[Arquivado] Problema com Vírus

Miellikki · Julho 14, 2009

O Kaspersky está dando vários alertas de infecção de virus e acesso a rede (normalmente algum executavel tentando ser baixado).

Aparecem mensagens do KIS a cada pagina aberta no browser (no IE e no Firefox)

Já tentei o AVG, Malwarebytes Anti-Malware, o proprio Kaspersky.

Agradeceria se me ajudassem com esse problema!

Abaixo os logs gerados pelo HijackThis, e em seguida pelo ComboFix.

---------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:42:11, on 13/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\Marcos e Wânia\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.shockwavesfxlive.in/proxy.pac

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [JavaPlugin] C:\DOCUME~1\MARCOS~1\CONFIG~1\Temp\iexplorer.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1c9f5a96c69934a) (gupdate1c9f5a96c69934a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 9945 bytes

-------------------------------------------------------------------------------------------------------------

ComboFix 09-07-13.01 - Marcos e Wânia 13/07/2009 19:14.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.540 [GMT -3:00]

Executando de: c:\documents and settings\Marcos e Wânia\Desktop\Manutenção\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))

.

2009-07-13 21:14 . 2009-07-13 21:14 -------- d-----w- c:\arquivos de programas\AVG

2009-07-13 20:42 . 2009-07-13 20:42 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2009-07-13 20:22 . 2009-07-13 20:22 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll

2009-07-13 20:19 . 2009-07-13 22:24 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-13 20:15 . 2009-07-13 20:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-07-13 20:15 . 2009-07-13 20:15 50688 ----a-w- c:\windows\system32\wbhelp2.dll

2009-07-13 20:15 . 2009-07-13 20:22 -------- d-----w- c:\arquivos de programas\DAP

2009-07-13 18:58 . 2009-07-13 19:37 -------- d-----w- c:\arquivos de programas\Exterminate It!

2009-07-12 16:23 . 2009-07-12 16:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PhishGuard

2009-07-12 15:16 . 2009-07-12 15:18 -------- d-----w- C:\LinhaDefensiva

2009-07-11 21:20 . 2009-07-11 21:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-07-11 21:19 . 2009-07-11 21:19 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-11 18:16 . 2009-07-11 18:16 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-06-25 17:39 . 2009-06-25 17:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-06-25 17:39 . 2009-06-25 17:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-06-25 15:48 . 2009-06-25 15:48 0 ----a-w- c:\windows\nsreg.dat

2009-06-25 15:18 . 2009-06-25 15:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-06-18 09:41 . 2009-06-18 09:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 22:25 . 2009-04-22 18:43 20263968 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-13 22:23 . 2009-04-22 18:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-07-13 22:21 . 2009-04-22 18:43 275216 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-13 22:21 . 2009-04-22 18:43 32456 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-13 22:21 . 2009-04-22 18:43 323872 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-13 22:09 . 2009-07-13 21:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-13 21:14 . 2009-07-13 21:14 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-07-13 21:14 . 2009-07-13 21:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-13 21:14 . 2009-07-13 21:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-13 21:14 . 2009-07-13 21:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-13 21:14 . 2009-07-13 21:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-25 17:39 . 2003-02-21 07:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-06-25 17:39 . 2003-03-18 23:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-06-25 15:27 . 2009-04-06 11:04 -------- d-----w- c:\arquivos de programas\Google

2009-06-24 15:20 . 2009-03-12 20:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-24 13:25 . 2009-03-12 20:44 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-06-15 22:19 . 2009-03-12 21:34 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-06-14 15:55 . 2009-03-07 22:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-06-13 15:32 . 2009-06-13 15:32 -------- d-----w- c:\arquivos de programas\Directx 9c

2009-06-13 15:31 . 2009-06-13 15:31 -------- d-----w- c:\arquivos de programas\Desliga Aí!

2009-06-13 15:31 . 2009-06-13 15:31 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-06-13 15:29 . 2009-06-13 15:29 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2009-06-13 14:09 . 2009-06-13 14:09 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-06-13 14:08 . 2009-06-13 14:08 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-06-07 17:32 . 2009-03-07 22:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-05-20 16:11 . 2009-04-22 18:43 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-20 16:11 . 2009-04-22 18:43 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-13 05:03 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2008-04-14 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-22 20:03 . 2007-10-31 16:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

2009-04-22 20:03 . 2009-04-22 20:03 112144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

2009-04-22 20:02 . 2009-04-22 20:02 25104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

2009-04-22 20:02 . 2009-04-22 20:01 772624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

2009-04-22 20:00 . 2009-04-22 20:00 150032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

2009-04-22 20:00 . 2009-04-22 20:00 354832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

2009-04-19 19:50 . 2008-04-14 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-19 12:47 . 2008-04-14 12:00 68190 ----a-w- c:\windows\system32\perfc016.dat

2009-04-19 12:47 . 2008-04-14 12:00 427986 ----a-w- c:\windows\system32\perfh016.dat

2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-06-03 03:00 . 2009-06-25 15:47 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-07-13 2754048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]

"SysTrayApp"="c:\arquivos de programas\IDT\WDM\sttray.exe" [2007-11-09 409600]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-06-25 198160]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-07-13 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marcos e Wƒnia\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-13 21:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [13/7/2009 18:14 12552]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [12/3/2009 18:34 27056]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/7/2009 18:14 335752]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/7/2009 18:14 108552]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [13/7/2009 18:14 298776]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [12/3/2009 18:34 53552]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

S2 gupdate1c9f5a96c69934a;Google Update Service (gupdate1c9f5a96c69934a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [25/6/2009 12:27 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-13 c:\windows\Tasks\Google Software Updater.job

- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 15:18]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-25 15:27]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-25 15:27]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: bb.com.br\www2

Trusted Zone: com.br\www2bancobrasil

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Marcos e Wânia\Dados de aplicativos\Mozilla\Firefox\Profiles\ikd890qv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: network.proxy.type - 2

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 19:23

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1332)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

- - - - - - - > 'lsass.exe'(1388)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(2844)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquiv~1\AVG\AVG8\avgam.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\igfxsrvc.exe

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-13 19:28 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-13 22:27

Pré-execução: 7.566.499.840 bytes disponíveis

Pós execução: 7.501.570.048 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

234 --- E O F --- 2009-06-14 15:55

================================================================

Obrigada pela ajuda desde já! =3

Power Max · Julho 15, 2009

:thumbsup: Olá Miellikki!

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.shockwavesfxlive.in/proxy.pac

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [JavaPlugin] C:\DOCUME~1\MARCOS~1\CONFIG~1\Temp\iexplorer.exe

_____________________________________________________________________________

:seta: Depois disto faça uma limpeza de seu PC com o Spyware Doctor seguindo as dicas deste tutorial:

Tutorial do Spyware Doctor Starter Edition

Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

Miellikki · Julho 19, 2009

O KIS ainda está acusando todos os executaveis do computador(explorere.exe, firefox.exe, todos!) de virus, e os sites de banco estão estranho

No ITAU pedem informações demais, a digitação de senha foi alterada para 10 botoes(em vez dos 5 usuais). Pishing :/

No BB o login do internet banking é redirecionado pra uma pagina php, e não há validação dos formularios de agencia/conta. Tambem pedem a senha do cartão... Outro pishing obvio ;/

O mesmo no Bradesco, pedem as chaves de segurança e a senha do cartão

Abaixo o log do Hijackthis e o (extenso) log do spyware doctor:

______________________________________________________________HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:47:27, on 19/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Spyware Doctor\pctsGui.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Marcos e Wânia\Desktop\Manutenção\HijackThis.exe