Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jcarlos_96

[Arquivado] "existem demasiados emails identicos..."

Recommended Posts

Boa tarde,

 

Estava a pesquisar sobre um virus (presumivelmente malware) que surgiu num pc antigo que tenho ainda em funcionamento, e descobri vosso site que parece interessantissimo, e muito util.

 

Após leitura das regras, usei o highjackthis e obtive esse ficheiro:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:56:31, on 23-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Sharp\Sharpdesk\SharpTray.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\SHARP\Button Manager E\btnman.exe

C:\Programas\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe

C:\Programas\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1DEA7416-4155-4AD2-B7DF-0D6D760BA261} - (no file)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programas\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: {3f785dac-84cd-0f9b-5614-8542e6e7d6c5} - {5c6d7e6e-2458-4165-b9f0-dc48cad587f3} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A1B3CA20-BCA1-42EA-AA45-D4DCF89358D3} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: (no name) - {BAFFE38C-C38F-421D-A619-854106535705} - (no file)

O2 - BHO: BHO - {CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000} - C:\Documents and Settings\Pina\winfh.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PhilipsDM] "C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe"

O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMF.tmp

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sharpTray] C:\Programas\Sharp\Sharpdesk\SharpTray.exe

O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: siszyd32.exe

O4 - Global Startup: Button Manager E.lnk = C:\Programas\SHARP\Button Manager E\btnman.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{956C79DE-2B8A-4552-84E9-C2CE5E24EA7B}: NameServer = 192.168.1.1

O20 - Winlogon Notify: mljGvwTK - mljGvwTK.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 8595 bytes

 

 

Acham que conseguem detectar o problema?

 

Desde já o meu agradecimento

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá jcarlos_96!

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_____________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {1DEA7416-4155-4AD2-B7DF-0D6D760BA261} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: {3f785dac-84cd-0f9b-5614-8542e6e7d6c5} - {5c6d7e6e-2458-4165-b9f0-dc48cad587f3} - (no file)

 

O2 - BHO: (no name) - {A1B3CA20-BCA1-42EA-AA45-D4DCF89358D3} - (no file)

 

O2 - BHO: (no name) - {BAFFE38C-C38F-421D-A619-854106535705} - (no file)

 

O4 - Startup: siszyd32.exe

 

O20 - Winlogon Notify: mljGvwTK - mljGvwTK.dll (file missing)

______________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

______________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Malwarebytes, o log que estará em C:\avenger.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desde já agradeço a rapidez e eficiência da resposta.

 

Encontrei um pequeno problema:

 

Ao executar o programa avenger, abre a janela mas fica tudo cinzento!

 

Consigo fazer "load scrip" - "paste from clipboard", mas depois não aperece nenhum "EXECUTE"

 

Mantem tudo cinzento...

 

Estou a fazer algo errado?

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Tente então excluir manualmente este arquivo destacado abaixo em vermelho:

 

C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe

 

E depois de excluir este arquivo acima não precisa executar mais o Avenger. Siga só os outros procedimentos que te passei.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Tente então excluir manualmente este arquivo destacado abaixo em vermelho:

 

C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe

 

E depois de excluir este arquivo acima não precisa executar mais o Avenger. Siga só os outros procedimentos que te passei.

 

 

Dentro da pasta arranque apenas está um ficheiro - desktop.ini

 

fiz tudo o resto mas o problema mantem-se...

 

quer que coloque novamente os logs aqui?

 

peço desculpa! Esqueci de usar o Malwarebytes...

 

é igual se fizer agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Dentro da pasta arranque apenas está um ficheiro - desktop.ini

 

fiz tudo o resto mas o problema mantem-se...

 

quer que coloque novamente os logs aqui?

 

peço desculpa! Esqueci de usar o Malwarebytes...

 

é igual se fizer agora?

:seta: Execute então o Malwarebytes e o Combofix e poste o log do Malwarebytes, Combofix e novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Entretanto consegui usar o avenger, mas o programa malwarbytes não instala!

Já tentei fazer o download de vários, de servidores diferentes, e nenhum instala! Da sempre um erro no final!

 

Log AVENGER

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Dec 23 18:52:32 2009

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Dec 23 18:59:03 2009

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Dec 23 19:10:25 2009

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Dec 23 20:38:25 2009

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe" not found!

Deletion of file "C:\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

(como tinha dito antes o ficheiro não existe...

 

Log COMBOFIX

 

ComboFix 09-12-27.04 - ANTONIO PINA 28-12-2009 20:26:04.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.511.246 [GMT 0:00]

Executando de: c:\documents and settings\ANTONIO PINA\Ambiente de trabalho\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-28 ))))))))))))))))))))))))))))

.

 

2009-12-28 19:52 . 2009-12-28 20:00 -------- d-----w- c:\programas\Spybot - Search & Destroy

2009-12-28 19:43 . 2009-12-28 19:43 -------- d-----w- C:\SpybotSDPortable

2009-12-23 17:05 . 2009-12-23 17:05 33280 ---ha-w- c:\documents and settings\Pina\winfh.dll

2009-12-23 17:04 . 2009-12-23 17:04 -------- d-----w- c:\documents and settings\Pina\Tracing

2009-12-23 16:49 . 2009-12-23 17:01 -------- d-----w- C:\3cb1316749c339c0a9c166d7e8

2009-12-23 12:21 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-22 19:23 . 2009-11-02 20:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe

2009-12-22 19:15 . 2009-12-22 19:15 -------- d-----w- c:\programas\CCleaner

2009-12-22 19:12 . 2009-12-22 19:12 -------- d-----w- c:\programas\Windows Defender

2009-12-22 17:08 . 2009-12-22 17:08 -------- d-----w- C:\ec342eb22c2084a3a056de2fd8

2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- C:\!KillBox

2009-12-22 15:43 . 2009-12-22 15:43 -------- d-----w- c:\programas\Trend Micro

2009-12-22 00:14 . 2009-12-22 00:14 -------- d-----w- C:\8f855b4917b2d17dc472819e96a0d168

2009-12-21 13:49 . 2009-12-28 20:33 704512 ----a-w- c:\windows\system32\drivers\mmsuwl.sys

2009-12-21 13:48 . 2009-12-22 00:13 34816 ----a-w- c:\windows\system32\diskuery.dll.vir

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 20:00 . 2008-06-29 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-22 19:10 . 2008-11-02 14:38 -------- d-----w- c:\programas\Valve

2009-12-22 18:41 . 2008-11-17 19:44 -------- d-----w- c:\documents and settings\ANTONIO PINA\Application Data\SEGA

2009-12-22 18:40 . 2007-12-08 22:58 -------- d-----w- c:\documents and settings\ANTONIO PINA\Application Data\MP3Rocket

2009-12-22 00:13 . 2009-12-22 00:13 20 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat

2009-12-21 13:48 . 2009-12-21 13:47 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

2009-12-18 17:43 . 2008-06-30 10:29 72632 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-12-10 09:26 . 2004-09-21 12:00 532856 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 09:26 . 2004-09-21 12:00 100436 ----a-w- c:\windows\system32\perfc016.dat

2009-11-27 16:55 . 2009-11-27 16:55 45056 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\NewShortcut2_65FBDD0549374116AAA622974C6F350C.exe

2009-11-27 16:55 . 2009-11-27 16:55 45056 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\NewShortcut1_65FBDD0549374116AAA622974C6F350C.exe

2009-11-27 16:55 . 2009-11-27 16:55 10134 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\ARPPRODUCTICON.exe

2009-11-21 15:58 . 2004-09-21 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-18 21:09 . 2007-12-05 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-18 21:07 . 2007-12-04 15:09 -------- d-----w- c:\programas\Microsoft Works

2009-11-17 20:30 . 2008-04-02 18:46 -------- d-----w- c:\programas\Windows Live

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\programas\Microsoft

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\programas\Windows Live SkyDrive

2009-11-17 20:18 . 2009-11-17 20:18 -------- d-----w- c:\programas\Ficheiros comuns\Windows Live

2009-11-13 19:48 . 2009-11-13 19:48 -------- d-----w- c:\programas\Paint.NET

2009-10-29 07:42 . 2004-09-21 12:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:42 . 2004-09-21 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:42 . 2004-09-21 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:39 . 2004-09-21 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-09-21 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-09-21 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:33 . 2004-09-21 12:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-09-21 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:39 . 2004-09-21 12:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-01 17:15 . 2008-11-25 13:28 249856 ------w- c:\windows\Setup1.exe

2009-10-01 17:15 . 2008-11-25 13:28 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-10-01 15:50 . 2000-04-26 13:34 430080 ----a-w- c:\windows\system32\MSREPL35.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000}]

2009-12-23 17:05 33280 ---ha-w- c:\documents and settings\Pina\winfh.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SharpTray"="c:\programas\Sharp\Sharpdesk\SharpTray.exe" [2004-03-05 28672]

"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 196608]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-06-03 185896]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"PhilipsDM"="c:\programas\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-07-13 651264]

"Windows Defender"="c:\programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

"c:\windows\system32\msnmsrg.exe"="c:\windows\system32\msnmsrg.exe" [2009-09-22 730112]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Button Manager E.lnk - c:\programas\SHARP\Button Manager E\btnman.exe [2007-12-6 106496]

Windows Desktop Search.lnk - c:\programas\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 01:04 39792 ----a-w- c:\programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 16:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

2006-09-19 09:07 827392 ----a-w- c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 ----a-w- c:\programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-27 15:29 68856 ----a-w- c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Gestão de Ficheiros DRI\\_jvm\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R2 WinDefend;Windows Defender;c:\programas\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [04-12-2007 18:33 166656]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05-12-2007 22:34 685816]

S2 MAINTE;Integration Maintenance Program Version 4.01 Generic USB Driver;c:\windows\system32\drivers\usbscan.sys [05-12-2007 21:04 15104]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mmsuwl

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.sapo.pt/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: gov.pt\www.e-financas

TCP: {956C79DE-2B8A-4552-84E9-C2CE5E24EA7B} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\ANTONIO PINA\Application Data\Mozilla\Firefox\Profiles\sy0zycyb.default\

FF - prefs.js: browser.startup.homepage - www.sapo.pt

FF - plugin: c:\documents and settings\ANTONIO PINA\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll

FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-28 20:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mmsuwl]

 

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3444)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-12-28 20:36:16

ComboFix-quarantined-files.txt 2009-12-28 20:36

ComboFix2.txt 2009-12-23 19:47

 

Pré-execução: 102.542.856.192 bytes livres

Pós execução: 102.516.322.304 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 6AC8D80A6C72E305EC68D8009F52749F

 

 

Novo log hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:14:55, on 28-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\SHARP\Button Manager E\btnman.exe

C:\Programas\Windows Desktop Search\WindowsSearch.exe

C:\Programas\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programas\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: BHO - {CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000} - C:\Documents and Settings\Pina\winfh.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PhilipsDM] "C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [sharpTray] C:\Programas\Sharp\Sharpdesk\SharpTray.exe

O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [C:\WINDOWS\system32\msnmsrg.exe] C:\WINDOWS\system32\msnmsrg.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Button Manager E.lnk = C:\Programas\SHARP\Button Manager E\btnman.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{956C79DE-2B8A-4552-84E9-C2CE5E24EA7B}: NameServer = 192.168.1.1

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 6768 bytes

 

 

Entretanto vou reiniciar a maquina e ver se o erro volta.

 

Se houver mais alguma sugestão, agradeço!

Compartilhar este post


Link para o post
Compartilhar em outros sites
o programa malwarbytes não instala!

Já tentei fazer o download de vários, de servidores diferentes, e nenhum instala! Da sempre um erro no final!

:seta: Baixe o Malwarebytes 'Anti-Malware, ou MBAM, a partir da seguinte localização e salve-o no desktop (área de trabalho):

http://mbam.malwarebytes.org/program/random.php

 

O nome do Malwarebytes estará diferente, mas esta é uma forma de ´´enganarmos`` estes malwares e fazer com que eles permitam a execução do Malwarebytes.

 

* Faça a instalação dando um duplo clique no instalador do Malwarebytes;

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

_______________________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-bankerfix.html"]Tutorial do Bankerfix

 

Na sua próxima resposta poste o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt juntamente com o log do Malwarebytes e um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

o malwarebytes continua a dar erro amigo...

 

diz: error code: 707 (3.0) :(

 

Será que se o executar em modo segurança terei mais sorte?

Sim, no Modo de segurança é muito mais fácil de termos sucesso, pois no Modo Seguro os virus e malwares não ficam atrapalhando a execução dele. Execute o Bankerfix também no Modo seguro e depois poste os logs que foram pedidos, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-12-28 - 22:59

-------------------------------------------------------

Lista de Definição: 2009-10-26-1 | CORE: 2009-07-24-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\javasq2.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\msnmsrg.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:10:10, on 28-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Sharp\Sharpdesk\SharpTray.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\SHARP\Button Manager E\btnman.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programas\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: BHO - {CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000} - C:\Documents and Settings\Pina\winfh.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PhilipsDM] "C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sharpTray] C:\Programas\Sharp\Sharpdesk\SharpTray.exe

O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [C:\WINDOWS\system32\msnmsrg.exe] C:\WINDOWS\system32\msnmsrg.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Button Manager E.lnk = C:\Programas\SHARP\Button Manager E\btnman.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{956C79DE-2B8A-4552-84E9-C2CE5E24EA7B}: NameServer = 192.168.1.1

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 7522 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O4 - HKUS\S-1-5-18\..\Run: [C:\WINDOWS\system32\msnmsrg.exe] C:\WINDOWS\system32\msnmsrg.exe (User 'SYSTEM')

__________________________________

 

:seta: Tente novamente executar o Malwarebytes e veja se é possível. Caso seja possível, faça uma Verificação Completa com ele e poste o log dele junto com novo log do Hijackthis.

__________________________________

 

:seta: Se não for possível executar o Malwarebytes, siga as dicas deste tutorial:

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

log KASPERSKY:

 

28-12-2009 23:30:16 Task started

29-12-2009 0:35:40 Detected: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir

29-12-2009 0:35:42 Untreated: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir Postponed

29-12-2009 1:32:52 Detected: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir

29-12-2009 1:32:52 Untreated: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir Postponed

29-12-2009 1:47:32 Detected: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe

29-12-2009 1:47:33 Untreated: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe Postponed

29-12-2009 1:51:43 Detected: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe

29-12-2009 1:51:43 Untreated: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe Postponed

29-12-2009 2:26:57 Detected: Rootkit.Win32.Agent.aagq C:\WINDOWS\system32\drivers\mmsuwl.sys

29-12-2009 2:26:57 Untreated: Rootkit.Win32.Agent.aagq C:\WINDOWS\system32\drivers\mmsuwl.sys Postponed

29-12-2009 2:50:27 Detected: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir

29-12-2009 2:50:27 Untreated: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir Postponed

29-12-2009 3:17:37 Detected: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir

29-12-2009 3:17:38 Untreated: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir Postponed

29-12-2009 3:22:43 Detected: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe

29-12-2009 3:22:43 Untreated: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe Postponed

29-12-2009 3:23:16 Detected: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe

29-12-2009 3:23:16 Untreated: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe Postponed

29-12-2009 3:36:37 Detected: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir

29-12-2009 9:20:03 Deleted: Backdoor.Win32.Bifrose.bxbm C:\LinhaDefensiva\QUA\Arquivos\system32\msnmsrg.exe.vir

29-12-2009 9:20:04 Detected: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir

29-12-2009 9:20:20 Deleted: Trojan.Win32.Agent.demb C:\Qoobox\Quarantine\C\Documents and Settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\siszyd32.exe.vir

29-12-2009 9:20:20 Detected: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe

29-12-2009 9:20:35 Deleted: Trojan.Win32.Agent.demb C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP740\A0120114.exe

29-12-2009 9:20:35 Detected: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe

29-12-2009 9:22:19 Deleted: Backdoor.Win32.Bifrose.bxbm C:\System Volume Information\_restore{A74AA50A-3122-4AC1-AA77-67EE679DC7A4}\RP743\A0125937.exe

29-12-2009 9:22:20 Task completed

 

 

Novo log HIGHJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:14:55, on 28-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\SHARP\Button Manager E\btnman.exe

C:\Programas\Windows Desktop Search\WindowsSearch.exe

C:\Programas\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programas\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: BHO - {CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000} - C:\Documents and Settings\Pina\winfh.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PhilipsDM] "C:\Programas\Philips\Philips Device Manager\Bin\DeviceManager.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [sharpTray] C:\Programas\Sharp\Sharpdesk\SharpTray.exe

O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [C:\WINDOWS\system32\msnmsrg.exe] C:\WINDOWS\system32\msnmsrg.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Button Manager E.lnk = C:\Programas\SHARP\Button Manager E\btnman.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{956C79DE-2B8A-4552-84E9-C2CE5E24EA7B}: NameServer = 192.168.1.1

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 6768 bytes

 

 

A mensagem de erro do avast "demasiados e-mails identicos...) deixou de aparecer, mas a maquina continua lenta e o router constantemente a piscar.

 

Mais alguma sugestão?

 

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Siga, por gentileza, as dicas deste tutorial:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-aboutbuster.html"]Tutorial do AboutBuster

 

Será criado um resultado em Ab LogFile.txt, localizado na pasta do programa AboutBuster.

____________________________________

 

:seta: Selecione o texto dentro do Quote (caixa branca abaixo) e copie para o Bloco de notas. Salve-o como CFScript.txt

 

 

File::

c:\documents and settings\NetworkService\Application Data\fvgqad.dat

c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

c:\windows\system32\GDIPFONTCACHEV1.DAT

C:\WINDOWS\system32\msnmsrg.exe

C:\WINDOWS\system32\drivers\mmsuwl.sys

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"c:\windows\system32\msnmsrg.exe"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mmsuwl]

Driver::

C:\WINDOWS\system32\drivers\mmsuwl.sys

 

Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

 

CFScript.gif

 

Se solicitado pressione "Enter" para iniciar o processo de remoção;

 

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

 

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

____________________________________

 

:seta: Na sua próxima resposta poste o log que estará em C:\ComboFix.txt, o conteúdo do arquivo Ab LogFile.txt, localizado na pasta do programa AboutBuster e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

LOG ABOUTBUSTER:

 

AboutBuster 6.07

Scan started on [30-12-2009] at [0:12:14]

-------------------------------------------------------------

C:\WINDOWS\system32\aswBoot.exe

-------------------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 0:13:59

 

LOG COMBOFIX (APOS ALTERAÇÃO)

 

ComboFix 09-12-29.04 - ANTONIO PINA 30-12-2009 0:36.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.511.203 [GMT 0:00]

Executando de: c:\documents and settings\ANTONIO PINA\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\ANTONIO PINA\Ambiente de trabalho\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\documents and settings\NetworkService\Application Data\fvgqad.dat"

"c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat"

"c:\windows\system32\drivers\mmsuwl.sys"

"c:\windows\system32\GDIPFONTCACHEV1.DAT"

"c:\windows\system32\msnmsrg.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\NetworkService\Application Data\fvgqad.dat

c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

c:\windows\system32\drivers\mmsuwl.sys

c:\windows\system32\GDIPFONTCACHEV1.DAT

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_mmsuwl

-------\Service_mmsuwl

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-30 ))))))))))))))))))))))))))))

.

 

2009-12-28 23:27 . 2009-10-22 12:54 37392 ----a-w- c:\windows\system32\drivers\99398212.sys

2009-12-28 23:27 . 2009-10-09 22:31 315408 ----a-w- c:\windows\system32\drivers\9939821.sys

2009-12-28 23:27 . 2009-09-25 16:59 128016 ----a-w- c:\windows\system32\drivers\99398211.sys

2009-12-28 22:59 . 2009-12-28 23:00 -------- d-----w- C:\LinhaDefensiva

2009-12-28 21:25 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-12-28 21:25 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-12-28 21:25 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-12-28 21:25 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-12-28 21:25 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-12-28 21:25 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-12-28 21:25 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-12-28 21:25 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-12-28 21:24 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-12-28 19:52 . 2009-12-28 20:00 -------- d-----w- c:\programas\Spybot - Search & Destroy

2009-12-28 19:43 . 2009-12-28 19:43 -------- d-----w- C:\SpybotSDPortable

2009-12-23 17:05 . 2009-12-23 17:05 33280 ---ha-w- c:\documents and settings\Pina\winfh.dll

2009-12-23 17:04 . 2009-12-23 17:04 -------- d-----w- c:\documents and settings\Pina\Tracing

2009-12-23 16:49 . 2009-12-23 17:01 -------- d-----w- C:\3cb1316749c339c0a9c166d7e8

2009-12-23 12:21 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-22 19:23 . 2009-11-02 20:42 195456 ----a-w- c:\windows\system32\MpSigStub.exe

2009-12-22 19:15 . 2009-12-22 19:15 -------- d-----w- c:\programas\CCleaner

2009-12-22 19:12 . 2009-12-22 19:12 -------- d-----w- c:\programas\Windows Defender

2009-12-22 17:08 . 2009-12-22 17:08 -------- d-----w- C:\ec342eb22c2084a3a056de2fd8

2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- C:\!KillBox

2009-12-22 15:43 . 2009-12-22 15:43 -------- d-----w- c:\programas\Trend Micro

2009-12-22 00:14 . 2009-12-22 00:14 -------- d-----w- C:\8f855b4917b2d17dc472819e96a0d168

2009-12-21 13:48 . 2009-12-22 00:13 34816 ----a-w- c:\windows\system32\diskuery.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 21:26 . 2007-12-05 22:17 -------- d-----w- c:\programas\Google

2009-12-28 20:00 . 2008-06-29 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-22 19:10 . 2008-11-02 14:38 -------- d-----w- c:\programas\Valve

2009-12-22 18:41 . 2008-11-17 19:44 -------- d-----w- c:\documents and settings\ANTONIO PINA\Application Data\SEGA

2009-12-22 18:40 . 2007-12-08 22:58 -------- d-----w- c:\documents and settings\ANTONIO PINA\Application Data\MP3Rocket

2009-12-10 09:26 . 2004-09-21 12:00 532856 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 09:26 . 2004-09-21 12:00 100436 ----a-w- c:\windows\system32\perfc016.dat

2009-11-27 16:55 . 2009-11-27 16:55 45056 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\NewShortcut2_65FBDD0549374116AAA622974C6F350C.exe

2009-11-27 16:55 . 2009-11-27 16:55 45056 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\NewShortcut1_65FBDD0549374116AAA622974C6F350C.exe

2009-11-27 16:55 . 2009-11-27 16:55 10134 ----a-r- c:\documents and settings\ANTONIO PINA\Application Data\Microsoft\Installer\{65FBDD05-4937-4116-AAA6-22974C6F350C}\ARPPRODUCTICON.exe

2009-11-21 15:58 . 2004-09-21 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-18 21:09 . 2007-12-05 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-18 21:07 . 2007-12-04 15:09 -------- d-----w- c:\programas\Microsoft Works

2009-11-17 20:30 . 2008-04-02 18:46 -------- d-----w- c:\programas\Windows Live

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\programas\Microsoft

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\programas\Windows Live SkyDrive

2009-11-17 20:18 . 2009-11-17 20:18 -------- d-----w- c:\programas\Ficheiros comuns\Windows Live

2009-11-13 19:48 . 2009-11-13 19:48 -------- d-----w- c:\programas\Paint.NET

2009-10-29 07:42 . 2004-09-21 12:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:42 . 2004-09-21 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:42 . 2004-09-21 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:39 . 2004-09-21 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-09-21 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-09-21 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:33 . 2004-09-21 12:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-09-21 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:39 . 2004-09-21 12:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-01 17:15 . 2008-11-25 13:28 249856 ------w- c:\windows\Setup1.exe

2009-10-01 17:15 . 2008-11-25 13:28 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-10-01 15:50 . 2000-04-26 13:34 430080 ----a-w- c:\windows\system32\MSREPL35.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000}]

2009-12-23 17:05 33280 ---ha-w- c:\documents and settings\Pina\winfh.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SharpTray"="c:\programas\Sharp\Sharpdesk\SharpTray.exe" [2004-03-05 28672]

"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 196608]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-06-03 185896]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Windows Defender"="c:\programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

c:\documents and settings\ANTONIO PINA\Menu Iniciar\Programas\Arranque\

setup_9.0.0.722_25.12.2009_11-11.lnk - c:\documents and settings\ANTONIO PINA\Ambiente de trabalho\Virus Removal Tool\setup_9.0.0.722_25.12.2009_11-11\startup.exe [2009-12-28 72208]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Button Manager E.lnk - c:\programas\SHARP\Button Manager E\btnman.exe [2007-12-6 106496]

Windows Desktop Search.lnk - c:\programas\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 01:04 39792 ----a-w- c:\programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 16:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]

2006-07-13 18:45 651264 ----a-w- c:\programas\Philips\Philips Device Manager\bin\DeviceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

2006-09-19 09:07 827392 ----a-w- c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 ----a-w- c:\programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-12-27 15:29 68856 ----a-w- c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Gestão de Ficheiros DRI\\_jvm\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R0 99398212;99398212 Boot Guard Driver;c:\windows\system32\drivers\99398212.sys [28-12-2009 23:27 37392]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05-12-2007 22:34 685816]

R1 99398211;99398211;c:\windows\system32\drivers\99398211.sys [28-12-2009 23:27 128016]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28-12-2009 21:25 114768]

R1 setup_9.0.0.722_25.12.2009_11-11drv;setup_9.0.0.722_25.12.2009_11-11drv;c:\windows\system32\drivers\9939821.sys [28-12-2009 23:27 315408]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28-12-2009 21:25 20560]

R2 WinDefend;Windows Defender;c:\programas\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [04-12-2007 18:33 166656]

S2 gupdate;Serviço Google Update (gupdate);c:\programas\Google\Update\GoogleUpdate.exe [28-12-2009 21:25 133104]

S2 MAINTE;Integration Maintenance Program Version 4.01 Generic USB Driver;c:\windows\system32\drivers\usbscan.sys [05-12-2007 21:04 15104]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-12-28 21:25]

 

2009-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-12-28 21:25]

 

2009-12-30 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.clix.pt/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: gov.pt\www.e-financas

TCP: {956C79DE-2B8A-4552-84E9-C2CE5E24EA7B} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\ANTONIO PINA\Application Data\Mozilla\Firefox\Profiles\sy0zycyb.default\

FF - prefs.js: browser.startup.homepage - www.sapo.pt

FF - plugin: c:\documents and settings\ANTONIO PINA\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll

FF - plugin: c:\programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-30 00:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x82F898AC]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf872df28

\Driver\ACPI -> ACPI.sys @ 0xf858dcb8

\Driver\atapi -> atapi.sys @ 0xf840eb40

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8305bd4

PacketIndicateHandler -> NDIS.sys @ 0xf8311a21

SendHandler -> NDIS.sys @ 0xf8305d44

user & kernel MBR OK

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2944)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\diskuery.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\Alwil Software\Avast4\aswUpdSv.exe

c:\programas\Alwil Software\Avast4\ashServ.exe

c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\programas\Alwil Software\Avast4\ashMaiSv.exe

c:\programas\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-30 00:58:18 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-30 00:58

ComboFix2.txt 2009-12-28 20:36

ComboFix3.txt 2009-12-23 19:47

 

Pré-execução: 101.783.863.296 bytes livres

Pós execução: 101.797.892.096 bytes livres

 

- - End Of File - - 1AF4658C7506E157C5CB65515B5204F2

 

NOVO LOG HIGHJACKTHIS:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0:59:05, on 30-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Sharp\Sharpdesk\SharpTray.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\SHARP\Button Manager E\btnman.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clix.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programas\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: BHO - {CFCAAF92-3665-4aa3-BD88-5BFFE7C5C000} - C:\Documents and Settings\Pina\winfh.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sharpTray] C:\Programas\Sharp\Sharpdesk\SharpTray.exe

O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: setup_9.0.0.722_25.12.2009_11-11.lnk = C:\Documents and Settings\ANTONIO PINA\Ambiente de trabalho\Virus Removal Tool\setup_9.0.0.722_25.12.2009_11-11\startup.exe

O4 - Global Startup: Button Manager E.lnk = C:\Programas\SHARP\Button Manager E\btnman.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{956C79DE-2B8A-4552-84E9-C2CE5E24EA7B}: NameServer = 192.168.1.1

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 7405 bytes

 

 

O erro inicial deixou de aparecer, a internet parece estar melhor, mas ao abrir o internet explorer, dá erro e a barra do IE não aparece.

 

Deu o seguinte erro:

 

O CTF LOADER ENCONTROU UM PROBLEMA E VAI SER ENCERRADO.

 

Já através do mozila firefox ou google chrome não dá qualquer erro.

 

Mais uma vez muito obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Baixe o '>http://www2.gmer.net/mbr/mbr.exe"]MBR e salve-o em C:\

 

* Vá no menu: Iniciar > Executar > digite (ou copie e cole esta linha abaixo):

 

c:\mbr.exe -f

 

*Clique OK. Caso seja perguntado, permita o programa ser executado.

 

O log estará em C:\mbr.txt

__________________________________________

 

:seta: Acesse o site http://virscan.org/ '>VirSCAN e envie estes arquivos destacados em vermelho abaixo para serem analisados (um de cada vez) e ao final de cada escaneamento copie o endereço que aparecerá na barra de endereços de seu navegador e poste cada um destes endereços para que possamos ver o resultado do escaneamento:

 

c:\windows\system32\drivers\99398212.sys

c:\windows\system32\drivers\9939821.sys

c:\windows\system32\drivers\99398211.sys

c:\windows\system32\diskuery.dll

c:\documents and settings\Pina\winfh.dll

__________________________________________

 

:seta: Siga também as dicas destes tutoriais:

 

Tutorial do Panda Anti-RootKit

 

Tutorial do Sophos Anti-RootKit

__________________________________________

 

:seta: Na sua próxima resposta poste o log que estará em C:\mbr.txt, juntamente com um novo log do Hijackthis, os links dos escaneamentos dos arquivos no site VirSCAN e nos diga se algum problema foi detectado e removido pelo Panda e Sophos Anti-RootKit.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.