[Resolvido!] "Vírus" CID : Mercado Livre

[AlineP 0]

Pessoal!

 

Sou nova no fórum... Meu computador há tempos fica abrindo automaticamente umas janela da internet, de propaganda, geralmente do mercado livre, escrito algo como CID:...mercado livre...

 

Já passei anti vírus e o CCleaner, mas nada resolve o problema. Algué poderia me ajudar?

 

PS:(no momento (hj) estou com o Anti virus desinstalado, era o AVG8 mas começou a dar problema tbm, então desinstalei e queria sugestão de outro...

 

Obrigada!

Aline

 

Abaixo vou postar o log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:47:27, on 4/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [regspeak] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\Ping Plus Poke.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5113 bytes

[PedroN 1]

Olá

 

PS:(no momento (hj) estou com o Anti virus desinstalado, era o AVG8 mas começou a dar problema tbm, então desinstalei e queria sugestão de outro...

 

Sobre um antivirus free, eu recomendaria o Avira

---------------------------------------------------------------------------------------------------------------------------------

 

<@> Faça o download do LopS&D.

<@> Salve-o no Disco Local-C!.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" >> Aperte Enter.

<@> Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HJT atualizado.

[AlineP 0]

Olá!

 

Obrigada por terem respondido tão rápido!

 

(PS: Qdo vi que vcs tinham sugerido o Avira, eu já tinha reinstalado o AVG, com medo de ficar totalmente sem proteção, mas gostei da sugestão e vou tentar o Avira, só gostaria de saber se devo instalá-lo agora ou depois de corrigir os erros?!)

 

 

Bem, fiz os procedimentos sugeridos,

 

segue o log do LopSD:

 

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon MP )

BIOS : Default System BIOS

USER : Aline ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )

Option : [2] ( qua 05/11/2008|11:52 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\AF007545918FE721.job

Deletado! - C:\WINDOWS\Tasks\AF26CBBF91897D6B.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\soft chic meet great\Dart Amen.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\soft chic meet great\Team Bat.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\dvd open bash.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\edoazucz.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\nhvdphtc.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\Ping Plus Poke.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\pqfdlwwv.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\stylecopyroadsoft.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1\vuorrqmp.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\dvd open bash.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\gmaaolbk.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\ktnekeut.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\nenomzyj.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\nexeczxg.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\Ping Plus Poke.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\stylecopyroadsoft.exe

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1\yorymqsa.exe

Deletado! - C:\DOCUME~1\ALINE~1.PRO\Cookies\aline@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\ALINE~1.PRO\Cookies\aline@www.lop[2].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\soft chic meet great

Deletado! - C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\flapdo~1

Deletado! - C:\DOCUME~1\Joice\DADOSD~1\flapdo~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[03/11/2008|20:39] C:\DOCUME~1\ADMINI~1\DADOSD~1\Adobe

[03/11/2008|20:34] C:\DOCUME~1\ADMINI~1\DADOSD~1\AVGTOOLBAR

[03/11/2008|20:39] C:\DOCUME~1\ADMINI~1\DADOSD~1\HP

[04/11/2008|19:00] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

[16/10/2008|03:55] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Adobe

[15/06/2007|17:18] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\AdobeUM

[04/11/2008|20:02] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\AVGTOOLBAR

[05/09/2008|16:02] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\BrOffice.org2

[06/07/2007|20:04] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\CyberLink

[15/06/2007|15:17] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\DivX

[26/05/2007|15:31] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Help

[03/11/2008|20:24] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\HP

[03/10/2008|01:55] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Macromedia

[19/10/2007|18:39] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Media Player Classic

[04/11/2008|19:00] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Microsoft

[13/10/2008|15:30] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Real

[08/10/2008|20:27] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Skype

[25/05/2007|19:48] C:\DOCUME~1\ALINE~1.PRO\DADOSD~1\Sun

 

[01/11/2008|12:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[04/11/2008|19:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avg8

[20/05/2007|18:46] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[04/05/2008|14:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[05/11/2008|11:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[14/01/2008|19:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[03/11/2008|19:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[03/11/2008|19:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[11/09/2007|01:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\inetprot

[20/05/2007|20:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[22/08/2008|15:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[04/11/2008|14:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[29/10/2008|16:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[20/05/2007|16:47] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[01/11/2008|12:54] C:\DOCUME~1\Joice\DADOSD~1\Adobe

[26/05/2007|18:19] C:\DOCUME~1\Joice\DADOSD~1\AdobeUM

[19/02/2008|21:52] C:\DOCUME~1\Joice\DADOSD~1\Corel

[07/06/2007|16:37] C:\DOCUME~1\Joice\DADOSD~1\CyberLink

[08/10/2008|20:48] C:\DOCUME~1\Joice\DADOSD~1\Google

[08/10/2008|20:48] C:\DOCUME~1\Joice\DADOSD~1\Identities

[20/05/2007|21:16] C:\DOCUME~1\Joice\DADOSD~1\Macromedia

[04/11/2008|19:00] C:\DOCUME~1\Joice\DADOSD~1\Microsoft

[07/09/2008|19:48] C:\DOCUME~1\Joice\DADOSD~1\Mozilla

[18/10/2008|18:54] C:\DOCUME~1\Joice\DADOSD~1\Real

[08/10/2008|20:56] C:\DOCUME~1\Joice\DADOSD~1\Screenshot Sender

[08/06/2008|15:31] C:\DOCUME~1\Joice\DADOSD~1\skypePM

[24/05/2007|00:47] C:\DOCUME~1\Joice\DADOSD~1\Sun

 

[04/11/2008|19:00] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[04/11/2008|19:00] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[05/11/2008 11:05][--ah-----] C:\WINDOWS\tasks\SA.DAT

[19/01/1782 01:14][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[02/10/2008|02:12] C:\Arquivos de programas\Adobe

[20/05/2007|18:43] C:\Arquivos de programas\Ahead

[19/10/2008|18:12] C:\Arquivos de programas\Arquivos comuns

[04/11/2008|19:01] C:\Arquivos de programas\AVG

[04/11/2008|14:56] C:\Arquivos de programas\CCleaner

[20/05/2007|16:42] C:\Arquivos de programas\ComPlus Applications

[20/05/2007|18:46] C:\Arquivos de programas\CyberLink

[19/10/2008|18:14] C:\Arquivos de programas\DVD Shrink

[17/09/2008|12:35] C:\Arquivos de programas\GbPlugin

[19/10/2008|18:09] C:\Arquivos de programas\Google

[16/10/2008|04:01] C:\Arquivos de programas\Internet Explorer

[19/10/2008|18:17] C:\Arquivos de programas\Java

[03/11/2008|21:42] C:\Arquivos de programas\microsoft frontpage

[20/05/2007|20:32] C:\Arquivos de programas\Microsoft Office

[22/08/2008|15:11] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[20/05/2007|16:43] C:\Arquivos de programas\Movie Maker

[31/10/2008|22:26] C:\Arquivos de programas\Mozilla Firefox

[20/05/2007|16:41] C:\Arquivos de programas\MSN Gaming Zone

[05/11/2008|11:12] C:\Arquivos de programas\MSXML 4.0

[21/02/2008|20:48] C:\Arquivos de programas\MSXML 6.0

[20/05/2007|16:44] C:\Arquivos de programas\NetMeeting

[16/06/2007|23:45] C:\Arquivos de programas\Outlook Express

[28/08/2008|19:04] C:\Arquivos de programas\Real

[23/06/2008|20:50] C:\Arquivos de programas\Serif

[20/05/2007|16:45] C:\Arquivos de programas\Servi‡os on-line

[24/01/2008|20:28] C:\Arquivos de programas\Ulead Systems

[20/05/2007|16:56] C:\Arquivos de programas\Uninstall Information

[11/02/2008|21:09] C:\Arquivos de programas\Vimicro

[10/09/2007|01:08] C:\Arquivos de programas\VOB

[17/09/2008|12:34] C:\Arquivos de programas\Winamp

[19/10/2008|18:07] C:\Arquivos de programas\Windows Live

[28/07/2008|01:35] C:\Arquivos de programas\Windows Media Connect 2

[19/10/2008|18:20] C:\Arquivos de programas\Windows Media Player

[20/05/2007|16:41] C:\Arquivos de programas\Windows NT

[20/05/2007|16:45] C:\Arquivos de programas\WindowsUpdate

[20/09/2008|04:40] C:\Arquivos de programas\WinRAR

[20/05/2007|16:48] C:\Arquivos de programas\xerox

[04/11/2008|15:38] C:\Arquivos de programas\Yahoo!

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[06/04/2008|19:02] C:\Arquivos de programas\Arquivos comuns\Adobe

[20/05/2007|18:45] C:\Arquivos de programas\Arquivos comuns\Ahead

[20/05/2007|20:31] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[03/11/2008|19:35] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[03/11/2008|19:35] C:\Arquivos de programas\Arquivos comuns\HP

[11/02/2008|21:09] C:\Arquivos de programas\Arquivos comuns\InstallShield

[24/05/2007|00:37] C:\Arquivos de programas\Arquivos comuns\Java

[06/10/2008|17:37] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[20/05/2007|16:43] C:\Arquivos de programas\Arquivos comuns\MSSoap

[20/05/2007|13:33] C:\Arquivos de programas\Arquivos comuns\ODBC

[11/03/2008|01:43] C:\Arquivos de programas\Arquivos comuns\Real

[20/05/2007|16:44] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[20/05/2007|13:33] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[16/06/2007|23:45] C:\Arquivos de programas\Arquivos comuns\System

[24/01/2008|20:27] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[11/03/2008|01:43] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 27 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-05 11:58:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:153][D:9]-> C:\DOCUME~1\ALINE~1.PRO\CONFIG~1\Temp

[F:58][D:0]-> C:\DOCUME~1\ALINE~1.PRO\Cookies

[F:413][D:6]-> C:\DOCUME~1\ALINE~1.PRO\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qua 05/11/2008|12:00 - Option : [2]

 

--------------------\\ Verificação completa em 12:00:04

 

 

SEGUE o LOG DO HIJACK:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:12:07, on 5/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5280 bytes

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

- Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

-- Caso aconteça a notificação de: Aplicativo Win32 inválido, delete a ferramenta e faça,novamente, o download.

-- Salve-a no desktop, renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento, e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente, esta ferramenta!Siga, àcima, todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade, digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix, tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis, atualizado.

[AlineP 0]

NÃO SEI O QUE ACONTECEU!!!

 

EU ESTAVA EXECUTANDO O COMBOFIX, PASSO A PASSO COMO você MANDOU... ESTAVA TUDO NORMAL!!! ATÉ QUE ABRIU A JANELA AUTOSCAN... e fiquei aguardando... não toquei em nada!!!

Até que derrepente o computador desligou sozinho e começou reinicializar!!!

 

 

O que eu faço?! Tento executar o procedimento novamente?!

 

Estou enviando o relatório atualizado do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:04, on 2008-11-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\AVG\AVG8\avgupd.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5247 bytes

[PedroN 1]

Execute novamente o combofix, mais dessa vez em modo segurança

[AlineP 0]

1 - Executei o Combofix no Modo de Segurança e novamente aconteceu a mesma coisa, durante o AUTOSCAN abriu automaticamente uma janela dizendo que eu estava executando em Modo de Segurança, perguntando se queria prosseguir e sem eu clicar em nada o computador desligou automaticamente e começou a reinicializar...

 

2 - Achei que poderia ser algum problema em relação ao AVG, pois verifiquei que mesmo tendo desabilitado as proteções residente de antivirus, antispywares e firewall, ele não parava e continuava "funcionando"... Aí tentei desisntalar o AVG, mas tbm não consegui desinstala-lo, apareceu a seguinte mensagem de erro:

 

AVG- Falha na desinstalação

Máquina local: falha na instalação

Instalação:

Erro: Falha na ação correspondente a chave de registro HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: criando chave de registro....

Error 0x80070005

 

3 - Bem, ainda assim, deletei o Combofix e instalei novamente, mas como você tinha recomendado em na 1ª msg, (salvando no desktop como: Kombo.exe ... etc). Executei este Kombo.exe, em modo de segurança... Novamente deu o mesmo erro, o computador desligou sozinho e reinicializou sozinho novamente...

 

4 - Tentei mais uma vez... deletei o Kombo.exe, deletei tudo, e baixei novamente o Combofix.exe, salvei no Desktop, fechei todas as janelas e executei a ferramenta (NO MODO DE SEGURANÇA), porém desta vez não abriu a janela de "negação de garantia de software", e nem a mensagem de instalação do "Console de Recuperação" (que já tinha instalado naquela 1ª tentativa)... Desta última vez, quando executei o Combofix (em modo de segurança), ele apenas iniciou, abriu a janela do AUTOSCAN e novamente fechou automaticamente e começou a reinicializar...

 

Espero que tenha entendido toda essa confusão que eu fiz... e espero que ainda possa me ajudar...

Sou advogada, o computador é minha ferramenta fundamental de trabalho e ultimamente não estou mais conseguindo trabalhar direito...

 

Desde já agradeço a atenção! Muito obrigada mesmo!

 

Aline

 

 

 

ABAIXO O ÚLTIMO RELATÓRIO DO HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:50, on 2008-11-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 4905 bytes

[PedroN 1]

...Siga os procedimentos na seqüencia:

 

1)

 

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

2)

 

◘ Faça um scan online em: < Kaspersky >

◘ Utilize para isso, o navegador Internet Explorer.

 

• Acesse o site,e clique em: < >

 

◘ Na próxima página,clique em: I Accept

◘ Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

◘ Na próxima página,clique em: My Computer e faça o scan.

◘ Tenha paciência!

◘ Aguarde a atualização da base de dados,e também do exame,que é demorado.

◘ Terminando, salve e poste o relatório.

◘ Clique em Save Report As... Para salvar o log.

◘ Salve o resultado como .txt,segundo a imagem abaixo:

 

 

◘ Na sua proxima resposta poste o log do scan online, Malwarebytes Anti-Malware e hijackthis

[AlineP 0]

Realizei todos os procedimentos que você sugeriu, segue os logs:

Obrigada!

 

 

 

 

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1306

Windows 5.1.2600 Service Pack 2

2008-11-07 13:33:50

mbam-log-2008-11-07 (13-33-50).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 48550

Tempo decorrido: 4 minute(s), 4 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 3

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{d3073845-c655-42e7-b723-191ccfc41f0a} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\SnEngine.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SnAgOS.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot.

 

 

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT Friday, November 7, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Friday, November 07, 2008 16:00:53

Records in database: 1373823

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 54191

Threat name: 2

Infected objects: 12

Suspicious objects: 0

Duration of the scan: 01:55:51

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Aline.PROEN-63CAE5AD5\Configurações locais\Temp\Av-test.txt Infected: EICAR-Test-File 1

C:\Documents and Settings\Joice\Configurações locais\Temp\sta5.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Joice\Configurações locais\Temp\sta8.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\dvd open bash.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\edoazucz.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\pqfdlwwv.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\vuorrqmp.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\dvd open bash.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\gmaaolbk.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\ktnekeut.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\nexeczxg.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\yorymqsa.exe Infected: Trojan.Win32.Obfuscated.gen 1

 

The selected area was scanned.

 

 

 

Log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16, on 2008-11-07Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5406 bytes

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

- Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

-- Caso aconteça a notificação de: Aplicativo Win32 inválido, delete a ferramenta e faça,novamente, o download.

-- Salve-a no desktop, renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento, e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente, esta ferramenta!Siga, àcima, todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade, digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix, tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis, atualizado.

[AlineP 0]

Obrigada!

 

Segue os relatórios do C:\Combofix.txt e HijackThis:

 

 

ComboFix 08-11-07.01 - Aline 2008-11-07 19:50:48.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1784 [GMT -2:00]

Executando de: c:\documents and settings\Aline.PROEN-63CAE5AD5\Desktop\Kombo.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\.txt

c:\windows\Downloaded Program Files\setup.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))

.

 

2008-11-07 13:27 . 2008-11-07 13:27 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-07 13:27 . 2008-11-07 13:27 <DIR> d-------- c:\documents and settings\Aline.PROEN-63CAE5AD5\Dados de aplicativos\Malwarebytes

2008-11-07 13:27 . 2008-11-07 13:27 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-07 13:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-07 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-06 23:52 . 2008-11-06 23:52 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-11-06 23:48 . 2008-11-06 23:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-11-06 23:48 . 2008-01-24 20:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-11-06 23:48 . 2008-01-24 20:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-11-06 23:47 . 2008-01-24 20:23 271,704 -ra------ c:\windows\system32\hpzids01.dll

2008-11-06 23:47 . 2008-11-06 23:53 175,882 --a------ c:\windows\hpoins29.dat

2008-11-06 23:47 . 2008-02-07 10:26 118,272 --a------ c:\windows\system32\hpz3l5mu.dll

2008-11-06 23:47 . 2008-01-24 20:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-11-06 23:47 . 2008-05-04 22:13 799 --------- c:\windows\hpomdl29.dat

2008-11-06 23:46 . 2008-01-24 20:25 970,752 -ra------ c:\windows\system32\hpotiop6.dll

2008-11-06 23:46 . 2008-01-24 20:25 729,088 -ra------ c:\windows\system32\hpowiax8.dll

2008-11-06 23:46 . 2008-01-24 20:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll

2008-11-06 23:46 . 2008-01-24 20:25 309,760 -ra------ c:\windows\system32\difxapi.dll

2008-11-06 23:46 . 2008-01-24 20:25 303,104 -ra------ c:\windows\system32\hpovst14.dll

2008-11-06 18:40 . 2008-11-06 23:53 <DIR> d-------- c:\arquivos de programas\HP

2008-11-06 18:21 . 2008-11-06 18:35 395,873 --------- c:\windows\hpoins29.dat.temp

2008-11-06 18:21 . 2008-05-04 22:13 799 --------- c:\windows\hpomdl29.dat.temp

2008-11-05 11:49 . 2008-11-05 12:00 <DIR> d-------- C:\Lop SD

2008-11-05 11:47 . 2008-11-05 11:47 529,069 --a------ C:\LopSD.exe

2008-11-05 11:12 . 2008-11-05 11:12 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-04 19:01 . 2008-11-05 16:05 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-04 19:01 . 2008-11-04 20:02 <DIR> d-------- c:\documents and settings\Aline.PROEN-63CAE5AD5\Dados de aplicativos\AVGTOOLBAR

2008-11-04 19:01 . 2008-11-04 19:01 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-04 19:01 . 2008-11-04 19:01 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-11-04 19:01 . 2008-11-04 19:01 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-11-04 19:01 . 2008-11-04 19:01 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-11-04 16:46 . 2008-11-07 17:16 <DIR> d-------- C:\hijack

2008-11-04 15:10 . 2008-11-07 19:39 <DIR> d-------- C:\registro de arquivos apagados com o CCleaner

2008-11-04 14:56 . 2008-11-04 15:38 <DIR> d-------- c:\arquivos de programas\Yahoo!

2008-11-04 14:56 . 2008-11-04 14:56 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-11-04 14:55 . 2008-11-04 14:55 2,955,128 --a------ C:\ccsetup213.exe

2008-11-04 13:03 . 2008-11-04 14:21 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-03 21:42 . 2008-11-03 21:42 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2008-11-03 20:39 . 2008-11-03 20:39 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\HP

2008-11-03 20:35 . 2008-11-05 20:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2008-11-03 20:34 . 2008-11-03 20:34 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2008-11-03 20:24 . 2008-11-03 20:24 <DIR> d-------- c:\documents and settings\Aline.PROEN-63CAE5AD5\Dados de aplicativos\HP

2008-11-03 20:24 . 2008-11-03 20:24 276 --a------ c:\windows\system\cmicnfg.ini

2008-11-03 19:37 . 2008-11-07 12:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-03 19:35 . 2008-11-03 19:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-11-03 19:35 . 2008-11-03 19:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-03 19:33 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-03 19:33 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-10-29 14:42 . 2008-11-03 10:01 2,972 --a------ c:\windows\system32\tmp.reg

2008-10-29 14:38 . 2008-10-29 14:38 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2008-10-29 14:38 . 2007-05-20 13:32 <DIR> d-------- c:\documents and settings\Administrador\Meus documentos

2008-10-29 14:38 . 2007-05-20 13:32 <DIR> d-------- c:\documents and settings\Administrador\Menu Iniciar

2008-10-29 14:38 . 2007-05-20 13:32 <DIR> d-------- c:\documents and settings\Administrador\Favoritos

2008-10-29 14:38 . 2008-11-03 20:34 <DIR> d--h----- c:\documents and settings\Administrador\Dados de aplicativos

2008-10-29 14:38 . 2008-10-29 14:38 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2008-10-29 14:38 . 2007-05-20 13:32 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2008-10-29 14:38 . 2008-11-04 19:02 <DIR> d-------- c:\documents and settings\Administrador

2008-10-29 14:30 . 2008-09-08 23:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe

2008-10-29 14:30 . 2008-10-01 15:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-10-29 14:30 . 2008-10-10 08:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-10-29 14:30 . 2008-05-18 21:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-10-29 14:30 . 2008-10-10 08:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-10-29 14:30 . 2008-08-18 12:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-10-29 14:30 . 2007-10-04 00:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-10-29 14:29 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-10-29 14:29 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-10-29 14:29 . 2004-07-31 18:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-10-24 20:43 . 2008-10-24 20:43 1 ---hs---- C:\MSDOS.INF

2008-10-19 18:20 . 2008-10-19 18:20 23,392 --a------ c:\windows\system32\nscompat.tlb

2008-10-19 18:20 . 2008-10-19 18:20 16,832 --a------ c:\windows\system32\amcompat.tlb

2008-10-19 18:18 . 2008-10-19 18:18 16 --a------ c:\windows\wininit.ini

2008-10-15 15:17 . 2008-10-25 10:14 <DIR> d--h----- c:\windows\$hf_mig$

2008-10-13 00:19 . 2008-10-13 00:19 <DIR> d-------- c:\documents and settings\Joice\Contacts

2008-10-09 11:43 . 2008-11-07 19:51 <DIR> d---s---- c:\windows\Downloaded Program Files

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 21:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2008-11-07 15:35 --------- d-----w c:\arquivos de programas\GbPlugin

2008-10-29 18:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-10-19 20:17 --------- d-----w c:\arquivos de programas\Java

2008-10-19 20:14 --------- d-----w c:\arquivos de programas\DVD Shrink

2008-10-19 20:09 --------- d-----w c:\arquivos de programas\Google

2008-10-19 20:07 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-08 22:56 --------- d-----w c:\documents and settings\Joice\Dados de aplicativos\Screenshot Sender

2008-10-08 22:27 --------- d-----w c:\documents and settings\Aline.PROEN-63CAE5AD5\Dados de aplicativos\Skype

2008-09-17 14:34 --------- d-----w c:\arquivos de programas\Winamp

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-08-20 05:37 661,504 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:45 2,184,576 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:45 2,061,952 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-03-11 01:51 2,516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-03-11 01:50 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\CD2AFDECF8.sys

2007-12-13 16:29 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2007-07-05 03:22 848 --sha-w c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP54"= SP5X_32.DLL

"VIDC.SP55"= SP5X_32.DLL

"VIDC.SP56"= SP5X_32.DLL

"VIDC.SP57"= SP5X_32.DLL

"VIDC.SP58"= SP5X_32.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2008-11-04 19:01 1235736 c:\arquiv~1\AVG\AVG8\avgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 01:45 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]

--a------ 2006-08-18 17:58 49152 c:\windows\Domino.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 12:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-03-11 01:43 180269 c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-14 20:22 35328 c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]

--a------ 2006-08-19 12:37 49152 c:\windows\ZSSnp211.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 22:33 180224 c:\windows\system32\pctspk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

-ra------ 2004-09-02 03:47 49152 c:\windows\system32\SiSPower.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11104:TCP"= 11104:TCP:BitComet 11104 TCP

"11104:UDP"= 11104:UDP:BitComet 11104 UDP

 

R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-04-17 11264]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 98440]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 90632]

R1 SNSID;SNSID;c:\windows\system32\Drivers\SNSID.sys [2007-05-30 22784]

R1 SNSMS;SNSMS;c:\windows\system32\Drivers\SNSMS.sys [2007-05-30 35464]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-11-04 874776]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]

R2 Ps2KSecureKeyboard;SecureKbd;c:\windows\system32\DRIVERS\psseckbd.sys [2007-05-30 15048]

R2 SNMgrSvc;SNMgrSvc;c:\windows\system32\SnMgrSvc.exe [2007-05-30 280712]

R3 vhidmini;Secure Mouse;c:\windows\system32\DRIVERS\vhsecmou.sys [2007-05-30 12464]

S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys [ ]

S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify- GbPluginBb - c:\arquiv~1\GBPLUGIN\gbieh.dll

MSConfigStartUp-meet great active lies - c:\documents and settings\All Users\Dados de aplicativos\soft chic meet great\Team Bat.exe

MSConfigStartUp-regspeak - c:\docume~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\Ping Plus Poke.exe

MSConfigStartUp-Cmaudio - cmicnfg.cpl

 

 

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = about:blank

O8 -: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 19:57:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-07 20:02:18 - Máquina reiniciou [Aline]

ComboFix-quarantined-files.txt 2008-11-07 22:02:12

 

Pré-execução: 19 pasta(s) 11,281,883,136 bytes disponíveis

Pós execução: 19 pasta(s) 12,149,817,344 bytes disponíveis

 

222 --- E O F --- 2008-11-05 13:12:15

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:07:29, on 7/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5286 bytes

[PedroN 1]

Acesse o site do virus total

http://www.virustotal.com/pt/

 

E faça uma procura pelo arquivo abaixo

 

c:\windows\hpoins29.dat

 

- Clique em enviar arquivo, depois poste o resultado do scan

[AlineP 0]

Segue o resultado do scan do Virus total:

 

 

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.11.7.1 2008.11.07 -

AntiVir 7.9.0.26 2008.11.07 -

Authentium 5.1.0.4 2008.11.07 -

Avast 4.8.1248.0 2008.11.07 -

AVG 8.0.0.161 2008.11.08 -

BitDefender 7.2 2008.11.08 -

CAT-QuickHeal 9.50 2008.11.08 -

ClamAV 0.94.1 2008.11.08 -

DrWeb 4.44.0.09170 2008.11.08 -

eSafe 7.0.17.0 2008.11.06 -

eTrust-Vet 31.6.6198 2008.11.07 -

Ewido 4.0 2008.11.07 -

F-Prot 4.4.4.56 2008.11.07 -

F-Secure 8.0.14332.0 2008.11.08 -

Fortinet 3.117.0.0 2008.11.08 -

GData 19 2008.11.08 -

Ikarus T3.1.1.45.0 2008.11.08 -

K7AntiVirus 7.10.519 2008.11.07 -

Kaspersky 7.0.0.125 2008.11.08 -

McAfee 5427 2008.11.07 -

Microsoft 1.4104 2008.11.08 -

NOD32 3596 2008.11.07 -

Norman 5.80.02 2008.11.07 -

Panda 9.0.0.4 2008.11.07 -

PCTools 4.4.2.0 2008.11.07 -

Prevx1 V2 2008.11.08 -

Rising 21.02.50.00 2008.11.08 -

SecureWeb-Gateway 6.7.6 2008.11.08 -

Sophos 4.35.0 2008.11.08 -

Sunbelt 3.1.1785.2 2008.11.08 -

Symantec 10 2008.11.08 -

TheHacker 6.3.1.1.145 2008.11.08 -

TrendMicro 8.700.0.1004 2008.11.07 -

VBA32 3.12.8.9 2008.11.07 -

ViRobot 2008.11.7.1457 2008.11.07 -

VirusBuster 4.5.11.0 2008.11.07 -

Informações adicionais

File size: 175882 bytes

MD5...: 030f82fd85888688f4e88eacea0c0d46

SHA1..: 1217f213c06e93b7f64444e2f975e7f8400513cd

SHA256: 018436b9c26c272f200f9b8ea401485fecf1919f398cdcfd0a693d3ec955742a

SHA512: 038403badbf49fa25cda5aa3bcaed36c78a1fea192fd75b65fdf79e321c62f4c

94c90d6608ae4529ca379e025993fc18c8666afbca34b538e9d9d41d6c40308c

PEiD..: -

TrID..: File type identification

file seems to be plain text/ASCII (0.0%)

PEInfo: -

[PedroN 1]

Faça o download do arquivo abaixo

 

Download

 

Descompacte para a pasta system32 do windows.

 

Faça um novo scan online também

[AlineP 0]

Olá!

 

Me desculpa, tive uns probleminhas e fiquei um tempo sem poder acessar este computador, agora fui tentar fazer o último procedimento que vcs mandaram, e clicando no link para fazer o download abre a seguinte página http://www.babooforum.com.br/forum/, mas não tem nenhum arquivo ali para fazer download...

 

O que devo fazer???

 

De qualquer forma, como já se passaram alguns dias vou mandar antes um novo log do scan on line e do Hijack This...

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT Monday, November 17, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, November 17, 2008 19:04:10

Records in database: 1390145

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 49940

Threat name: 1

Infected objects: 9

Suspicious objects: 0

Duration of the scan: 02:50:05

 

 

File name / Threat name / Threats count

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\dvd open bash.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\edoazucz.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\pqfdlwwv.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\ALINE~1.PRO\DADOSD~1\FLAPDO~1\vuorrqmp.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\dvd open bash.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\gmaaolbk.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\ktnekeut.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\nexeczxg.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Lop SD\Backup-Lop\DOCUME~1\Joice\DADOSD~1\FLAPDO~1\yorymqsa.exe Infected: Trojan.Win32.Obfuscated.gen 1

 

The selected area was scanned.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:53:01, on 17/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

 

--

End of file - 5482 bytes

[PedroN 1]

- O log estar limpo, algum problema?

[AlineP 0]

Então... tudo certo!!!

Problemas resolvidos!

 

Muito obrigada!

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.