Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

carlaneiva

[Resolvido!]  analisem meu Log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

carlaneiva    0

carlaneiva
Postado

:mellow: Meu IE Abre a todo instante!!

 

 

O que Devo fazer? Sou leiga no assunto, na verdade sou fotografa e entendo pouco...se puderem me ajudar eu agradeço!

 

Meu Log HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:23:51, on 29/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\WService.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\regsvr32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\VnrPack\VnrPack20.exe

C:\Arquivos de programas\GetModule\GetModule26.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\ppcbooster\ppcb_32.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Carla Neiva\Meus documentos\Meus arquivos recebidos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neivafotos.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: bannerstyles15 browser enhancer - {4CD62ABD-4085-CDBF-0A22-628E200FE647} - C:\WINDOWS\system32\uffzqpzawluger.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Arquivos de programas\LuckyTender\1.3.0\LuckyTender.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Arquivos de programas\QdrDrive\QdrDrive20.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [WService] WService.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKLM\..\Run: [nlkvuncduliv] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\uffzqpzawluger.dll"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [VnrPack20] "C:\Arquivos de programas\VnrPack\VnrPack20.exe"

O4 - HKCU\..\Run: [GetModule26] C:\Arquivos de programas\GetModule\GetModule26.exe

O4 - Startup: ppcb_32.lnk = C:\Arquivos de programas\ppcbooster\ppcb_32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/adfad4ed5caab6ade2...058dbf91_35.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716130859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716109421

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: wbsecsvc - Integrated System Solution Corp. - C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

 

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado

Segue o log do Hijackthis atualizado

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:11:13, on 29/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\ppcbooster\ppcb_32.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Carla Neiva\Meus documentos\Meus arquivos recebidos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neivafotos.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: bannerstyles15 browser enhancer - {4CD62ABD-4085-CDBF-0A22-628E200FE647} - C:\WINDOWS\system32\uffzqpzawluger.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKLM\..\Run: [nlkvuncduliv] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\uffzqpzawluger.dll"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - Startup: ppcb_32.lnk = C:\Arquivos de programas\ppcbooster\ppcb_32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/adfad4ed5caab6ade2...058dbf91_35.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716130859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716109421

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: wbsecsvc - Integrated System Solution Corp. - C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

 

 

Log do Combofix

 

 

 

ComboFix 08-10-29.07 - Carla Neiva 2008-10-29 15:58:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.807 [GMT -2:00]

Executando de: C:\Documents and Settings\Carla Neiva\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\GetModule

C:\Arquivos de programas\GetModule\GetModule26.exe

C:\Arquivos de programas\QdrDrive

C:\Arquivos de programas\QdrDrive\QdrDrive20.dll

C:\Arquivos de programas\QdrDrive\qdrloader.exe

C:\Arquivos de programas\VnrPack

C:\Arquivos de programas\VnrPack\trgts.gz

C:\Arquivos de programas\VnrPack\VnrPack20.exe

C:\WINDOWS\msettings.ini

C:\WINDOWS\system32\rlwnw64n.exe

C:\WINDOWS\system32\winpfz33.sys

C:\WINDOWS\system32\wservice.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))

.

 

2008-10-29 09:30 . 2008-10-29 09:30 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-10-27 21:05 . 2008-10-28 18:44 1,670 --a------ C:\WINDOWS\wininit.ini

2008-10-26 16:02 . 2008-10-26 16:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-24 11:49 . 2008-10-24 11:49 172,544 --a------ C:\WINDOWS\system32\uffzqpzawluger.dll

2008-10-22 12:14 . 2008-10-22 12:14 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-10-21 23:50 . 2008-10-21 23:50 <DIR> d-------- C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule

2008-10-20 23:20 . 2008-10-20 23:20 548,924 --a------ C:\WINDOWS\system32\lcntptdl.exe

2008-10-20 23:20 . 2008-10-20 23:20 288,734 --a------ C:\WINDOWS\vntb9283.exe

2008-10-20 23:20 . 2008-10-20 23:20 153,434 --a------ C:\WINDOWS\system32\g59.exe

2008-10-20 23:20 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\lpib7535.exe

2008-10-20 23:20 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\ldoie0293.exe

2008-10-20 23:20 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\kdiue021.exe

2008-10-20 23:20 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\aldie20938.exe

2008-10-20 23:20 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\akcfdj29387.exe

2008-10-20 23:19 . 2008-10-20 23:19 <DIR> d-------- C:\Arquivos de programas\ppcbooster

2008-10-20 23:19 . 2008-10-20 23:20 200,704 --a------ C:\WINDOWS\dwtb2837.exe

2008-10-20 23:19 . 2008-10-20 23:20 190,861 --a------ C:\WINDOWS\bdtb3452.exe

2008-10-20 23:19 . 2008-10-26 15:02 78,649 --a------ C:\WINDOWS\system32\wqqljfkutzfqfzvjl.exe

2008-10-20 23:19 . 2008-10-20 23:20 70,599 --a------ C:\WINDOWS\pptb1948.exe

2008-10-20 23:19 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\yrtb5246.exe

2008-10-20 23:19 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\odtb2482.exe

2008-10-20 23:19 . 2008-10-20 23:20 16,384 --a------ C:\WINDOWS\jutb6721.exe

2008-10-20 23:17 . 2004-08-30 22:00 1,089,536 --a------ C:\WINDOWS\system32\ciadvs.exe

2008-10-20 23:17 . 2008-10-20 23:17 61,440 --a------ C:\WINDOWS\system32\chkdsks.exe

2008-10-20 17:22 . 2008-10-27 22:37 <DIR> d-------- C:\Documents and Settings\Carla Neiva\Dados de aplicativos\LimeWire

2008-10-20 17:20 . 2008-10-20 17:21 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-10-06 12:22 . 2008-10-06 12:22 <DIR> d-------- C:\Documents and Settings\Carla Neiva\Dados de aplicativos\Advanced Font Viewer

2008-10-06 12:22 . 2008-10-06 12:22 <DIR> d-------- C:\Arquivos de programas\Advanced Font Viewer

2008-10-03 00:44 . 2008-10-03 00:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2008-10-03 00:44 . 2007-02-22 21:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-10-03 00:44 . 2006-11-30 09:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-10-03 00:44 . 2006-11-30 09:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys

2008-10-03 00:44 . 2006-11-30 09:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys

2008-10-03 00:44 . 2006-11-30 09:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ZoomBrowser

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\Orkut Cute

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\HWiNFO32

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\Flickr Uploadr

2008-10-02 23:06 . 2008-10-02 23:06 <DIR> d-------- C:\Arquivos de programas\Canon

2008-10-02 23:05 . 2008-10-28 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-10-02 23:05 . 2008-10-02 23:05 <DIR> d-------- C:\Arquivos de programas\PC Inspector File Recovery

2008-10-02 23:04 . 2008-10-02 23:04 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de impressão

2008-10-02 23:01 . 2008-10-02 23:01 <DIR> d-------- C:\Archivos de programa

2008-10-02 23:01 . 2008-10-02 23:01 <DIR> d-------- C:\0

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 12:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-27 21:46 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-27 20:08 --------- d-----w C:\Documents and Settings\Carla Neiva\Dados de aplicativos\SmartShopper

2008-10-27 11:49 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-19 01:14 --------- d-----w C:\Arquivos de programas\Java

2008-10-19 00:58 --------- d--h--w C:\Arquivos de programas\Scpad

2008-10-16 21:22 413 ----a-w C:\Documents and Settings\Carla Neiva\Dados de aplicativos\momento_log.dat

2008-10-03 02:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-10-03 02:44 --------- d-----w C:\Arquivos de programas\McAfee

2008-10-03 01:23 --------- d-----w C:\Arquivos de programas\Comodo

2008-10-03 01:05 --------- d-----w C:\Arquivos de programas\QuickTime

2008-10-03 01:05 --------- d-----w C:\Arquivos de programas\Google

2008-09-29 19:12 --------- d-----w C:\Arquivos de programas\digitreats_ftb_3

2008-09-28 13:34 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-15 15:40 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-06 15:37 --------- d-----w C:\Documents and Settings\Carla Neiva\Dados de aplicativos\Lavasoft

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-20 05:37 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:45 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:45 2,061,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-05-30 17:50 6,674 ----a-w C:\Arquivos de programas\Devices.xml

2008-05-30 17:50 4,722 ----a-w C:\Arquivos de programas\Settings.xml

2008-04-26 00:20 1,667,072 ----a-w C:\Arquivos de programas\InfraRecorder.exe

2007-12-01 22:36 274,432 ----a-w C:\Arquivos de programas\irExpress.exe

2007-08-21 17:08 5,197,343 ----a-w C:\Arquivos de programas\OrkutCute_instalar.exe

2006-02-25 05:12 20 ----a-w C:\Arquivos de programas\serial.txt

2006-02-17 04:20 4,656,520 ----a-w C:\Arquivos de programas\fo-ar205.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CD62ABD-4085-CDBF-0A22-628E200FE647}]

2008-10-24 11:49 172544 --a------ C:\WINDOWS\system32\uffzqpzawluger.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2008-06-02 6210888]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 40960]

"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 41984]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

"Advanced WindowsCare V2 Personal"="C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" [2008-04-17 2669336]

"VTTimer"="VTTimer.exe" [2007-06-11 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2007-06-11 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

C:\Documents and Settings\Carla Neiva\Menu Iniciar\Programas\Inicializar\

ppcb_32.lnk - C:\Arquivos de programas\ppcbooster\ppcb_32.exe [2008-10-15 24576]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-12 110592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"VIDC.CJPG"= ctwbjpg.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17920]

R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2006-07-25 17952]

R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Arquivos de programas\HWiNFO32\HWiNFO32.SYS [2007-03-05 8064]

R2 wbsecsvc;wbsecsvc;C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE [2006-08-25 278528]

R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]

S3 W35UND;W89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\W35UND.SYS [2006-07-05 105984]

S3 WCGOHAL;WCGOHAL;C:\WINDOWS\system32\drivers\wbcgohal.sys [1999-10-11 7064]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eebb6db5-28e4-11dc-b691-0016178bcf54}]

\Shell\AutoRun\command - I:\setupSNK.exe

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-29 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-VnrPack20 - C:\Arquivos de programas\VnrPack\VnrPack20.exe

HKCU-Run-GetModule26 - C:\Arquivos de programas\GetModule\GetModule26.exe

HKCU-Run-CoolSMS - (no file)

HKLM-Run-WService - WService.EXE

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Carla Neiva\Dados de aplicativos\Mozilla\Firefox\Profiles\9k50kgyg.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.neivafotos.com.br/

FF -: plugin - C:\Arquivos de programas\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF -: plugin - C:\Documents and Settings\Carla Neiva\Dados de aplicativos\Mozilla\plugins\npPxPlay.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-29 16:00:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-29 16:03:23

ComboFix-quarantined-files.txt 2008-10-29 18:02:31

 

Pré-execução: 19 pasta(s) 61.802.467.328 bytes disponíveis

Pós execução: 19 pasta(s) 61,794,099,200 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

197 --- E O F --- 2008-10-27 06:02:30

 

 

 

Aguardo uma analise, mais uma vez obrigada pela atenção!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado

Bom dia,

 

 

Segue os log solicitados:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:13:38, on 5/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\ppcbooster\ppcb_32.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Carla Neiva\Meus documentos\Meus arquivos recebidos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neivafotos.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - Startup: ppcb_32.lnk = C:\Arquivos de programas\ppcbooster\ppcb_32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716130859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716109421

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: wbsecsvc - Integrated System Solution Corp. - C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

 

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1360

Windows 5.1.2600 Service Pack 2

 

3/11/2008 17:59:28

mbam-log-2008-11-03 (17-59-28).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 43648

Tempo decorrido: 4 minute(s), 33 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 4

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 6

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cd62abd-4085-cdbf-0a22-628e200fe647} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4cd62abd-4085-cdbf-0a22-628e200fe647} (Adware.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlkvuncduliv (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\WINDOWS\vntb9283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uffzqpzawluger.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\yrtb5246.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

Aguardo uma orientação.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Siga as instruções abaixo:

usando o Internet Explorer (mozila pode bloquear o ftp)

Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado

Bom dia..segue os logs! :rolleyes:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:10:33, on 6/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\ppcbooster\ppcb_32.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Carla Neiva\Meus documentos\Meus arquivos recebidos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neivafotos.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - Startup: ppcb_32.lnk = C:\Arquivos de programas\ppcbooster\ppcb_32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716130859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716109421

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: wbsecsvc - Integrated System Solution Corp. - C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

 

 

 

 

 

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1360

Windows 5.1.2600 Service Pack 2

 

3/11/2008 17:59:28

mbam-log-2008-11-03 (17-59-28).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 43648

Tempo decorrido: 4 minute(s), 33 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 4

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 6

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cd62abd-4085-cdbf-0a22-628e200fe647} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4cd62abd-4085-cdbf-0a22-628e200fe647} (Adware.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlkvuncduliv (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\WINDOWS\vntb9283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carla Neiva\Dados de aplicativos\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uffzqpzawluger.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\yrtb5246.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

 

Aguardo um retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado
Eu pedi o log do Bankerfix e você colou o log do Malwarebytes..

Por favor cole o log do Bankerfix.

 

 

 

 

Oi Silas, eu utilizei o Bankerfix, mas não consigo localizar o log que você solitou, pode me informar como faço?

Depois que ele executa, aparece a informação que nada foi encontrado.

Mais uma vez obrigada!

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado

Bom dia Silas,

segue o log solicitado.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:32:03, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\ppcbooster\ppcb_32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Carla Neiva\Meus documentos\Meus arquivos recebidos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neivafotos.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - Startup: ppcb_32.lnk = C:\Arquivos de programas\ppcbooster\ppcb_32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716130859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187716109421

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: wbsecsvc - Integrated System Solution Corp. - C:\Arquivos de programas\Winbond\WLAN\WBSECSVC.EXE

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

carlaneiva    0

carlaneiva
Postado

Boa tarde Silas,

 

O problema parece resolvido!!!

Eu não tenho como agradecer sua atenção e disposição para me ajudar!

Muito obrigada de coração!

bjos :clap: :clap: :clap:

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito