[Arquivado] Tem um Hacker capiturando minhas senhas

[Petrelli 0]

Olá Jgarcia!

:natal_biggrin:

Já usei todos os antivirus que eu conheço e não conseguí me ver livre desse pesadêlo, veja o que pode fazer por mim!

 

Quando eu ligo o computador e entro no meu usuário, sem mais nem menos abre uma janela em branco com o nome "vixe" e toda vez que tento abrir o orkut por exemplo, ele copia a senha e envia mensagens com vírus para os meus amigos.

Um forte abraço!

 

Logfile of HijackThis v1.99.1

Scan saved at 19:46:22, on 12/6/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Registry Repair\RegistryRepair.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [RegistryRepair] C:\Arquivos de programas\Registry Repair\RegistryRepair.exe /scanstartup

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WinRegork] C:\WINDOWS\system32\Walcult.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file)

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file)

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file)

[jgarcia 1]

Opa Petrelli,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Petrelli 0]

Logfile of HijackThis v1.99.1

Scan saved at 10:38:19, on 12/10/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\Walcult.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Trayhabil.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\apvxdwin.exe

c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file)

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file)

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file)

 

 

:natal_noel:

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 12/10/aaaa - 10:37

-------------------------------------------------------

Lista de Definição: 2007-11-27-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[jgarcia 1]

Opa Petrelli,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Petrelli 0]

Oba JGarcia!

 

Não conseguí executar o COMBOFIX, dá uma mensagem de erro tipo, COMBOFIX.EXE não é um aplicativo Win32 válido.

 

O engraçado é que depois de baixar o tamanho dele fica de 0 Bytes.

 

PS. Tenho de baixá-lo no C: ou tanto faz?

 

Abraços.

:natal_noel:

[jgarcia 1]

Oba JGarcia!

 

Não conseguí executar o COMBOFIX, dá uma mensagem de erro tipo, COMBOFIX.EXE não é um aplicativo Win32 válido.

 

O engraçado é que depois de baixar o tamanho dele fica de 0 Bytes.

Tente baixá-lo por meio do link abaixo:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

... e retorne com o resultado.

[Petrelli 0]

OBA JGARCIA!

 

Logfile of HijackThis v1.99.1

Scan saved at 14:12:18, on 1/9/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Arquivos de programas\Trayhabil.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

c:\arquivos de programas\panda software\panda antivirus 2007\WebProxy.exe

D:\Arquivos de programas\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.br.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6a046b266fd74e57866cbfe2d4601d8c

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Panda Software International - (no file)

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - VSO Software - (no file)

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\PsImSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - (no file)

 

 

ComboFix 08-01-09.2 - Roberto 2008-01-09 13:41:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.101 [GMT -3:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\statusreport.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))

.

 

2008-01-09 13:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 14:52 . 2001-02-23 10:11 118,784 --a------ C:\WINDOWS\system32\ActiveDate.ocx

2008-01-03 14:52 . 2003-08-31 12:43 86,016 --a------ C:\WINDOWS\system32\SMTP.ocx

2008-01-03 14:50 . 2008-01-03 14:50 328 --a------ C:\Atalho para ARQUIVOS (D).lnk

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Roberto\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Heloisa\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Convidado\Configuraþ§es locais

2007-12-21 15:15 . 2007-12-21 15:15 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2007-12-19 18:00 . 2008-01-09 12:11 <DIR> d-------- C:\LinhaDefensiva

2007-12-19 17:57 . 2007-12-19 17:57 180,719 --a------ C:\bankerfix.exe

2007-12-18 12:48 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll

2007-12-18 12:44 . 2007-12-18 12:44 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\Printer Info Cache

2007-12-18 12:44 . 2007-12-18 12:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-12-18 12:11 . 2007-12-18 12:11 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

2007-12-14 15:23 . 2007-12-14 15:28 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-12-13 13:58 . 2007-12-13 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AdobeUM

2007-12-13 13:54 . 2007-12-13 13:54 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData

2007-12-13 13:40 . 2007-12-13 13:40 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos

2007-12-13 13:34 . 2007-12-13 13:35 37,898,724 --a------ C:\ManageEngine_ServiceDesk_Plus.exe

2007-12-13 12:39 . 2008-01-09 13:39 1,495,667 --a------ C:\ComboFix.exe

2007-12-13 12:11 . 2007-12-13 12:11 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2007-12-13 12:07 . 2007-12-18 12:48 79,230 --a------ C:\WINDOWS\hpfins05.dat

2007-12-13 12:07 . 2005-05-23 14:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat

2007-12-13 11:35 . 2007-12-13 11:23 79,098 --------- C:\WINDOWS\hpfins05.dat.temp

2007-12-13 11:35 . 2005-05-23 14:51 1,395 --------- C:\WINDOWS\hpfmdl05.dat.temp

2007-12-13 10:30 . 2007-12-18 12:44 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\Image Zone Express

2007-12-13 10:24 . 2007-12-13 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2007-12-13 10:20 . 2007-12-18 12:44 <DIR> d-------- C:\Arquivos de programas\HP

2007-12-13 10:18 . 2007-12-13 10:28 <DIR> d-------- C:\Documents and Settings\Heloisa\Dados de aplicativos\HP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-08 11:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\AntiVir PersonalEdition Classic

2007-12-28 16:58 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-12-18 11:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-17 11:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-13 14:22 --------- d-----w C:\Arquivos de programas\Java

2007-12-05 17:42 --------- d-----w C:\Arquivos de programas\Panda Security

2007-12-05 15:17 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-12-05 15:16 --------- d-----w C:\Arquivos de programas\QuickTime

2007-12-05 15:15 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-11-26 15:43 --------- d-----w C:\Arquivos de programas\Citrix

2007-11-22 20:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Opus Shared

2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-01 18:34 636,416 -c--a-w C:\WINDOWS\system32\vmsys.exe

2007-11-01 18:34 506,880 -c--a-w C:\WINDOWS\system32\azsys.exe

2007-11-01 18:34 335,360 -c--a-w C:\WINDOWS\system32\itsys.exe

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 13:26 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe

2007-10-20 09:01 227,328 -c--a-w C:\WINDOWS\system32\wmasf.dll

2007-05-17 17:44 47,360 -c--a-w C:\Documents and Settings\Heloisa\Dados de aplicativos\pcouffin.sys

2001-09-10 11:10 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll

2001-09-06 11:58 139,264 -c--a-w C:\WINDOWS\inf\i386\Rtscan.dll

2001-08-17 21:43 32,768 -c--a-w C:\WINDOWS\inf\i386\Wiamicro.dll

2001-06-29 11:10 163,840 -c--a-w C:\WINDOWS\inf\i386\viceo.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"APVXDWIN"="C:\Arquivos de programas\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 07:59 311296]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"avgnt"="C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54 233512]

"HP Software Update"="D:\Arquivos de programas\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"Administrador FP"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"RegisterDropHandler"="C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 08:56 22528]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

HP Digital Imaging Monitor.lnk - D:\Arquivos de programas\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

InterVideo WinCinema Manager.lnk - C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-23 09:29:26]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"AntiVirService"=2 (0x2)

"AntiVirScheduler"=2 (0x2)

 

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 01:05]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-10 12:17:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-01-08 20:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-09 13:43:20

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-09 13:44:24

ComboFix-quarantined-files.txt 2008-01-09 16:44:09

ComboFix2.txt 2007-12-21 18:15:04

.

2008-01-09 12:04:02 --- E O F ---

:clap:

[jgarcia 1]

Opa Petrelli,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.