Petrelli 0 Denunciar post Postado Dezembro 6, 2007 Olá Jgarcia! :natal_biggrin: Já usei todos os antivirus que eu conheço e não conseguí me ver livre desse pesadêlo, veja o que pode fazer por mim! Quando eu ligo o computador e entro no meu usuário, sem mais nem menos abre uma janela em branco com o nome "vixe" e toda vez que tento abrir o orkut por exemplo, ele copia a senha e envia mensagens com vírus para os meus amigos. Um forte abraço! Logfile of HijackThis v1.99.1 Scan saved at 19:46:22, on 12/6/aaaa Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINDOWS\System32\snmp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\WinLogT.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe C:\Arquivos de programas\Registry Repair\RegistryRepair.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RegistryRepair] C:\Arquivos de programas\Registry Repair\RegistryRepair.exe /scanstartup O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WinRegork] C:\WINDOWS\system32\Walcult.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file) O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file) Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 8, 2007 Opa Petrelli, 1. Baixe o BankerFix. 2. Desative o seu anti-vírus temporariamente. 3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan. 4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente. 5. Habilite o seu anti-vírus. 6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\). 7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Petrelli 0 Denunciar post Postado Dezembro 10, 2007 Logfile of HijackThis v1.99.1 Scan saved at 10:38:19, on 12/10/aaaa Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINDOWS\System32\snmp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\WinLogT.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\Walcult.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\WinLogT.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe D:\Arquivos de programas\Trayhabil.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\apvxdwin.exe c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file) O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file) :natal_noel: BankerFix 2.4 - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 12/10/aaaa - 10:37 ------------------------------------------------------- Lista de Definição: 2007-11-27-1 ======================================================= Killando arquivos em Help ----------------------------------- Killing '*' Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 12, 2007 Opa Petrelli, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Petrelli 0 Denunciar post Postado Dezembro 13, 2007 Oba JGarcia! Não conseguí executar o COMBOFIX, dá uma mensagem de erro tipo, COMBOFIX.EXE não é um aplicativo Win32 válido. O engraçado é que depois de baixar o tamanho dele fica de 0 Bytes. PS. Tenho de baixá-lo no C: ou tanto faz? Abraços. :natal_noel: Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 13, 2007 Oba JGarcia! Não conseguí executar o COMBOFIX, dá uma mensagem de erro tipo, COMBOFIX.EXE não é um aplicativo Win32 válido. O engraçado é que depois de baixar o tamanho dele fica de 0 Bytes. Tente baixá-lo por meio do link abaixo: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ... e retorne com o resultado. Compartilhar este post Link para o post Compartilhar em outros sites
Petrelli 0 Denunciar post Postado Janeiro 9, 2008 OBA JGARCIA! Logfile of HijackThis v1.99.1 Scan saved at 14:12:18, on 1/9/aaaa Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINDOWS\System32\snmp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\WinLogT.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wdfmgr.exe D:\Arquivos de programas\Trayhabil.exe D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\WinLogT.exe C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file) O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file) O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file) ComboFix 08-01-09.2 - Roberto 2008-01-09 13:41:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.101 [GMT -3:00] Executando de: C:\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\statusreport.dll . ((((((((((((((((((((((( Ficheiros criados de 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))) . 2008-01-09 13:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 14:52 . 2001-02-23 10:11 118,784 --a------ C:\WINDOWS\system32\ActiveDate.ocx 2008-01-03 14:52 . 2003-08-31 12:43 86,016 --a------ C:\WINDOWS\system32\SMTP.ocx 2008-01-03 14:50 . 2008-01-03 14:50 328 --a------ C:\Atalho para ARQUIVOS (D).lnk 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Roberto\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Heloisa\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Convidado\Configuraþ§es locais 2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais 2007-12-19 18:00 . 2008-01-09 12:11 <DIR> d-------- C:\LinhaDefensiva 2007-12-19 17:57 . 2007-12-19 17:57 180,719 --a------ C:\bankerfix.exe 2007-12-18 12:48 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll 2007-12-18 12:44 . 2007-12-18 12:44 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\Printer Info Cache 2007-12-18 12:44 . 2007-12-18 12:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP 2007-12-18 12:11 . 2007-12-18 12:11 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini 2007-12-14 15:23 . 2007-12-14 15:28 <DIR> d-------- C:\Arquivos de programas\a-squared Free 2007-12-13 13:58 . 2007-12-13 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AdobeUM 2007-12-13 13:54 . 2007-12-13 13:54 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData 2007-12-13 13:40 . 2007-12-13 13:40 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos 2007-12-13 13:34 . 2007-12-13 13:35 37,898,724 --a------ C:\ManageEngine_ServiceDesk_Plus.exe 2007-12-13 12:39 . 2008-01-09 13:39 1,495,667 --a------ C:\ComboFix.exe 2007-12-13 12:11 . 2007-12-13 12:11 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard 2007-12-13 12:07 . 2007-12-18 12:48 79,230 --a------ C:\WINDOWS\hpfins05.dat 2007-12-13 12:07 . 2005-05-23 14:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat 2007-12-13 11:35 . 2007-12-13 11:23 79,098 --------- C:\WINDOWS\hpfins05.dat.temp 2007-12-13 11:35 . 2005-05-23 14:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat.temp 2007-12-13 10:30 . 2007-12-18 12:44 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\Image Zone Express 2007-12-13 10:24 . 2007-12-13 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP 2007-12-13 10:20 . 2007-12-18 12:44 <DIR> d-------- C:\Arquivos de programas\HP 2007-12-13 10:18 . 2007-12-13 10:28 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\HP . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 11:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\AntiVir PersonalEdition Classic 2007-12-28 16:58 --------- d-----w C:\Arquivos de programas\GbPlugin 2007-12-18 11:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2007-12-17 11:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-12-13 14:22 --------- d-----w C:\Arquivos de programas\Java 2007-12-05 17:42 --------- d-----w C:\Arquivos de programas\Panda Security 2007-12-05 15:17 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar 2007-12-05 15:16 --------- d-----w C:\Arquivos de programas\QuickTime 2007-12-05 15:15 --------- d-----w C:\Arquivos de programas\MSN Messenger 2007-11-26 15:43 --------- d-----w C:\Arquivos de programas\Citrix 2007-11-22 20:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Opus Shared 2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-01 18:34 636,416 -c--a-w C:\WINDOWS\system32\vmsys.exe 2007-11-01 18:34 506,880 -c--a-w C:\WINDOWS\system32\azsys.exe 2007-11-01 18:34 335,360 -c--a-w C:\WINDOWS\system32\itsys.exe 2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 13:26 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe 2007-10-20 09:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll 2007-05-17 17:44 47,360 -c--a-w C:\Documents and Settings\Heloisa\Dados de aplicativos\pcouffin.sys 2001-09-10 11:10 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll 2001-09-06 11:58 139,264 -c--a-w C:\WINDOWS\inf\i386\Rtscan.dll 2001-08-17 21:43 32,768 -c--a-w C:\WINDOWS\inf\i386\Wiamicro.dll 2001-06-29 11:10 163,840 -c--a-w C:\WINDOWS\inf\i386\viceo.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "APVXDWIN"="C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 07:59 311296] "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224] "avgnt"="C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54 233512] "HP Software Update"="D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "Administrador FP"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "RegisterDropHandler"="C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 08:56 22528] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] HP Digital Imaging Monitor.lnk - D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26] InterVideo WinCinema Manager.lnk - C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-23 09:29:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb] C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "ose"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 01:05] S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19] . Conteúdo da pasta 'Tarefas Agendadas' "2007-10-10 12:17:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe "2008-01-08 20:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 13:43:20 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-01-09 13:44:24 ComboFix-quarantined-files.txt 2008-01-09 16:44:09 ComboFix2.txt 2007-12-21 18:15:04 . 2008-01-09 12:04:02 --- E O F --- :clap: Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 13, 2008 Opa Petrelli, Execute o Active Scan da Panda, observando os seguintes procedimentos: 1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas; 2) Para iniciar o processo, clique sobre o botão ; 3) Informe os dados solicitados no formulário; 4) Clique sobre o botão "Pesquise agora sem custos"; 5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura; 6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop; 7) Poste o conteúdo do log em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites