Julho 17, 2007

Opa leonina,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

leonina · Julho 18, 2007

Oi jgarcia

Depois de passar o avg e o avast e o CombFix, o computador continua lento..

AQUI VAI O LOG DO AVG;

Trojan horse PSW.Banker3.RSO C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\smss.exe1 16/7/2007 19:30:03 smss.exe 836 KB

Trojan horse PSW.Banker3.SCB C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avp.exe 16/7/2007 22:00:45 avp.exe 452 KB

Trojan horse PSW.Banker.KMK C:\WINDOWS\wupdmgr.exe 14/1/2006 17:34:49 wupdmgr.exe 740 KB

Trojan horse PSW.Banker3.SCB C:\WINDOWS\avp.exe 16/7/2007 22:13:11 avp.exe 452 KB

Trojan horse PSW.Banker3.RSO C:\WINDOWS\mngr2.exe 16/7/2007 22:13:20 mngr2.exe 836 KB

Trojan horse PSW.Banker3.RSO C:\WINDOWS\smss.exe 16/7/2007 22:13:25 smss.exe 836 KB

Trojan horse PSW.Banker3.SCB C:\WINDOWS\tasksmgr.exe 16/7/2007 22:13:30 tasksmgr.exe 452 KB

Trojan horse PSW.Banker3.SCB C:\Arquivos de programas\avp.exe 16/7/2007 23:28:03 avp.exe 452 KB

Trojan horse PSW.Banker3.RSO C:\Arquivos de programas\smss.exe 16/7/2007 23:28:04 smss.exe 836 KB

Trojan horse PSW.Banker2.IT C:\Documents and Settings\Leticia\Configurações locais\Temp\install_msn_8.0.zip 5/5/2006 20:50 install_msn_8.0.zip 936.99 KB

Trojan horse PSW.Banker2.IT C:\Documents and Settings\Leticia\Configurações locais\Temp\Diretório temporário 1 para install_msn_8.0.zip\msn_8.0.exe 5/5/2006 20:50 msn_8.0.exe 4.83 MB

Trojan horse PSW.Banker2.IT C:\WINDOWS\system32\system32.exe 5/5/2006 20:50 system32.exe 4.83 MB

Trojan horse PSW.Banker3.OOY C:\WINDOWS\wsys33.exe 9/7/2007 23:57 wsys33.exe 333.5 KB

AQUI VAI O LOG DO COMBEFIX

"Leticia" - 2007-07-17 21:37:48 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Leticia\DADOSD~1.\macromedia\Flash Player\#SharedObjects\WE8WTN34\www.broadcaster.com

C:\DOCUME~1\Leticia\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\Leticia\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\WINDOWS\system32\rk.bin

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\rlvknlg.exe

C:\WINDOWS\system32\setup.exe.tmp

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))

2007-07-17 21:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSIS

2007-07-17 20:49 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-16 21:10 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-07-16 21:10 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-16 21:10 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-16 21:10 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-16 21:09 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-16 21:09 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-16 21:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-16 21:08 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-07-09 23:56 0 --a------ C:\WINDOWS\system32\mvk2.dll

2007-07-09 23:56 0 --a------ C:\WINDOWS\system32\fail.dll

2007-07-03 21:46 <DIR> d-------- C:\arcgis

2007-07-03 21:42 708,669 --a------ C:\WINDOWS\system32\python21.dll

2007-07-03 21:42 65,536 --a------ C:\WINDOWS\system32\PyWinTypes21.dll

2007-07-03 21:42 299,073 --a------ C:\WINDOWS\system32\PythonCOM21.dll

2007-07-03 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESRI

2007-07-03 20:19 <DIR> d-------- C:\WINDOWS2149814393E4E198CA4FE096093695B.TMP

2007-07-03 19:34 <DIR> d-------- C:\DOCUME~1\Leticia\DADOSD~1\ESRI

2007-07-03 19:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ESRI

2007-07-03 19:20 <DIR> d--h----- C:\Arquivos de programas\ArcGIS

2007-07-03 19:20 <DIR> d-------- C:\Python21

2007-07-03 19:05 <DIR> d-------- C:\Arquivos de programas\Rainbow Technologies

2007-07-03 06:40 <DIR> d-------- C:\flexlm

2007-07-02 21:06 <DIR> d-------- C:\Arquivos de programas\ESRI

2007-07-02 20:32 270,848 --a------ C:\WINDOWS\system32\unwise32.exe

2007-07-02 04:18 <DIR> d-------- C:\Arquivos de programas\Tetrix XP

2007-07-02 04:14 <DIR> d-------- C:\Arquivos de programas\Save

2007-07-02 03:42 <DIR> d-------- C:\Arquivos de programas\TERMINAL Studio

2007-07-02 03:35 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2007-07-02 03:29 <DIR> d-------- C:\Arquivos de programas\Dealio

2007-07-02 03:26 <DIR> d-------- C:\Arquivos de programas\Tetris

2007-07-02 03:22 487,424 --------- C:\WINDOWS\Setup1.exe

2007-07-02 03:17 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-07-02 03:17 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-02 03:08 <DIR> d-------- C:\DOCUME~1\Leticia\DADOSD~1\Alive Games

2007-07-02 02:37 <DIR> d-------- C:\DOCUME~1\Leticia\WINDOWS

2007-07-02 02:37 <DIR> d-------- C:\Arquivos de programas\Quadra

2007-07-02 02:23 724,992 --a------ C:\WINDOWS\iun6002.exe

2007-07-02 02:22 <DIR> d-------- C:\Arquivos de programas\Cubemaster Gold

2007-07-02 02:07 4,096 --a------ C:\WINDOWS\d3dx.dat

2007-07-02 02:07 <DIR> d-------- C:\Arquivos de programas\TryMedia

2007-07-02 02:06 <DIR> d--h----- C:\Arquivos de programas\Alawar

2007-06-26 02:44 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 00:53:14 -------- d-----w C:\DOCUME~1\Leticia\DADOSD~1\AdobeUM

2007-07-15 03:25:31 -------- d-----w C:\Arquivos de programas\eMule

2007-07-11 14:45:40 -------- d-----w C:\Arquivos de programas\MessengerDiscovery

2007-07-11 13:25:53 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-07-11 01:29:23 67,450 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-11 01:29:23 425,426 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-02 06:55:35 -------- d-----w C:\Arquivos de programas\EnvieAlegria

2007-07-02 06:55:05 -------- d-----w C:\Arquivos de programas\iDump

2007-06-26 05:40:50 -------- d-----w C:\Arquivos de programas\Messenger

2007-05-25 01:26:00 -------- d-----w C:\Arquivos de programas\SmartDraw 2007

2007-05-25 01:05:13 -------- d-----w C:\DOCUME~1\Leticia\DADOSD~1\SmartDraw

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --ah----- C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

2007-06-25 17:44 2407256 --a------ C:\Arquivos de programas\Dealio\kb105\Dealio.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2005-11-10 12:22 184423 --a------ C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-07-07 11:29 324416 --a------ C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 12:57]

"SmcService"="C:\ARQUIV~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

"AdaptecDirectCD"="C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 11:34]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54]

"au"="C:\Arquivos de programas\Dealio\DealioAU.exe" [2007-06-25 16:42]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cameno"="C:\Arquivos de programas\Cameno\Cameno.exe" [2004-02-04 23:30]

"WhenUSave"="C:\Arquivos de programas\Save\Save.exe" []

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Microsoft Update 32"=wininit.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Arquivos de programas\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

Contents of the 'Scheduled Tasks' folder

2007-07-12 00:06:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-17 21:51:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-17 21:55:45 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-17 21:55

--- E O F ---

jgarcia · Julho 19, 2007

Opa leonina,

1. Baixe o BankerFix.

2. Desative o seu anti-vírus temporariamente.

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

5. Habilite o seu anti-vírus.

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

Abraços.

leonina · Julho 20, 2007

Oi Jgarcia

Ontem o avg detectou troianos a cada tres segundos até eu fechar o firefox....foi um susto. Fiz direitinho tudo o que era para fazer

aqui vai o log do bankerFix, parece que o avg impediu a entrada , veja:

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 7/20/2007 - 0:23

-------------------------------------------------------

Lista de Definição: 2007-07-15-1

=======================================================

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

Killing '*'

Arquivos a remover

-----------------------------------

Arquivos ruins restantes

-----------------------------------

Reg Importado

-----------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

agora o Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 12:27:52 AM, on 7/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\ARCGIS.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Cameno\Cameno.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE