[Resolvido!]Computador com virus e nao consigo da "heal files

[Leandrueo 0]

Eu uso o avg free edition, n sei axo q n ta funfando ta dando um problema estranho AGORA agora msm entro um virus e ele detectou :saum 3 ta assim "VIRUS FOUND js/Psyme q q eh issu?? como apago? sera q o avg eh ruim e n consigo da heal nele =(((( ME AJUDEE PLIS

[jgarcia 1]

Opa Leandrueo,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[Leandrueo 0]

here ya go xP:

Logfile of HijackThis v1.99.1

Scan saved at 23:06:16, on 16/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Windows\Avsgccs.scr

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Marcia\Desktop\gattahack21\Gattahack.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Documents and Settings\Marcia\Desktop\gattahack21\Gattahack.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows] C:\Windows\Avsgccs.scr

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O4 - Global Startup: Avsgccs.scr

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C9B6F8-6D35-44BF-9A82-950F9688B1E6}: NameServer = 192.168.135.200

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

q q eu fasso agora?

[jgarcia 1]

Opa Leandrueo,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Leandrueo 0]

sou meio burrin, xP como desativa meu antivirus eh o avg

[Leandrueo 0]

JA CONSEGUI here yah go xP:

 

O do relatorio:

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 17/2/2008 - 0:6

-------------------------------------------------------

Lista de Definição: 2008-02-10-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\Avsgccs.scr

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\fotos

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Avsgccs.scr

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

O novo log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:10:20, on 17/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Marcia\Desktop\gattahack21\Gattahack.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Documents and Settings\Marcia\Desktop\gattahack21\Gattahack.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C9B6F8-6D35-44BF-9A82-950F9688B1E6}: NameServer = 192.168.135.200

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

[Leandrueo 0]

com issu o problema todo acaba? vo fica com nada de virus?

[jgarcia 1]

Opa Leandrueo,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Leandrueo 0]

Log do combo fix:

 

ComboFix 08-02-20.2 - Marcia 2008-02-19 19:08:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.517 [GMT -3:00]

Executando de: C:\Documents and Settings\Marcia\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\winsys.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))

.

 

2008-02-18 21:29 . 2008-02-18 22:11 56 -r-hs---- C:\WINDOWS\system32\4863F6B923.sys

2008-02-18 21:26 . 2008-02-18 21:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-02-18 09:40 . 2008-02-18 09:40 <DIR> d-------- C:\Arquivos de programas\Rufus

2008-02-18 09:39 . 2008-02-18 09:39 286,720 --------- C:\WINDOWS\Setup1.exe

2008-02-18 09:39 . 2008-02-18 09:39 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-02-18 09:23 . 2008-02-18 09:23 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Arquivos de programas\Avira

2008-02-17 00:06 . 2008-02-17 00:06 <DIR> d-------- C:\LinhaDefensiva

2008-02-16 23:22 . 2008-02-16 23:22 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Comodo

2008-02-16 23:22 . 2008-02-16 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\comodo

2008-02-16 23:22 . 2008-02-16 23:22 <DIR> d-------- C:\Arquivos de programas\COMODO

2008-02-16 23:22 . 2008-02-16 23:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir

2008-02-16 23:22 . 2008-02-16 23:22 83,704 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-02-16 23:22 . 2008-02-16 23:22 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-02-16 23:14 . 2008-02-16 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-16 23:14 . 2008-02-16 23:14 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-16 21:29 . 2008-02-16 21:49 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Download Manager

2008-02-16 20:54 . 2008-02-18 21:28 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Corel

2008-02-16 20:54 . 2008-02-16 20:55 88 -r-hs---- C:\WINDOWS\system32\23B9F66348.sys

2008-02-16 20:53 . 2008-02-16 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-02-16 20:52 . 2008-02-16 20:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-02-16 20:51 . 2008-02-18 22:11 5,852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-02-16 20:43 . 2008-02-18 21:26 <DIR> d-------- C:\Arquivos de programas\Corel

2008-02-16 20:39 . 2008-02-17 16:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-16 20:39 . 2008-02-17 16:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-16 20:39 . 2008-02-17 16:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-16 20:39 . 2008-02-17 16:27 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-16 20:11 . 2005-02-16 10:06 218,112 --a------ C:\HijackThis.exe

2008-02-12 00:33 . 2008-02-12 00:33 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-02-11 11:30 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-11 11:30 . 2007-07-30 18:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-11 11:30 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-10 22:24 . 2008-02-10 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-02-10 22:20 . 2008-02-10 22:20 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-02-10 21:32 . 2008-02-10 21:53 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-10 21:31 . 2008-02-10 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-10 21:31 . 2008-02-10 22:17 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-01 10:35 . 2008-02-17 11:10 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Skype

2008-02-01 10:34 . 2008-02-01 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-01 10:34 . 2008-02-01 10:35 <DIR> d-------- C:\Arquivos de programas\Skype

2008-02-01 10:34 . 2008-02-01 10:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-01-31 23:07 . 2008-01-31 23:07 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\teamspeak2

2008-01-31 23:07 . 2008-01-31 23:07 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-01-31 23:07 . 2008-01-31 23:07 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-01-31 22:51 . 2008-01-31 22:51 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-01-31 22:51 . 2008-01-31 22:51 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-01-31 22:51 . 2008-01-31 22:51 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-01-31 22:49 . 2008-01-31 22:49 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-01-28 20:31 . 2008-01-28 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers Headquarters

2008-01-27 16:45 . 2008-01-27 16:45 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-27 16:35 . 2008-01-27 16:38 <DIR> d-------- C:\SWSetup

2008-01-27 16:35 . 2008-01-27 16:35 <DIR> d-------- C:\Arquivos de programas\HPQ

2008-01-26 16:25 . 2008-01-26 16:25 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\DAEMON Tools

2008-01-26 16:25 . 2008-01-26 16:27 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-01-26 16:23 . 2008-01-26 16:23 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-26 02:25 . 2008-01-26 02:25 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-01-24 18:04 . 2008-01-24 18:04 268 --ah----- C:\sqmdata06.sqm

2008-01-24 18:04 . 2008-01-24 18:04 244 --ah----- C:\sqmnoopt06.sqm

2008-01-23 18:16 . 2008-01-23 18:16 268 --ah----- C:\sqmdata05.sqm

2008-01-23 18:16 . 2008-01-23 18:16 244 --ah----- C:\sqmnoopt05.sqm

2008-01-22 12:29 . 2008-01-22 12:29 268 --ah----- C:\sqmdata04.sqm

2008-01-22 12:29 . 2008-01-22 12:29 244 --ah----- C:\sqmnoopt04.sqm

2008-01-22 02:17 . 2008-01-22 02:17 268 --ah----- C:\sqmdata03.sqm

2008-01-22 02:17 . 2008-01-22 02:17 244 --ah----- C:\sqmnoopt03.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-19 00:25 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-19 00:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-02-18 18:53 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-02-17 03:37 --------- d-----w C:\Documents and Settings\Marcia\Dados de aplicativos\AVG7

2008-02-17 03:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-14 00:40 --------- d-----w C:\Arquivos de programas\STEALTH

2008-02-08 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-01 01:49 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-19 20:18 --------- d-----w C:\Arquivos de programas\StealthBot

2008-01-16 11:26 --------- d-----w C:\Arquivos de programas\Wc3HostingTools

2008-01-12 13:40 --------- d-----w C:\Documents and Settings\Marcia\Dados de aplicativos\HP

2008-01-10 20:30 --------- d-----w C:\Arquivos de programas\PFConfig

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 03:51 7323648]

"nwiz"="nwiz.exe" [2005-12-14 03:51 1519616 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-02 23:58 208896]

"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-02 23:59 69632]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 03:51 86016]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 14:38 16384512 C:\WINDOWS\RTHDCPL.exe]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15 81920]

"COMODO Firewall Pro"="C:\Arquivos de programas\COMODO\Firewall\cfp.exe" [2008-02-16 23:22 1500928]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-17 00:26 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2007-10-08 17:27 336800]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-16 23:22]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-16 23:22]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-10-08 17:30]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-20 19:10:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

.

Tempo para conclusão: 2008-02-20 19:11:16

ComboFix-quarantined-files.txt 2008-02-20 22:11:13

.

2008-02-14 00:01:44 --- E O F ---

 

Log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:13:44, on 20/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C9B6F8-6D35-44BF-9A82-950F9688B1E6}: NameServer = 192.168.135.200

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

 

aa e engraçado q minha maquina n reinicio =( será q eu fiz errado? se quiser mando outro

 

a e jgarcia aproveitando o topico xD (se n for pedir muito) eu axo q meu antivirus ta ruim sei nao eh q eu n uso mais o avg mudei sei la neh xP ai eu baixei o AntiVir ai quando eu do update la na telinha dele aparece um error:

[Leandrueo 0]

alguem aih? o.O

[jgarcia 1]

Opa Leandrueo,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\4863F6B923.sys

C:\WINDOWS\system32\23B9F66348.sys

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

C:\sqmdata06.sqm

C:\sqmnoopt06.sqm

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log, o qual será solicitado posteriormente.
   
  5. Submeta os arquivos abaixo, um a um, ao site da

Jotti:
 
C:\WINDOWS\system32\LoopyMusic.wav
C:\WINDOWS\system32\BuzzingBee.wav
C:\WINDOWS\HideWin.exe
 
6. Retorne com o conteúdo do log gerado pelo CFScript.txt (C:\ComboFix.txt), juntamente com o resultado das varreduras no site da Jotti.

Abraços.

[Leandrueo 0]

Bom jgarcia eu fiz o seguindo eu copiei tudo q tava no quote la tudo mesmo incluindo o file:: etc etc dai eu salvei com o tal nome depois arrastei dai o combofix rodo normalmente fez la os negoço viu tudo NAO REINICIO minha maquina dai gero um log esse aki:

 

 

ComboFix 08-02-20.2 - Marcia 2008-02-26 21:28:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.565 [GMT -3:00]

Executando de: C:\Documents and Settings\Marcia\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Marcia\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\WINDOWS\system32\23B9F66348.sys

C:\WINDOWS\system32\4863F6B923.sys

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\WINDOWS\system32\23B9F66348.sys

C:\WINDOWS\system32\4863F6B923.sys

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))

.

 

2008-02-25 21:37 . 2000-05-16 10:40 83,968 --a------ C:\WINDOWS\UnGins.exe

2008-02-25 21:36 . 2008-02-25 21:36 <DIR> d-------- C:\Arquivos de programas\Enterbrain

2008-02-25 21:31 . 2008-02-25 21:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-02-23 18:51 . 2008-02-23 18:51 397 --a------ C:\WINDOWS\barcode.ini

2008-02-22 18:47 . 2008-02-22 18:47 268 --ah----- C:\sqmdata07.sqm

2008-02-22 18:47 . 2008-02-22 18:47 244 --ah----- C:\sqmnoopt07.sqm

2008-02-18 21:26 . 2008-02-18 21:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-02-18 09:40 . 2008-02-20 20:05 <DIR> d-------- C:\Arquivos de programas\Rufus

2008-02-18 09:39 . 2008-02-20 20:03 286,720 --------- C:\WINDOWS\Setup1.exe

2008-02-18 09:39 . 2008-02-20 20:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-02-18 09:23 . 2008-02-18 09:23 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Arquivos de programas\Avira

2008-02-17 00:06 . 2008-02-17 00:06 <DIR> d-------- C:\LinhaDefensiva

2008-02-16 23:22 . 2008-02-16 23:22 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Comodo

2008-02-16 23:22 . 2008-02-16 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\comodo

2008-02-16 23:22 . 2008-02-16 23:22 <DIR> d-------- C:\Arquivos de programas\COMODO

2008-02-16 23:22 . 2008-02-16 23:22 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir

2008-02-16 23:22 . 2008-02-20 19:30 84,856 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-02-16 23:22 . 2008-02-16 23:22 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-02-16 23:14 . 2008-02-16 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-16 23:14 . 2008-02-16 23:14 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-16 21:29 . 2008-02-16 21:49 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Download Manager

2008-02-16 20:54 . 2008-02-18 21:28 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Corel

2008-02-16 20:53 . 2008-02-16 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-02-16 20:52 . 2008-02-16 20:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-02-16 20:51 . 2008-02-23 18:27 5,852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-02-16 20:43 . 2008-02-18 21:26 <DIR> d-------- C:\Arquivos de programas\Corel

2008-02-16 20:39 . 2008-02-17 16:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-16 20:11 . 2005-02-16 10:06 218,112 --a------ C:\HijackThis.exe

2008-02-12 00:33 . 2008-02-12 00:33 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-02-11 11:30 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-11 11:30 . 2007-07-30 18:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-11 11:30 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-10 22:24 . 2008-02-10 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-02-10 22:20 . 2008-02-10 22:20 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-02-10 21:32 . 2008-02-10 21:53 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-10 21:31 . 2008-02-10 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-10 21:31 . 2008-02-10 22:17 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-01 10:35 . 2008-02-17 11:10 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\Skype

2008-02-01 10:34 . 2008-02-01 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-01 10:34 . 2008-02-01 10:35 <DIR> d-------- C:\Arquivos de programas\Skype

2008-02-01 10:34 . 2008-02-01 10:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-01-31 23:07 . 2008-01-31 23:07 <DIR> d-------- C:\Documents and Settings\Marcia\Dados de aplicativos\teamspeak2

2008-01-31 23:07 . 2008-01-31 23:07 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-01-31 23:07 . 2008-01-31 23:07 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-01-31 22:51 . 2008-01-31 22:51 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-01-31 22:51 . 2008-01-31 22:51 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-01-31 22:51 . 2008-01-31 22:51 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-01-31 22:49 . 2008-01-31 22:49 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-01-28 20:31 . 2008-01-28 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers Headquarters

2008-01-27 16:45 . 2008-01-27 16:45 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-27 16:35 . 2008-01-27 16:38 <DIR> d-------- C:\SWSetup

2008-01-27 16:35 . 2008-01-27 16:35 <DIR> d-------- C:\Arquivos de programas\HPQ

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-27 00:19 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-02-19 00:25 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-19 00:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-02-17 03:37 --------- d-----w C:\Documents and Settings\Marcia\Dados de aplicativos\AVG7

2008-02-17 03:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-14 00:40 --------- d-----w C:\Arquivos de programas\STEALTH

2008-02-08 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-01 01:49 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-26 19:27 --------- d-----w C:\Arquivos de programas\DAEMON Tools Lite

2008-01-26 19:25 --------- d-----w C:\Documents and Settings\Marcia\Dados de aplicativos\DAEMON Tools

2008-01-26 19:23 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-26 05:25 --------- d-----w C:\Arquivos de programas\Lavalys

2008-01-19 20:18 --------- d-----w C:\Arquivos de programas\StealthBot

2008-01-16 11:26 --------- d-----w C:\Arquivos de programas\Wc3HostingTools

2008-01-12 13:40 --------- d-----w C:\Documents and Settings\Marcia\Dados de aplicativos\HP

2008-01-10 20:30 --------- d-----w C:\Arquivos de programas\PFConfig

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 03:51 7323648]

"nwiz"="nwiz.exe" [2005-12-14 03:51 1519616 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-02 23:58 208896]

"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-02 23:59 69632]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 03:51 86016]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 14:38 16384512 C:\WINDOWS\RTHDCPL.exe]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15 81920]

"COMODO Firewall Pro"="C:\Arquivos de programas\COMODO\Firewall\cfp.exe" [2008-02-20 19:27 1502976]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-17 00:26 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2007-10-08 17:27 336800]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-20 19:30]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-16 23:22]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-10-08 17:30]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-26 21:30:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

.

Tempo para conclusão: 2008-02-26 21:30:45

ComboFix-quarantined-files.txt 2008-02-27 00:30:42

ComboFix2.txt 2008-02-20 22:11:17

.

2008-02-14 00:01:44 --- E O F ---

 

Agora o resultado do Loopy Music:

 

Service load: 0% 100%

 

File: LoopyMusic.wav

Status: OK

MD5: e2fa75ade398c9a44815b11cc141105c

Packers detected: -

Bit9 reports: No threat detected (more info)

 

Scanner results

Scan taken on 26 Feb 2008 00:51:21 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Agora o Buuzing Bee:

 

Service load: 0% 100%

 

File: BuzzingBee.wav

Status: OK

MD5: 6d0634cebbff7f428dd816706f5aa1fb

Packers detected: -

Bit9 reports: Not analyzed yet (more info)

 

Scanner results

Scan taken on 26 Feb 2008 00:36:58 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Agora o Hide Win:

 

Service load: 0% 100%

 

File: HideWin.exe

Status: OK

MD5: 2d65f8db74c36819896cf809e4375f0a

Packers detected: -

Bit9 reports: Not analyzed yet (more info)

 

Scanner results

Scan taken on 26 Feb 2008 01:03:14 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[jgarcia 1]

Opa Leandrueo,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Leandrueo 0]

Não foram encontrados vírus ou quaisquer outros códigos maliciosos! Analizar novamente

Ver relatorio

Análise finalizada Cancelar

Processos de análise na memória Relatório de análise Guardar relatorio

Analizar novamente

Enviar para o laboratorio

Guardar relatorio

Analizar novamente

O ActiveScan apenas desinfecta vírus. Para desinfectar todas as ameaças, compre ou experimente um produto de segurança recomendada. O ActiveScan proporciona-lhe uma análise aprofundada com segunda opinião sobre nível de segurança no seu computador. Detectado Desinfectado

Virus 0 0

Spyware 0 0

Ferramentas de hacking e rootkits 0 0

Dialers 0 0

Riscos de Segurança 0 0

Ficheiros suspeitos 0 0

 

apesar de ali ta escrito guarda relatoria sei la oq eu n axei essa opção n ateh axei estranho bom anways axo q n axou nda e agora o.O

[jgarcia 1]

Opa Leandrueo,

 

A sua máquina está limpa. Ainda há algum problema?

[Leandrueo 0]

tem sim lembra da screen shot q eu mandei ali encima do antivir q n ker fazer update? axo q eh virus ou eh soh reiniciar? to mandando um log do hijack se precisar tae neh =P

 

Logfile of HijackThis v1.99.1

Scan saved at 20:18:30, on 5/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\COMODO\Firewall\cfp.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Marcia\Desktop\Shadow.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F1C9B6F8-6D35-44BF-9A82-950F9688B1E6}: NameServer = 192.168.135.200

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Leandrueo 0]

a imagem do error esse error aki

[jgarcia 1]

Opa Leandrueo,

 

Você já tentou desinstalar e reinstalar o Antivir? Caso ainda não tenha feito, tente e retorne com o resultado.

 

Abraços.

[Leandrueo 0]

sim fiz agora removi o programa em auterar ou remover programas dai eu fui la denovo no exe q eu instalei direto do baixaki (o velho n instalei denovo) e rodei ele denovo e deu o msm error =/

[Leandrueo 0]

a situaçã ta dificil, baixei um tal de windows defender e ele tbm n ker fazer update =(