[Arquivado] Analisem meu log

[Magnani 0]

Sempre que reinicio meu computador abre uma janela dizendo que estou infectado com o win32/renos. Quando tento limpar ele ápenas manda para quarentena e continuo infectado. Alguem pode me ajudar? De já agradeço!

 

meu log do hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:34:23, on 05/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [s3Trayp] s3trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O21 - SSODL: wnslvxtf - {839C88B6-24F4-4F81-9553-EEE21E69110D} - C:\Windows\wnslvxtf.dll (file missing)

O21 - SSODL: eqvwamkl - {CCEB4351-FE8C-483A-B16F-D525B075BB39} - C:\Windows\eqvwamkl.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis poste também o relatório.txt do Bankerfix.

 

Aguardo o Retorno

[Magnani 0]

seguem os logs

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 06/08/2008 - 9:58

-------------------------------------------------------

Lista de Definição: 2008-05-10-1

=======================================================

 

Arquivo infectado detectado: C:\Windows\System32\process.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:05:29, on 06/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Windows\System32\braviax.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [s3Trayp] s3trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O21 - SSODL: wnslvxtf - {839C88B6-24F4-4F81-9553-EEE21E69110D} - C:\Windows\wnslvxtf.dll (file missing)

O21 - SSODL: eqvwamkl - {CCEB4351-FE8C-483A-B16F-D525B075BB39} - C:\Windows\eqvwamkl.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Magnani 0]

Deu erro...acho que o Combofix não roda com Winvista.

 

"Sistema operacional incompativel. Combofix apenas funciona em Windows 2000 e XP"

[Silas Martins 0]

desative o antivirus e rode o combofix em modo de segurança

[Magnani 0]

Continua dando o mesmo erro

[Silas Martins 0]

Faça o download do http://www.techsupportforum.com/sectools/Deckard/dss.exe e salve no seu desktop.

Atenção: Para rodar a ferramenta terá de usar uma conta com privilégios de Adminstrador.

 

* Dê um duplo clique sobre o DSS.exe e siga as instruções.

* Quando terminar, será gerado um log.

* Cole o resultado deste log na sua próxima resposta.

* Através do Windows Explorer (clique direito no botão iniciar e escolha "Explorar"), procure a pasta C:\Deckard\System Scanner. Nessa pasta estarão dois logs: main.txt e extra.txt

* Abra o main.txt no bloco de notas, copie e cole esse log, juntamente com o novo log do hijackthis.

[Magnani 0]

Deckard's System Scanner v20071014.68

Run by Rodrigo Magnani on 2008-08-07 14:32:12

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

12: 2008-08-07 13:09:56 UTC - RP332 - Windows Defender Checkpoint

11: 2008-08-07 12:56:42 UTC - RP330 - Windows Defender Checkpoint

10: 2008-08-07 12:44:39 UTC - RP328 - Windows Defender Checkpoint

9: 2008-08-06 13:07:17 UTC - RP326 - Windows Defender Checkpoint

8: 2008-08-05 14:37:27 UTC - RP324 - Windows Defender Checkpoint

 

 

-- First Restore Point --

1: 2008-08-03 18:15:39 UTC - RP311 - Ponto de Verificação Agendado

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 446 MiB (1024 MiB recommended).

 

 

-- HijackThis (run as Rodrigo Magnani.exe) -------------------------------------

 

Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------

 

 

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-08-07 14:34:13

Platform: Windows Vista (6.00.6000)

MSIE: Internet Explorer (7.00.6000.16386)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\dwm.exe

C:\Windows\System32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Windows\explorer.exe

C:\Users\Rodrigo Magnani\Desktop\dss.exe

C:\Windows\System32\conime.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')

O4 - Global Startup: Gerenciador de HotSync.lnk = ?

O4 - Global Startup: Hotsync Manager.lnk = ?

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL

O21 - SSODL: wnslvxtf - {839C88B6-24F4-4F81-9553-EEE21E69110D} - C:\Windows\wnslvxtf.dll (file missing)

O21 - SSODL: eqvwamkl - {CCEB4351-FE8C-483A-B16F-D525B075BB39} - C:\Windows\eqvwamkl.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 

--

End of file - 5930 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 MAUSBJL (Service for M-Audio JamLab Driver (WDM)) - c:\windows\system32\drivers\mausbjl.sys <Not Verified; Avid Technology, Inc.; >

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R? GbpSv -

R2 MAudioJamLabService (M-Audio JamLab Installer) - c:\program files\m-audio\jamlab\jamlabinst.exe <Not Verified; Avid Technology, Inc.; >

 

S2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

 

2008-08-07 09:54:08 314724 --a------ C:\Windows\system32\winivstr.exe

2008-08-06 14:38:44 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>

2008-08-06 14:38:44 314368 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>

2008-08-06 14:38:41 0 d-------- C:\Program Files\Magic Video Converter

2008-08-06 14:27:24 0 d-------- C:\327882R2FWJFW

2008-08-06 09:57:38 0 d-------- C:\LinhaDefensiva

2008-08-05 14:33:52 0 d-------- C:\hijackthis

2008-08-04 17:30:33 2910 --a------ C:\Windows\system32\tmp.reg

2008-08-04 17:29:57 25600 --a------ C:\Windows\system32\WS2Fix.exe

2008-08-04 17:29:57 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-08-04 17:29:57 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-08-04 17:29:57 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-08-04 17:29:57 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-08-04 17:29:57 51200 --a------ C:\Windows\system32\dumphive.exe

2008-08-04 17:29:57 81920 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>

2008-08-04 14:55:53 163840 --a------ C:\Windows\edot.exe

2008-08-04 14:55:16 18944 --a------ C:\Windows\system32\MEGAUPLOAD.dll

2008-08-04 14:54:44 10752 --a------ C:\Windows\system32\braviax.exe

2008-08-04 14:54:35 18944 --a------ C:\Windows\system32\MEGAUPL.dll

2008-08-04 14:54:33 0 d-------- C:\Windows\The Sims 1

2008-07-25 09:41:10 0 d-------- C:\Downloads

2008-07-25 09:36:05 0 d-------- C:\Program Files\GetRight

2008-07-22 10:45:47 0 d-------- C:\Program Files\Soulseek

2008-07-15 15:37:52 0 d-------- C:\Program Files\XP Codec Pack

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-08-06 14:35:36 484188 --a------ C:\Windows\system32\prfh0416.dat

2008-08-06 14:35:36 80492 --a------ C:\Windows\system32\prfc0416.dat

2008-08-04 14:18:50 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\uTorrent

2008-07-31 21:11:47 32 --a------ C:\Windows\system32\msvcsv60.dll

2008-07-31 21:11:47 32 --a------ C:\Windows\msocreg32.dat

2008-07-30 12:00:21 0 d-------- C:\Program Files\Palm

2008-07-28 14:54:44 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\GetRight

2008-07-24 09:58:51 0 d-------- C:\Program Files\Mozilla Thunderbird

2008-07-22 10:47:52 0 d-------- C:\Program Files\Soulseek-Test

2008-07-15 11:42:10 0 d-------- C:\Program Files\u-he

2008-07-15 09:53:20 0 d-------- C:\Program Files\Java

2008-06-26 14:29:15 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\Arcsoft

2008-06-23 16:17:17 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\noteMaNIA

2008-06-22 23:08:33 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\Leadertech

2008-06-22 22:59:03 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\HotSync

2008-06-19 10:23:21 0 d-------- C:\Users\Rodrigo Magnani\AppData\Roaming\Sony

2008-06-09 17:04:23 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-06-02 15:34:21 5 --a------ C:\Windows\system32\RavMonLog

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/07/2007 09:45]

"S3Trayp"="S3Trayp.exe" [29/03/2007 16:23 C:\Windows\System32\s3trayp.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [29/03/2007 16:22]

"PowerManager"="C:\Program Files\Power Manager\PM.exe" [24/04/2007 22:12]

"FuncKey"="C:\Program Files\Hotkey 1.0.4\FuncKey.exe" [27/07/2006 15:06]

"Cache"="C:\Windows\\\\\\\\\\\\" [07/08/2008 14:32]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

"RavAV"="C:\Windows\AdobeR.exe" []

"M-Audio Taskbar Icon"="C:\Windows\System32\M-AudioTaskBarIcon.exe" [31/07/2007 15:45]

"HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" []

"braviax"="C:\Windows\system32\braviax.exe" [04/08/2008 14:54]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"braviax"="C:\Windows\system32\braviax.exe" [04/08/2008 14:54]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Gerenciador de HotSync.lnk - C:\Program Files\Palm\Hotsync.exe [03/01/2008 18:28:08]

Hotsync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [03/01/2008 18:28:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"=1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [15/04/2008 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Program Files\GbPlugin\gbiehuni.dll [10/03/2008 16:33 347552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"wnslvxtf"= {839C88B6-24F4-4F81-9553-EEE21E69110D} - C:\Windows\wnslvxtf.dll [ ]

"eqvwamkl"= {CCEB4351-FE8C-483A-B16F-D525B075BB39} - C:\Windows\eqvwamkl.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\PROGRAM FILES\GBPLUGIN\gbieh.dll 15/04/2008 09:37 378696 C:\Program Files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc TabletInputService wlansvc WPDBusEnum EMDMgmt

LocalServiceNoNetwork PLA DPS BFE mpssvc

LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc WPCSvc

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a8d0c8-9785-11dc-bf4e-00140b33741a}]

Auto\command- E:\AdobeR.exe e

AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25231f12-fd97-11dc-94dc-00140b33741a}]

AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db255d2-99b5-11dc-aac2-00140b33741a}]

Auto\command- E:\AdobeR.exe e

AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b3094ff-1aaa-11dd-8979-00140b33741a}]

AutoRun\command- E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

open\command- E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7248a8f7-8874-11dc-87d2-00140b33741a}]

AutoRun\command- E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

open\command- E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d7ed18-87fa-11dc-b922-00140b33741a}]

AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\copy.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28B0E5C2-99CB-11CF-AYX5-00401C648513}]

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-08-07 14:37:59 ------------

 

 

 

 

 

Hijack

Logfile of HijackThis v1.99.1

Scan saved at 14:39:24, on 07/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O21 - SSODL: wnslvxtf - {839C88B6-24F4-4F81-9553-EEE21E69110D} - C:\Windows\wnslvxtf.dll (file missing)

O21 - SSODL: eqvwamkl - {CCEB4351-FE8C-483A-B16F-D525B075BB39} - C:\Windows\eqvwamkl.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[Magnani 0]

Malwarebytes' Anti-Malware 1.24

Versão do banco de dados: 1031

Windows 6.0.6000

 

16:59:32 07/08/2008

mbam-log-8-7-2008 (16-59-32).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 34848

Tempo decorrido: 4 minute(s), 6 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 4

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 5

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\fdkowvbp.bpeb (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Windows\edot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\MEGAUPL.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\MEGAUPLOAD.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\winivstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Windows\System32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

 

 

Hijack

Logfile of HijackThis v1.99.1

Scan saved at 17:01:16, on 07/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Silas Martins 0]

Processo MSNFix:

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[Magnani 0]

MSNFix 1.737

 

C:\Users\Rodrigo Magnani\Desktop\MSNFix

Fix lançado dia 08/08/2008 - 14:35:58,65 By Rodrigo Magnani

modo normal

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\Windows\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:42:00, on 08/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\RunOnce: [MSNFix] C:\Users\Rodrigo Magnani\Desktop\MSNFix\MSNFix.bat /pass2

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 

 

Aparentemente o problema do trojan foi resolvido.....muito obrigado mesmo!!!

Porem, quando eu tentei executar sem sucesso o ComboFix começo a ocorer um problema com a minha area de trabalho. Meu pano de fundo desapareceu e eu não consigo colocar outro, alguns icones de imagens no meu explorer desaspareceram ficando somente um espaço em branco e o nome do arquivo

[Magnani 0]

Problema com o combofix resolvido tambem, foi só desinstala-lo.

[Silas Martins 0]

Killbox

 

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\Windows\AdobeR.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\Windows\fdkowvbp.dll (file missing)

O4 - HKLM\..\Run: [RavAV] C:\Windows\AdobeR.exe

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Magnani 0]

Logfile of HijackThis v1.99.1

Scan saved at 09:36:50, on 11/08/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\s3trayp.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey 1.0.4\FuncKey.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Windows Calendar\WinCal.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O4 - HKLM\..\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [Cache] C:\Windows\\\\\\\\\\\\

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: M-Audio JamLab Installer (MAudioJamLabService) - Avid Technology, Inc. - C:\Program Files\M-Audio\JamLab\JamLabInst.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Silas Martins 0]

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

 

 

 

Processo elaborado e formatado por :Jgarcia

[Magnani 0]

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2008-08-12 11:40:52

PROTECTIONS: 1

MALWARE: 17

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Windows Defender 1.1.3807.0 No Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@atdmt[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@tribalfusion[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@yadro[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@ad.yieldmanager[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@bs.serving-sys[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@ig.com[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@terra.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@uol.com[2].txt

00228027 BAT/KillAv.CJ Virus/Trojan No 0 Yes No C:\a.MSNFix

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@smartadserver[2].txt

02936946 Trj/Downloader.TNU Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\Users\RODRIG~1\AppData\Local\Temp\MPSampleSubmit\Setup_ver1.1561.0.exe.xor

03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\Windows\System32\IEDFix.exe

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location 12s5

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description 12s5

;===============================================================================

=================================================================================

===================

184379 MEDIUM MS08-001 12s5

182048 HIGH MS07-069 12s5

182043 HIGH MS07-064 12s5

176382 HIGH MS07-057 12s5

176383 HIGH MS07-058 12s5

;===============================================================================

=================================================================================

===================

[Silas Martins 0]

Delete os Cookies do seu navegador e depois repita o panda active scan

[Magnani 0]

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2008-08-12 11:40:52

PROTECTIONS: 1

MALWARE: 17

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Windows Defender 1.1.3807.0 No Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@atdmt[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@tribalfusion[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@yadro[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\Low\rodrigo_magnani@ad.yieldmanager[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@bs.serving-sys[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@ig.com[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@terra.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@uol.com[2].txt

00228027 BAT/KillAv.CJ Virus/Trojan No 0 Yes No C:\a.MSNFix

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Rodrigo Magnani\AppData\Roaming\Microsoft\Windows\Cookies\rodrigo_magnani@smartadserver[2].txt

02936946 Trj/Downloader.TNU Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\Users\RODRIG~1\AppData\Local\Temp\MPSampleSubmit\Setup_ver1.1561.0.exe.xor

03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\Windows\System32\IEDFix.exe

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location 12s5

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description 12s5

;===============================================================================

=================================================================================

===================

184379 MEDIUM MS08-001 12s5

182048 HIGH MS07-069 12s5

182043 HIGH MS07-064 12s5

176382 HIGH MS07-057 12s5

176383 HIGH MS07-058 12s5

;===============================================================================

=================================================================================

===================