[Arquivado] Vírus Bravesentry

[miqueias12 0]

PESSOAL TEM ALGUEM AI QUE PODE MIM AJUDAR A RESOLVER ESSE PROBLEMINHA AQUI NO MEU PC...

DESDE JA AGRADEÇO..

 

AQUI ESTA A ANALISE DO hijackthis....

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:02:36, on 04/08/2008

Platform: Windows 2003 (WinNT 5.02.3790)

MSIE: Internet Explorer v6.00 (6.00.3790.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\LckFldService.exe

C:\ARQUIV~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\Dfssvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\Arquivos de programas\Intelbras\Remoraw5\WRECEBE.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\ARQUIV~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

P:\PCINF000.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1.CPD\CONFIG~1\Temp\Rar$EX00.156\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.254:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Comunicação com PABX] C:\Arquivos de programas\Intelbras\Remoraw5\WRECEBE.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Junionet Painel de Lembretes - P30] C:\JUNIONET\P30\P30.EXE /1

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\RunOnce: [spybotDeletingA5206] command /c del "c:\Program Files\BraveSentry\BraveSentry0.bs"

O4 - HKLM\..\RunOnce: [spybotDeletingC6901] cmd /c del "c:\Program Files\BraveSentry\BraveSentry0.bs"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB7759] command /c del "c:\Program Files\BraveSentry\BraveSentry0.bs"

O4 - HKCU\..\RunOnce: [spybotDeletingD8822] cmd /c del "c:\Program Files\BraveSentry\BraveSentry0.bs"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{31DA8492-49AB-4422-BCAE-B4EC85277050}: NameServer = 200.199.241.17,200.199.252.68

O17 - HKLM\System\CS1\Services\Tcpip\..\{31DA8492-49AB-4422-BCAE-B4EC85277050}: NameServer = 200.199.241.17,200.199.252.68

O17 - HKLM\System\CS2\Services\Tcpip\..\{31DA8492-49AB-4422-BCAE-B4EC85277050}: NameServer = 200.199.241.17,200.199.252.68

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\ARQUIV~1\QUESTS~1\SQLNAV~1\RNetPin.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: DefWatch - Symantec Corporation - C:\ARQUIV~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\ARQUIV~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

[DigRam 144]

Bom Dia! miqueias12

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

----------------------

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo!

>@< Reinicie o computador em Modo de Segurança!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.