Ir para conteúdo

Tópicos Resolvidos (Seguranca & Malwares)

POWERED BY:

Entrar
Entrar

Lembrar dados Não recomendado para computadores públicos

Entrar anonimamente

Esqueceu sua senha?
Cadastre-se

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Decinho Game

[Resolvido!]benfix pegou muitos malwares

Por Decinho Game, Março 26, 2008 em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Decinho Game 0

Decinho Game

Denunciar post

Postado Março 26, 2008

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 26/3/2008 - 19:28

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS.0\avg.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS.0\smss.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\Arquivos de programas\WindowsUpdate.scr

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS.0\Tasks\startt.job

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\smss.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\calculadora.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc086r.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc086t.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc106r.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc106t.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc107r.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc107t.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc127r.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc127t.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc128r.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emc128t.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emcbrain.gif

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emcspam.gif

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\emcssetup.gif

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\tpk001.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\tpk002.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\xmt1rep.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\System\xmt2rep.dll

Arquivo infectado removido com sucesso!

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

Logfile of HijackThis v1.99.1

Scan saved at 19:45:14, on 26/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS.0\System32\svchost.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205284524582

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A83FEE-34BB-4E43-8948-9228FB58B2BE}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFA911D-8243-467F-9958-781ECEF3E61D}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: gb - C:\WINDOWS.0\SYSTEM32\gbh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Março 30, 2008

Boa Dia! Decinho Game

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

___________________________

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

Decinho Game 0

Decinho Game

Denunciar post

Postado Abril 1, 2008

ComboFix 08-03-30.4 - Administrador 2008-03-31 21:28:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.94 [GMT -3:00]Executando de: C:\Documents and Settings\Administrador.INTER-5\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))

.

2008-03-24 17:35 . 2008-03-24 17:35 <DIR> d-------- C:\Arquivos de programas\Watchtower

2008-03-24 17:35 . 2002-10-25 10:53 1,044,480 -ra------ C:\WINDOWS.0\system32\Roboex32.dll

2008-03-24 17:35 . 2002-10-25 10:53 40,960 -ra------ C:\WINDOWS.0\system32\wh2robo.dll

2008-03-11 22:37 . 2008-03-18 15:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\Messenger Plus!

2008-03-11 22:06 . 2008-03-11 22:10 <DIR> d-------- C:\WINDOWS.0\SxsCaPendDel

2008-03-11 22:01 . 2008-03-11 22:12 904 --a------ C:\WINDOWS.0\Active Setup Log.BAK

2008-03-10 14:51 . 2008-03-10 14:52 <DIR> d-------- C:\telefone

2008-03-10 12:04 . 2008-03-10 12:04 <DIR> d-------- C:\Arquivos de programas\Ares

2008-03-09 08:48 . 2008-03-09 08:48 4,128 --a------ C:\WINDOWS.0\system32\DllCache\INFCACHE.1

2008-03-08 21:31 . 2008-03-11 21:49 <DIR> d-------- C:\WINDOWS.0\system32\DllCache

2008-03-08 21:31 . 2008-01-11 11:35 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe

2008-03-08 21:27 . 2001-10-28 14:07 68,608 --a------ C:\WINDOWS.0\system32\plugin.ocx

2008-03-08 21:19 . 2008-03-08 21:38 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData

2008-03-08 20:39 . 2008-03-11 22:03 <DIR> d-------- C:\Documents and Settings\Administrador.INTER-5\Tracing

2008-03-08 19:00 . 2008-03-08 19:00 244 --ah----- C:\sqmnoopt18.sqm

2008-03-08 19:00 . 2008-03-08 19:00 232 --ah----- C:\sqmdata19.sqm

2008-03-08 19:00 . 2008-03-08 19:00 136 --ah----- C:\sqmnoopt19.sqm

2008-03-04 19:00 . 2008-03-04 19:00 24,842 --a------ C:\ACT Provedor de Internet.htm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 11:40 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-12 01:36 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-03-12 01:05 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-09 14:50 --------- d-----w C:\Arquivos de programas\RALINK

2008-03-09 14:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-09 00:14 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-08 23:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\WLInstaller

2008-02-27 13:32 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-23 20:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-19 11:30 --------- d-----w C:\Arquivos de programas\PicPerk

2008-02-14 22:41 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-02-10 19:09 73,728 ----a-w C:\WINDOWS.0\system32\OdbcJdbcSetup.dll

2008-02-10 19:09 212,992 ----a-w C:\WINDOWS.0\system32\IscDbc.dll

2008-02-10 19:09 188,416 ----a-w C:\WINDOWS.0\system32\OdbcJdbc.dll

2008-02-10 19:09 --------- d-----w C:\Arquivos de programas\Firebird ODBC

2008-02-09 10:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Dados de aplicativos\GbPlugin

2008-01-11 14:35 26,112 ----a-w C:\WINDOWS.0\system32\idndl.dll

2008-01-11 14:35 24,576 ----a-w C:\WINDOWS.0\system32\nlsdl.dll

2008-01-11 14:35 23,552 ----a-w C:\WINDOWS.0\system32\normaliz.dll

.

------- Sigcheck -------

2005-09-19 16:44 577536 3ed0a4d74efd5aaf8408095f452e2613 C:\WINDOWS.0\system32\user32.dll

2005-09-19 16:45 661504 cb38f344faa2cc14a3c6d4e64073f07b C:\WINDOWS.0\system32\wininet.dll

2005-09-19 16:46 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS.0\system32\drivers\tcpip.sys

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntkrnlpa.exe

2005-09-19 16:54 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS.0\system32\ntkrnlpa.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS.0\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntoskrnl.exe

2005-09-19 16:44 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS.0\system32\ntoskrnl.exe

2005-09-19 16:43 1034240 07af0154923df6dec6de9ca0d4b04f8f C:\WINDOWS.0\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS.0\SoftwareDistribution\Download\ded860808e92d18393ff7e54f31e0110\sp2gdr\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS.0\SoftwareDistribution\Download\ded860808e92d18393ff7e54f31e0110\sp2qfe\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-02-20 11:33 963072]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-16 07:40 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gb]

gbh.dll 2007-11-02 21:29 86016 C:\WINDOWS.0\system32\gbh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS.0\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Iniciar^Programas^Inicializar^Ralink Wireless Utility.lnk]

path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Iniciar\Programas\Inicializar\Ralink Wireless Utility.lnk

backup=C:\WINDOWS.0\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-02-20 11:33 963072 C:\Arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2007-09-06 07:06 79224 C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GbpSV]

C:\WINDOWS\Fonts\GbpSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaScriptMsxrs]

--a------ 2007-12-10 16:03 25088 C:\WINDOWS\Msxrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS.0\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kill]

c:\windows\avg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2003-04-14 19:30 1491216 C:\Arquivos de programas\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newbi]

C:\WINDOWS\Fonts\newbi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newRE]

C:\WINDOWS\Fonts\newre.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss]

C:\WINDOWS.0\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverDll]

c:\windows\system\dllhost-103.dll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tr4nkPOD]

C:\WINDOWS\msnmsnr.scr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]

C:\Arquivos de programas\WindowsUpdate.scr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winexec32]

--a------ 2008-01-30 19:19 3569678 C:\windows\winexec32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSend]

C:\WINDOWS\Fonts\WinSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ ]

C:\WINDOWS.0\system32\sys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\WINDOWS.0\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS.0\system32\DRIVERS\ipfnd51.sys [2005-04-06 10:30]

R3 trid3d;trid3d;C:\WINDOWS.0\system32\DRIVERS\trid3dm.sys [2005-09-19 13:43]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 21:34:07

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS.0\system32\winlogon.exe

-> C:\WINDOWS.0\system32\gbh.dll

.

Tempo para conclusão: 2008-03-31 21:41:00

ComboFix-quarantined-files.txt 2008-04-01 00:40:52

Pre-Run: 13,396,992,000 bytes disponíveis

Post-Run: 13,389,627,392 bytes disponíveis

Logfile of HijackThis v1.99.1

Scan saved at 21:57:46, on 31/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS.0\System32\svchost.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205284524582

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A83FEE-34BB-4E43-8948-9228FB58B2BE}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFA911D-8243-467F-9958-781ECEF3E61D}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: gb - C:\WINDOWS.0\SYSTEM32\gbh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Abril 1, 2008

Boa Noite! Decinho Game

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em: < >

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

<!> Leia o Tutorial: < Link >

________________________

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

Decinho Game 0

Decinho Game

Denunciar post

Postado Abril 4, 2008

Caro Digram, muito obrigado por vossa ajuda...

Mais precisei formatar o pc, por outros problemas...

pode fechar o topico...

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Abril 4, 2008

PROBLEMA RESOLVIDO!

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)

- recuperando parametros simplexml_load_file
  
  Por daemon, Saturday às 18:11 em PHP
- PHP+Codeigniter - Adicionar Registro Plano de Contas
  
  Por violin101, Novembro 20 em PHP
- Javascript - Passar Parâmetros para uma Função.
  
  Por violin101, Outubro 28 em Javascript

×

Fóruns
Tempo Real

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Aceito