Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

fredysousa

[Arquivado] Não consigo limpar

Recommended Posts

Como orientado, envio log gerado pelo HijackThis. Pode ser que exista uma porrada de outras infecções, mas eu só tenho visto o trojan.linkmediac.

Mais uma vez, quero agradecer pelo empenho de vocês.

Muito obrigado!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:32:19, on 9/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.as...;l=pt&s=gen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [JustVoip] "C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?712ce40a0f414719b26797d2883f2e67

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?712ce40a0f414719b26797d2883f2e67

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{606FD327-52BF-4AAD-8C4B-4AE073E52B2B}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{65BBD37B-3AB7-46F6-9323-54CB5CC3BF0A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{65BBD37B-3AB7-46F6-9323-54CB5CC3BF0A}: NameServer = 10.0.1.253

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8705 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa fredysousa,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu pela ajuda até agora JGARCIA. Segue log do Combofix e do Hijackthis, como solicitado.

o nome do trojan, que pelo visto ainda está no PC é trojan.linkmediac. Grande abraço e muito obrigado

 

 

ComboFix 08-05-11.1 - Marcela Barros 2008-05-12 11:05:30.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.355 [GMT -3:00]

Executando de: C:\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))

.

 

2008-05-09 09:30 . 2008-05-09 09:30 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-09 09:29 . 2008-05-09 09:32 <DIR> d-------- C:\hijackthis

2008-05-09 09:28 . 2008-05-09 09:28 812,344 --a------ C:\HJTInstall.exe

2008-05-08 00:33 . 2008-05-12 10:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-08 00:33 . 2008-05-08 00:34 <DIR> d-------- C:\Documents and Settings\Marcela Barros\Dados de aplicativos\AVGTOOLBAR

2008-05-08 00:33 . 2008-05-08 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-05-08 00:33 . 2008-05-08 00:33 <DIR> d-------- C:\Arquivos de programas\AVG

2008-05-08 00:33 . 2008-05-08 00:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-08 00:33 . 2008-05-08 00:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-05-08 00:33 . 2008-05-08 00:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-07 23:30 . 2008-05-07 23:30 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

2008-05-07 22:52 . 2008-05-07 23:47 <DIR> d-------- C:\Documents and Settings\Marcela Barros\Dados de aplicativos\iolo

2008-05-07 22:52 . 2008-05-07 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\iolo

2008-05-07 21:11 . 2008-05-07 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-05-07 21:11 . 2008-05-07 21:11 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-05-07 21:01 . 2008-05-07 21:01 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys

2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-04-16 23:34 . 2008-04-16 23:34 3,599,329 --a------ C:\Arquivos de programas\aas_2.1_setup_153.exe

2008-04-16 23:13 . 2008-04-16 23:13 <DIR> d-------- C:\Documents and Settings\Marcela Barros\Dados de aplicativos\Simply Super Software

2008-04-16 23:13 . 2008-04-16 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-04-16 23:13 . 2008-05-07 22:24 <DIR> d-------- C:\Arquivos de programas\Trojan Remover

2008-04-16 23:13 . 2008-04-16 23:13 6,922,880 --a------ C:\Arquivos de programas\trsetup.exe

2008-04-16 23:13 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-04-16 23:13 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-04-16 23:13 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-04-16 23:13 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-04-16 23:13 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-04-16 22:36 . 2008-04-16 22:36 <DIR> d-------- C:\Documents and Settings\Marcela Barros\Dados de aplicativos\TrojanHunter

2008-04-16 22:02 . 2008-04-16 22:41 <DIR> d-------- C:\Arquivos de programas\TrojanHunter 5.0

2008-04-16 21:39 . 2008-05-07 22:25 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-12 14:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-05-12 13:55 1,895,716 ----a-w C:\ComboFix.exe

2008-05-12 13:48 --------- d-----w C:\Arquivos de programas\Arovax AntiSpyware

2008-05-10 15:03 --------- d-----w C:\Documents and Settings\Marcela Barros\Dados de aplicativos\AdobeUM

2008-05-08 12:23 --------- d-----w C:\Documents and Settings\Marcela Barros\Dados de aplicativos\Skype

2008-04-30 02:01 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-17 01:41 --------- d-----w C:\Arquivos de programas\The Cleaner Free

2008-04-17 00:53 --------- d-----w C:\Arquivos de programas\ESET

2008-04-08 22:46 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-04-08 22:45 3,349,634 ----a-w C:\Arquivos de programas\irpfwin2008v1.0.exe

2008-04-08 13:55 5,376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys

2008-04-08 13:54 7,100,586 ----a-w C:\Arquivos de programas\cleaner5free.exe

2008-03-25 04:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-03-25 03:52 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-25 00:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-25 00:09 --------- d-----w C:\Arquivos de programas\Sony Handheld

2008-03-25 00:09 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-03-25 00:08 --------- d-----w C:\Arquivos de programas\PR2K3BRA

2008-03-25 00:08 --------- d-----w C:\Arquivos de programas\Java

2008-03-25 00:07 --------- d-----w C:\Arquivos de programas\Terra Discador - Versão Compacta

2008-03-25 00:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\AntiSpyInfo

2008-03-25 00:06 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-25 00:06 --------- d-----w C:\Arquivos de programas\Dell

2008-03-25 00:06 --------- d-----w C:\Arquivos de programas\Anti-Spy.Info

2008-03-25 00:05 --------- d-----w C:\Documents and Settings\Marcela Barros\Dados de aplicativos\JustVoip

2008-03-25 00:04 --------- dc----w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-25 00:03 --------- d-----w C:\Arquivos de programas\JustVoip.com

2008-03-25 00:03 --------- d-----w C:\Arquivos de programas\JustVoip(2).com

2008-03-24 23:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Arovax

2008-03-24 21:10 --------- d-----w C:\Documents and Settings\Marcela Barros\Dados de aplicativos\LimeWire

2008-03-24 11:53 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-24 11:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:37 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:37 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 22:33 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-03-30 14:08 3,089,645 ----a-w C:\Arquivos de programas\irpf2007v1.0.exe

2007-03-30 04:01 1,308,504 ----a-w C:\Arquivos de programas\Receitanet2007_02a.EXE

2006-10-15 01:22 3,064,200 ----a-w C:\Arquivos de programas\LimeWireWin-full.exe

2004-08-04 14:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-05-08 00:33 2050816 --a------ C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-08 00:33 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-08 00:33 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]

"JustVoip"="C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" [2008-01-07 10:45 8770864]

"Arovax AntiSpyware"="C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 09:56 1966080]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 14:02 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 14:02 126976]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-11-16 16:11 98304]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-11-16 16:11 536576]

"PRONoMgrWired"="C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 12:58 86016]

"Dell QuickSet"="C:\Arquivos de programas\Dell\QuickSet\quickset.exe" [2005-03-04 10:26 606208]

"DVDLauncher"="C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 07:04 53248]

"UpdateManager"="C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [ ]

"TrojanScanner"="C:\Arquivos de programas\Trojan Remover\Trjscan.exe" [2008-04-07 19:51 873040]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-05-08 00:33 1177368]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 18:02 341928]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-04-15 09:37 378696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 18:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-08 00:33]

S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-05-08 00:33]

S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-05-08 00:33]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-08 00:33]

S3 SMCWCBG;SMCWCB-G WLAN Cardbus Service;C:\WINDOWS\system32\DRIVERS\SMCWCBG.sys [2005-03-23 02:25]

S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 16:51]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{899d7fec-6470-11dc-93fa-00123ff519ba}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-12 13:50:09 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 11:08:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-12 11:09:13

ComboFix-quarantined-files.txt 2008-05-12 14:09:08

 

Pre-Run: 26,749,698,048 bytes disponíveis

Post-Run: 27,130,589,184 bytes disponíveis

 

180 --- E O F --- 2008-04-09 23:55:14

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53:49, on 12/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\acs.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.as...;l=pt&s=gen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [JustVoip] "C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?712ce40a0f414719b26797d2883f2e67

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?712ce40a0f414719b26797d2883f2e67

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{606FD327-52BF-4AAD-8C4B-4AE073E52B2B}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{65BBD37B-3AB7-46F6-9323-54CB5CC3BF0A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{65BBD37B-3AB7-46F6-9323-54CB5CC3BF0A}: NameServer = 10.0.1.253

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8265 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pra que você tenha noção do que está acontecendo, fiz como você orientou. Após o Combofix e o hijackthis, fiz uma verificação com o Arovax. Infelizmente, ele só detecta mas não consegue exlcuir. Estou postando o log do Arovax também, espero que possa elucidar algo mais. Grande abraço e por enquanto muito obrigado amigo!

 

Scan log. Started at 05.12.2008 20:19:01

------------------------------------------

 

Start Processes scan

Completed Processes scan

Total items scanned: 33

Items found: 0

------------------------------------------

 

Start Registry scan

Name: Trojan.Linkmediac

SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT

 

Name: Trojan.Linkmediac

SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT

 

Name: UNKNOWN - dla [ c:\windows\system32\dla\tfswctrl.exe ]

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Name: UNKNOWN - TrojanScanner [ c:\arquivos de programas\trojan remover\trjscan.exe ]

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Name: UNKNOWN - AVG8_TRAY [ c:\arquiv~1\avg\avg8\avgtray.exe ]

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Name: UNKNOWN - DllName [ c:\arquivos de programas\gbplugin\gbiehabn.dll ]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn

 

Name: UNKNOWN - DllName [ c:\arquiv~1\gbplugin\gbieh.dll ]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb

 

Name: UNKNOWN - DllName [ c:\arquivos de programas\gbplugin\gbiehabn.dll ]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__GbPluginAbn

 

Name: UNKNOWN - DllName [ c:\arquivos de programas\gbplugin\gbieh.dll ]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__GbPluginBb

 

Name: UNKNOWN - JustVoip [ "c:\arquivos de programas\justvoip.com\justvoip\justvoip.exe ]

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Name: UNKNOWN - updateMgr [ "c:\arquivos de programas\adobe\acrobat 7.0\reader\adobeupdatemanager.exe ]

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Completed Registry scan

Total items scanned: 25427

Items found: 11

------------------------------------------

 

Start Hosts file scan

Completed Hosts file scan

Total items scanned: 8333

Items found: 0

------------------------------------------

 

Start Cookies scan

Completed Cookies scan

Total items scanned: 441

Items found: 0

------------------------------------------

 

Start File system scan

Completed File system scan

Total items scanned: 4898

Items found: 0

------------------------------------------

 

Scanning Finished. 05.12.2008 20:24:44

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa fredysousa,

 

Siga as instruções:

 

1. Reinicie a máquina em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

C:\Arquivos de programas\GbPlugin

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=-

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{899d7fec-6470-11dc-93fa-00123ff519ba}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 3. Salve o arquivo como CFScript.txt;
     
    4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    5. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, Jgarcia!

 

Bem, o combofix não gerou log. A máquina reiniciou, acho que deveria estar infectada e pode ser que tenha sido limpa. Procurei em C:/ que era onde deveria estar o log do combfix, mas nada encontrei. De qualquer forma, agradeço todo o empenho até agora.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa fredysousa,

 

Repita a operação descrita em meu post anterior e retorne com o resultado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.