Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

andreyya

[Resolvido!] Vírus no MSN

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

andreyya    0

andreyya
Postado

Bom dia!!! Trabalhamos aqui com computadores em rede e algum deles pegou um vírus e espalhou para os outros o nome do vírus é win32:banbra-sa [trj] e sempre aparece um programa com o nome instalar.exe..e todos os dias excluimos este programa e ele reaparece.. o nosso servidor ficou muito lento após isso.. podem me ajudar??

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

Logfile of HijackThis v1.99.1

Scan saved at 10:24:00, on 08/03/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\syschost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\cssrs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\USUARIO\Configurações locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oivende.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\syschost.exe -runservice

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\syschost.exe -runservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" /minimize

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.smart-clip.com/SmartLogin/SmartLogin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166271205140

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D103A943-69CF-4EBD-AE72-DEFAAF7FE876}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Faça o seguinte:

 

1. Passo baixe o BankerFix.

 

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

 

 

OBS: Para você postar um log pelo HijackThis as instruções está aí em Baixo:

 

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado em seu TÓPICO..

 

 

 

IMPORTANTE, espere pelos Moderadores para mais instruções detalhadas....

 

 

Sem mais tenha um bom dia.... :thumbsup: :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá andreyya! depois de rodar o BankerFix, conforme orientou o Edvan, gere um novo log com o HijackThis e poste, juntamente com o relatorio.txt do BankerFix.

 

OBS: não rode o BankerFix mais de uma vez, pois isso sobrescreverá o resultado e não se saberá se a remoção foi bem-sucedida.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 08/03/08 - 12:25

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:31:11, on 08/03/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\syschost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\cssrs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\WINZIP\winzip32.exe

C:\Documents and Settings\USUARIO\Configurações locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oivende.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\syschost.exe -runservice

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\syschost.exe -runservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" /minimize

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.smart-clip.com/SmartLogin/SmartLogin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166271205140

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D103A943-69CF-4EBD-AE72-DEFAAF7FE876}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, para o log ser analisado, não pode haver ítens desabilitados da inicialização, pois não aparecem. Siga estas instruções:

 

Vá em Iniciar > Executar > digite msconfig

 

Na aba Geral marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços.

 

Aplicar > Ok

 

Reinicie o PC, gere um novo log e poste.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

Logfile of HijackThis v1.99.1

Scan saved at 09:14:55, on 10/03/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\syschost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\cssrs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\WINZIP\winzip32.exe

C:\Documents and Settings\USUARIO\Configurações locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oivende.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\syschost.exe -runservice

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O4 - HKLM\..\Run: [unsrvc] C:\WINDOWS\system32\syschost.exe -runservice

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.smart-clip.com/SmartLogin/SmartLogin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166271205140

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D103A943-69CF-4EBD-AE72-DEFAAF7FE876}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 10/03/08 - 9:8

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Ok, você tem um malware usando o userinit:

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\syschost.exe -runservice

 

Esta chave é problemática, pois é relativa à inicialização do Windows e pode haver problemas ao ser removido o arquivo desta chave.

 

Baixe: ComboFix > salve na área de trabalho

  • Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  • Selecione, copie e cole na sua próxima resposta o conteúdo do ComboFix.txt, juntamente com um novo log do HijackThis.
     
    OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

ComboFix 08-03-10.1 - USUARIO 2008-03-12 16:10:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.251 [GMT -3:00]

Executando de: C:\Documents and Settings\USUARIO\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drvsrvc.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\LEGACY_NPF

-------\NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))

.

 

2008-03-08 13:57 . 2008-03-08 13:57 6,308 --a------ C:\EA6ES012.Mem

2008-03-08 12:25 . 2008-03-10 09:08 <DIR> d-------- C:\LinhaDefensiva

2008-03-08 10:23 . 2008-03-08 10:43 <DIR> d-------- C:\hijackthis

2008-03-01 13:56 . 2008-03-01 13:56 5,754 --a------ C:\SE1SE012.Mem

2008-02-26 08:15 . 2008-02-26 08:15 244 --ah----- C:\sqmnoopt01.sqm

2008-02-26 08:15 . 2008-02-26 08:15 232 --ah----- C:\sqmdata01.sqm

2008-02-21 10:27 . 2008-02-21 10:40 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-21 10:26 . 2008-02-25 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-21 10:26 . 2008-02-21 10:41 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-16 09:11 . 2008-02-16 09:11 53 --a------ C:\WINDOWS\av_affiliate.ini

2008-02-16 09:11 . 2008-02-16 09:11 53 --a------ C:\WINDOWS\as_affiliate.ini

2008-02-16 09:10 . 2008-02-16 09:17 <DIR> d-------- C:\Arquivos de programas\CyberDefender

2008-02-16 09:10 . 2008-02-16 09:07 67,424 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys

2008-02-14 16:38 . 2008-02-14 16:38 63 --a------ C:\WINDOWS\st_affiliate.ini

2008-02-13 20:04 . 2008-02-13 20:05 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-13 10:25 . 2008-02-13 10:25 0 --a------ C:\WINDOWS\CSDiff.INI

2008-02-13 10:24 . 2008-02-20 08:15 <DIR> d-------- C:\Arquivos de programas\ComponentSoftware

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 18:12 27 ----a-w C:\IMP.BAT

2008-03-10 12:55 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-10 12:03 15,362 ----a-w C:\WINDOWS\inoutcls.exe

2008-03-10 12:00 10,853 ----a-w C:\WINDOWS\system32\filetemp.tmp

2008-03-07 12:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-02-27 15:48 --------- d-----w C:\Arquivos de programas\MyProduct

2008-02-25 11:14 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\MSN6

2008-02-21 12:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-21 12:46 --------- d-----w C:\Arquivos de programas\Samsung

2008-02-21 12:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-21 12:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-21 12:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-16 11:54 34,816 ----a-w C:\WINDOWS\system32\~bwcrc32.dll

2008-02-13 10:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-08 19:38 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\AdobeUM

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Nokia

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2008-01-29 15:21 15,362 ----a-w C:\WINDOWS\system32\cssrs.exe

2008-01-12 11:45 --------- d-----w C:\Arquivos de programas\QuickTime

2005-06-15 19:39 17,144 ----a-w C:\Documents and Settings\USUARIO\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

<pre>----a-w		 3,874,816 2005-01-18 15:24:50  C:\Backup Assistência - Carlos\Softwares\Lg\LG_7050_MG155_MG200 .EXE</pre>

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyberDefender Early Detection Center"="C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" [2008-02-16 09:07 542024]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-31 13:04 3756032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-05-09 17:35 180269]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"nwiz"="nwiz.exe" [2001-12-31 13:04 831488 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-31 13:04 46080]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2006-04-17 12:33 190024]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2007-11-29 11:41 337992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2007-11-29 11:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\CyberDefender\\AntiSpyware\\cdas265.exe"=

 

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 00:22]

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-01-12 07:42]

R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2008-02-16 09:07]

R3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 10:23]

R3 Egaterdr;Egaterdr;C:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 10:23]

S3 Egatecard;Egatecard;C:\WINDOWS\system32\Drivers\egate.sys [2006-05-19 10:23]

S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys [2002-10-04 21:21]

S3 PortTalk;PortTalk;C:\WINDOWS\system32\drivers\PortTalk.sys [2006-10-25 13:53]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1289fbc2-e2ae-11db-9ef9-0011d80c27e1}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{886f13f4-92c3-11dc-9fd4-0011d80c27e1}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-07 18:34:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-12 16:16:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-12 16:19:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-12 19:19:46

.

2008-02-15 23:10:03 --- E O F ---

 

Logfile of HijackThis v1.99.1

Scan saved at 16:24:59, on 12/03/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\WINZIP\winzip32.exe

C:\Documents and Settings\USUARIO\Configurações locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oivende.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.smart-clip.com/SmartLogin/SmartLogin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166271205140

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D103A943-69CF-4EBD-AE72-DEFAAF7FE876}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, não está limpo. Ainda existem infecções. Preciso antes que faça algumas análises de arquivos.

 

Configure o Windows para mostrar todos os arquivos

 

Acesse http://virusscan.jotti.org/

 

No site, na caixa Procurar, cole esta linha abaixo:

 

C:\WINDOWS\inoutcls.exe

 

Clique em Submit, aguarde o resultado da análise aparecer e salve.

 

Faça o mesmo com esses, um de cada vez:

 

C:\WINDOWS\system32\filetemp.tmp

 

C:\WINDOWS\system32\~bwcrc32.dll

 

Poste os resultados das análises.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

Scan taken on 17 Mar 2008 11:59:24 (GMT)

A-Squared Found nothing

AntiVir Found TR/Agent.15362.A

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found Trojan.VB-1663

CPsecure Found Troj.W32.VB.aia

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found Win32/VB.NLW

Norman Virus Control Found nothing

Panda Antivirus Found Trj/Banbra.AG

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

Scan taken on 17 Mar 2008 12:05:40 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

Os Scan foram colocados na seqüência solicitada .

 

Scan taken on 17 Mar 2008 12:14:29 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

O Log foi postado conforme solicitado... o vírus está atrapalhando nosso sistema da parte financeira, alterando data de fechamento de ordens de serviço e trazendo vários outros transtornos...

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, uma das análises mostrou que é um trojan Banker. O ComboFix.txt mostrou também um vírus que infecta pendrives, drives de mp3/mp4. Se usa algum deles no PC, sugiro que formate o drive removível pois poderá haver uma reinfecção ao colocá-lo de novo.

 

Salve ou imprima estas instruções:

 

1 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix -> C:\combofix.txt

 

2 - Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

3 - Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\inoutcls.exe

C:\WINDOWS\system32\filetemp.tmp

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1289fbc2-e2ae-11db-9ef9-0011d80c27e1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{886f13f4-92c3-11dc-9fd4-0011d80c27e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"~CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-

"~EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

\Extensions\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}]

4 - Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

5 -Gere um novo log com o HijackThis e poste. Anexe o ComboFix.txt.

 

Sabe o que é este arquivo, pois está com características de ter sido infectado pelo trojan Vundo?

 

C:\Backup Assistência - Carlos\Softwares\Lg\LG_7050_MG155_MG200 .EXE

 

.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

ComboFix 08-03-21.2 - USUARIO 2008-03-22 8:33:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.227 [GMT -3:00]

Executando de: C:\Documents and Settings\USUARIO\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\USUARIO\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\inoutcls.exe

C:\WINDOWS\system32\filetemp.tmp

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\inoutcls.exe

C:\WINDOWS\system32\filetemp.tmp

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))

.

 

2008-03-19 11:21 . 2005-06-07 15:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-19 11:21 . 2008-03-19 11:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\moved

2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\USUARIO\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-03-08 13:57 . 2008-03-08 13:57 6,308 --a------ C:\EA6ES012.Mem

2008-03-08 12:25 . 2008-03-10 09:08 <DIR> d-------- C:\LinhaDefensiva

2008-03-08 10:23 . 2008-03-08 10:43 <DIR> d-------- C:\hijackthis

2008-03-01 13:56 . 2008-03-01 13:56 5,754 --a------ C:\SE1SE012.Mem

2008-02-26 08:15 . 2008-02-26 08:15 244 --ah----- C:\sqmnoopt01.sqm

2008-02-26 08:15 . 2008-02-26 08:15 232 --ah----- C:\sqmdata01.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 20:05 27 ----a-w C:\IMP.BAT

2008-03-19 17:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-19 14:20 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-27 15:48 --------- d-----w C:\Arquivos de programas\MyProduct

2008-02-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-25 11:14 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\MSN6

2008-02-21 13:41 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-21 13:40 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-21 12:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-21 12:46 --------- d-----w C:\Arquivos de programas\Samsung

2008-02-21 12:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-21 12:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-21 12:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-20 11:15 --------- d-----w C:\Arquivos de programas\ComponentSoftware

2008-02-16 12:17 --------- d-----w C:\Arquivos de programas\CyberDefender

2008-02-16 12:07 67,424 ----a-w C:\WINDOWS\system32\drivers\CDAVFS.sys

2008-02-16 11:54 34,816 ----a-w C:\WINDOWS\system32\~bwcrc32.dll

2008-02-13 10:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-08 19:38 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\AdobeUM

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Nokia

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2008-01-29 15:21 15,362 ----a-w C:\WINDOWS\system32\cssrs.exe

2005-06-15 19:39 17,144 ----a-w C:\Documents and Settings\USUARIO\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

<pre>----a-w		 3,874,816 2005-01-18 15:24:50  C:\Backup Assistência - Carlos\Softwares\Lg\LG_7050_MG155_MG200 .EXE</pre>

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyberDefender Early Detection Center"="C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" [2008-02-16 09:07 542024]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-31 13:04 3756032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-05-09 17:35 180269]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"nwiz"="nwiz.exe" [2001-12-31 13:04 831488 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-31 13:04 46080]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2006-04-17 12:33 190024]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-05 11:29 341576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-05 11:29 341576 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\CyberDefender\\AntiSpyware\\cdas265.exe"=

 

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 00:22]

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-01-12 07:42]

R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2008-02-16 09:07]

R3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 10:23]

R3 Egaterdr;Egaterdr;C:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 10:23]

S3 Egatecard;Egatecard;C:\WINDOWS\system32\Drivers\egate.sys [2006-05-19 10:23]

S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys [2002-10-04 21:21]

S3 PortTalk;PortTalk;C:\WINDOWS\system32\drivers\PortTalk.sys [2006-10-25 13:53]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e273358-4c5a-11da-9bf5-0011d80c27e1}]

\Shell\Auto\command - winsys3.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-14 22:06:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 08:35:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-22 8:36:44

ComboFix-quarantined-files.txt 2008-03-22 11:36:23

.

2008-03-12 22:12:49 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:44:44, on 22/03/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\ARQUIV~1\WINZIP\winzip32.exe

C:\Documents and Settings\USUARIO\Configurações locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oivende.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\CyberDefender\ssstbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.smart-clip.com/SmartLogin/SmartLogin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166271205140

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D103A943-69CF-4EBD-AE72-DEFAAF7FE876}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

Bom dia!!!

 

Este arquivo é software para atualização de telefone celular... Após ter sido feito conforme você solicitou arrastando o arquivo para o COMBOFIX o programa gerou o log mais não reiniciou o computador.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, o ComboFix mostrou que se infectou com outro vírus de Pendrive:

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e273358-4c5a-11da-9bf5-0011d80c27e1}]

\Shell\Auto\command - winsys3.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe

Assim, é uma boa providência, formatar qualquer drive removível que use no PC e verificar a possibilidade de ter outro PC aí que, pode estar infectado com vírus de pendrive.

 

Salve ou imprima estas instruções:

 

1 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix -> C:\combofix.txt

 

2 - Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

3 - Selecione e copie o texto dentro do CODE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::C:\WINDOWS\system32\cssrs.exeRENV::C:\Backup Assistência - Carlos\Softwares\Lg\LG_7050_MG155_MG200 .EXERegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e273358-4c5a-11da-9bf5-0011d80c27e1}]

4 - Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Se isso não ocorrer, reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Poste o ComboFix.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andreyya    0

andreyya
Postado

ComboFix 08-03-23.5 - USUARIO 2008-03-24 9:29:10.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.249 [GMT -3:00]

Executando de: C:\Documents and Settings\USUARIO\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\USUARIO\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\cssrs.exe

.

-- Script messages for sUBs --

VFind -td "C:\WINDOWS\system32\baiso*"

CF2432.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\*

CF2432.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\cssrs.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

 

2008-03-19 11:21 . 2005-06-07 15:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-19 11:21 . 2008-03-22 08:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-19 11:21 . 2005-06-07 14:53 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\moved

2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-03-14 19:06 . 2008-03-14 19:06 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\USUARIO\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-03-12 16:19 . 2008-03-12 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-03-08 13:57 . 2008-03-08 13:57 6,308 --a------ C:\EA6ES012.Mem

2008-03-08 12:25 . 2008-03-10 09:08 <DIR> d-------- C:\LinhaDefensiva

2008-03-08 10:23 . 2008-03-08 10:43 <DIR> d-------- C:\hijackthis

2008-03-01 13:56 . 2008-03-01 13:56 5,754 --a------ C:\SE1SE012.Mem

2008-02-26 08:15 . 2008-02-26 08:15 244 --ah----- C:\sqmnoopt01.sqm

2008-02-26 08:15 . 2008-02-26 08:15 232 --ah----- C:\sqmdata01.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 20:05 27 ----a-w C:\IMP.BAT

2008-03-19 17:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-19 14:20 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-27 15:48 --------- d-----w C:\Arquivos de programas\MyProduct

2008-02-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-25 11:14 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\MSN6

2008-02-21 13:41 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-21 13:40 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-21 12:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-21 12:46 --------- d-----w C:\Arquivos de programas\Samsung

2008-02-21 12:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-21 12:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-21 12:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-20 11:15 --------- d-----w C:\Arquivos de programas\ComponentSoftware

2008-02-16 12:17 --------- d-----w C:\Arquivos de programas\CyberDefender

2008-02-16 12:07 67,424 ----a-w C:\WINDOWS\system32\drivers\CDAVFS.sys

2008-02-16 11:54 34,816 ----a-w C:\WINDOWS\system32\~bwcrc32.dll

2008-02-13 10:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-08 19:38 --------- d-----w C:\Documents and Settings\USUARIO\Dados de aplicativos\AdobeUM

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Nokia

2008-02-08 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nokia

2005-06-15 19:39 17,144 ----a-w C:\Documents and Settings\USUARIO\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyberDefender Early Detection Center"="C:\Arquivos de programas\CyberDefender\AntiSpyware\cdas265.exe" [2008-02-16 09:07 542024]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-31 13:04 3756032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-05-09 17:35 180269]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"nwiz"="nwiz.exe" [2001-12-31 13:04 831488 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-31 13:04 46080]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2006-04-17 12:33 190024]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-05 11:29 341576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-05 11:29 341576 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\CyberDefender\\AntiSpyware\\cdas265.exe"=

 

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 00:22]

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-01-12 07:42]

R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2008-02-16 09:07]

R3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 10:23]

R3 Egaterdr;Egaterdr;C:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 10:23]

S3 Egatecard;Egatecard;C:\WINDOWS\system32\Drivers\egate.sys [2006-05-19 10:23]

S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys [2002-10-04 21:21]

S3 PortTalk;PortTalk;C:\WINDOWS\system32\drivers\PortTalk.sys [2006-10-25 13:53]

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-14 22:06:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 09:31:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-24 9:31:58

ComboFix-quarantined-files.txt 2008-03-24 12:31:43

.

2008-03-12 22:12:49 --- E O F ---

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Ok, o log está lmpo. Para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u

 

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo.

 

Leia estes artigos sobre segurança, para evitar novas infecções:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito