vitor siqueira

Agosto 29, 2009

Meu pc está com um problema. Reinicializa sozinho e está muito lento.

Segue log HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:59:28, on 29/08/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\hphmon06.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\Magentic\bin\MgApp.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll (file missing)

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

O4 - HKLM\..\Run: [HPHUPD06] C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Magentic] C:\ARQUIV~1\Magentic\bin\Magentic.exe /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Media Player.lnk = C:\Arquivos de programas\Adobe Media Player\Adobe Media Player.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1c98ee030fd60a0) (gupdate1c98ee030fd60a0) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5441 bytes

Aguardo instruções.

Abraço.

Agosto 18, 2008

Obrigado!!!

Funcionou bem, agora a tela de boas vindas aparece novamente.

Valeu!!!!

Agosto 18, 2008

Os Serviços de cliente para netware desativaram a tela de boas vindas e a troca rápida de usuário.

Já sei que devo desinstalar, no entanto, como utilizo a netcombo para acessar a internet, fico com medo de desinstalar e gerar outro problema, gostaria de saber se posso desinstalá-lo sem que ocorra algum problema.

Obrigado!!

Agosto 18, 2008

Quando inicializo meu pc, aparecem várias mensagens de erro, não consigo entrar em nenhum programa, nem navegar pelo windows explorer, quando clico no iniciar e tento ir para meus documentos (por exemplo) surge a seguinte mensagem:
"o explorer.EXE encontrou um problema e precisa ser fechado". Somente pelo gerenciador de tarefas é que consegui acessar a internet e abrir alguns programas.
Erro típico de ( Bad Cluster ) Trilhas ruins no HD....por isso não consegue executar os programas ..... surigo formatar o seu HD e reisntalar o windows
abraço

Obrigado!

Julho 27, 2008

Quando inicializo meu pc, aparecem várias mensagens de erro, não consigo entrar em nenhum programa, nem navegar pelo windows explorer, quando clico no iniciar e tento ir para meus documentos (por exemplo) surge a seguinte mensagem:

"o explorer.EXE encontrou um problema e precisa ser fechado". Somente pelo gerenciador de tarefas é que consegui acessar a internet e abrir alguns programas.

Abril 5, 2008

Olá boa tarde, estou com um problema no meu pc, que acontece o seguinte:

quando vou em iniciar /desligar surge uma caixa de mensagem dizendo : "end program wms idle".

E o mesmo não encerra enquanto não é fechado. Desde já agradeço a atenção !

Março 9, 2008

Olá, Miliane.

Obrigado pela ajuda.

Acho não tem nenhum outro problema.

Um abraço!

Março 8, 2008

Março 8, 2008

Esse é o resultado que aparece do virustotal :

Arquivo regwiz.exe recebido em 2008.03.08 23:45:16 (CET)

Andamento: Carregando ... na fila aguardando analisando terminado NÃO ENCONTRADO PARADO

Resultado: 0/32 (0%)

Março 8, 2008

Março 7, 2008

Março 6, 2008

Olá Miliane, acho que fiz tudo certo !!!

Espero resposta para saber se já está desinfectado.

Obrigado pela ajuda!!!

Aí vai o que estava no Combofix.txt:

ComboFix 08-03-05.1 - Administrador 2008-03-06 1:30:40.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.88 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Helper

C:\Arquivos de programas\Helper\1204260677.dll

C:\Arquivos de programas\montorgueil

C:\Arquivos de programas\montorgueil\_defexitcd_971_1_6\_defexitcd_971_1_6.exe

C:\Arquivos de programas\montorgueil\_defexitcd_971_1_6\_defexitcd_971_1_6.ico

C:\Arquivos de programas\montorgueil\14.06268

C:\WINDOWS.0\new_drv.sys

C:\WINDOWS.0\system32\DefLib.sys

C:\WINDOWS.0\system32\drivers\protect.sys

C:\WINDOWS.0\system32\heuvth.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_MSUPDATE

-------\LEGACY_NEW_DRV

-------\LEGACY_PROTECT

-------\LEGACY_SYSLIBRARY

-------\msupdate

-------\new_drv

-------\protect

-------\SysLibrary

((((((((((((((((((((((( Ficheiros criados de 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))

.

2008-03-05 00:52 . 2008-03-05 00:52 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-03-04 18:22 . 2008-03-04 18:22 <DIR> d--hs---- C:\FOUND.010

2008-03-01 17:16 . 2008-03-01 17:16 268 --ah----- C:\sqmdata05.sqm

2008-03-01 17:16 . 2008-03-01 17:16 244 --ah----- C:\sqmnoopt05.sqm

2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmnoopt07.sqm

2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmnoopt06.sqm

2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmdata07.sqm

2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmdata06.sqm

2008-03-01 16:44 . 2008-03-01 16:44 <DIR> d--hs---- C:\FOUND.009

2008-02-29 01:51 . 2008-02-29 01:51 <DIR> d-------- C:\Arquivos de programas\Sotfone

2008-02-29 01:51 . 2008-02-29 01:51 116 --a------ C:\4592032.bat

2008-02-29 01:50 . 2008-02-29 01:50 <DIR> d-------- C:\Arquivos de programas\NetProject

2008-02-28 03:04 . 2008-02-28 03:04 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-02-24 16:15 . 2008-02-24 16:15 1,517,568 --a------ C:\WINDOWS.0\krn4.exe

2008-02-24 03:20 . 2008-02-24 03:20 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-02-24 03:19 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe

2008-02-09 18:48 . 2008-02-09 18:49 61,952 --a------ C:\2F.tmp

2008-02-09 18:48 . 2008-02-09 18:48 12,800 --a------ C:\WINDOWS.0\system32\mssrv32.exe

2008-02-09 18:48 . 2008-02-09 18:48 4 --a------ C:\30.tmp

2008-02-09 03:08 . 2008-02-09 03:08 <DIR> d--hs---- C:\FOUND.008

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-29 07:02 3,796,338 ----a-w C:\AVG7DB_F.DAT

2008-02-09 21:49 46,080 ----a-w C:\WINDOWS.0\system32\regwiz.exe.tmp

2008-01-19 07:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar

2008-01-19 07:22 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-01-18 08:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd

2008-01-18 08:18 --------- d-----w C:\Arquivos de programas\Reality Fusion

2008-01-18 08:16 724,992 ----a-w C:\WINDOWS.0\iun6002.exe

2008-01-18 06:16 --------- d-----w C:\Arquivos de programas\Acelerador POP

2008-01-18 06:15 2,507,385 ----a-w C:\InstaladorPopA.exe

2008-01-18 06:15 --------- d-----w C:\Arquivos de programas\POPDiscador

2008-01-18 05:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\SlipStream

2008-01-18 05:57 1,979,437 ----a-w C:\aceleradorpop.exe

2008-01-18 04:23 --------- d-----w C:\Arquivos de programas\CC2000

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS.0\system32\dllcache\mrxdav.sys

2001-12-23 21:31 271 --sh--w C:\Arquivos de programas\desktop.ini

2001-12-23 21:31 23,439 ---h--w C:\Arquivos de programas\folder.htt

.

<pre>
----a-w           258,048 2000-03-22 21:43:56  C:\games\Win Games\beertend .exe
</pre>

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]

2008-02-29 01:51 14848 --a------ C:\Arquivos de programas\Sotfone\1204260679.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

2008-03-06 01:01 9728 --a------ C:\Arquivos de programas\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{8B79EE88-E62D-4AA8-B530-CC357BA112B7}

{81705D67-3F73-4983-859B-97D0922E5ABE}

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Arquivos de programas\NetProject\wamdl.dll [2008-02-29 01:51 72704]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 07:28 172032]

"HPHUPD06"="C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 01:53 49152]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

"HPHmon06"="C:\WINDOWS.0\system32\hphmon06.exe" [2004-06-07 01:48 659456]

"POPDiscador"="C:\Arquivos de programas\POPDiscador\POPDiscador.exe" [2007-07-30 10:52 2040832]

"snpstd"="C:\WINDOWS.0\vsnpstd.exe" [2004-06-10 13:48 286720]

"SlipStream"="C:\Arquivos de programas\Acelerador POP\slipcore.exe" [2006-11-23 16:39 245760]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-29 03:29 352256]

"AVG7_EMC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-02-29 03:29 273920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2001-12-26 03:04 151552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-04 04:45 400384 C:\WINDOWS.0\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS.0\system32\tscupgrd.exe" [2004-08-04 02:34 44544]

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]

Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]

STK02N PNP Monitor.lnk - C:\Arquivos de programas\STK02N\STK02NM.exe [2007-12-21 12:45:03 163840]

Acelerador POP.lnk - C:\Arquivos de programas\Acelerador POP\slipgui.exe [2008-02-09 16:32:34 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoInternetIcon"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-02-29 03:29 352256 C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

--a------ 2008-02-29 03:29 273920 C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLDStart]

C:\Arquivos de programas\GLDirect\gldirect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

--a------ 2001-10-04 14:48 173056 C:\WINDOWS.0\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2006-03-10 15:45 35328 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\DremTeamShare\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R3 SiS630;SiS630;C:\WINDOWS.0\system32\DRIVERS\sis630p.sys [2001-08-30 18:59]

S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS.0\system32\DRIVERS\NtApm.sys [2001-09-06 01:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-06 01:43:31

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS.0\system32\HPZipm12.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-06 1:46:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-06 04:46:00

.

2008-03-03 23:14:06 --- E O F ---

Março 5, 2008

Your computer is infected with adware or spyware that displays advertisements while you browse the internet.

Would you like to dowload additional software to remove malwere threats and protect your sistem?

Essa é uma das mensagens e quando eu clico no balão ele abre uma página da internet em inglês que parece ser de dowload de programas para remover malware. No entanto não baixei nada fiquei um pouco indeciso.

Por favor diga-me o que fazer.

Um abraço!!

Março 5, 2008

Meu pc está infectado.

Segui as instruções do tópico baixei o Hijack this.

aí vai o que deu!!!

Por favor ajuda-me.

Abraço!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:55:14, on 5/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS.0\Explorer.EXE

C:\WINDOWS.0\system32\svchost.exe

C:\Arquivos de programas\NetProject\scit.exe

C:\Arquivos de programas\NetProject\sbmntr.exe

C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe

C:\Arquivos de programas\NetProject\scm.exe

C:\Arquivos de programas\NetProject\sbsm.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS.0\system32\hphmon06.exe

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

C:\WINDOWS.0\vsnpstd.exe

C:\Arquivos de programas\Acelerador POP\slipcore.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS.0\system32\HPZipm12.exe

C:\Arquivos de programas\STK02N\STK02NM.exe

C:\Arquivos de programas\Acelerador POP\slipgui.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS.0\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS.0\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\regwiz.exe,

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Arquivos de programas\Helper\1204260677.dll

O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Arquivos de programas\Sotfone\1204260679.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Arquivos de programas\Acelerador POP\PBHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Arquivos de programas\NetProject\sbmdl.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Arquivos de programas\Acelerador POP\Toolband.dll

O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Arquivos de programas\NetProject\wamdl.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe

O4 - HKLM\..\Run: [HPHUPD06] C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS.0\system32\hphmon06.exe

O4 - HKLM\..\Run: [POPDiscador] C:\Arquivos de programas\POPDiscador\POPDiscador.exe --minimized

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS.0\vsnpstd.exe

O4 - HKLM\..\Run: [slipStream] "C:\Arquivos de programas\Acelerador POP\slipcore.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKCU\..\Run: [Firewall auto setup] C:\WINDOWS.0\TEMP\winlogon.exe

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Arquivos de programas\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Arquivos de programas\NetProject\sbmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: STK02N PNP Monitor.lnk = ?

O4 - Global Startup: Acelerador POP.lnk = C:\Arquivos de programas\Acelerador POP\slipgui.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/328

O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/327

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{53603D80-91A8-41E8-B089-6AEA7FD99724}: NameServer = 200.175.8.89 200.175.5.185

O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - C:\WINDOWS.0\system32\heuvth.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows.0\system32\mssrv32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe

--

End of file - 7714 bytes

Dezembro 20, 2007

Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.
Baixe o BankerFix
Desative o seu antivírus temporariamente, para não haver conflitos.
Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.
Habilite o seu antivírus.
Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt
Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\
Desculpe se estiver sendo chato, mas não sei como desativar meu anti-vírus tenho q desinstalar???
E esse novo log que tu falaste, faço o mesmo procedimento que fiz anteriormente??
Obrigado pela ajuda!!

Acho que fiz tudo certo! Por favor mande-me resposta. Obrigado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:19:02, on 20/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\sm56hlpr.exe

C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\POPDiscador\POPDiscador.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Acelerador POP\slipcore.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Acelerador POP\slipgui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live Favorites\wlfsync.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Acelerador POP\PBHelper.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsk1FA.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Acelerador POP\components\NOWImaging.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Acelerador POP\Toolband.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [CallControl 4.5] "C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [POPDiscador] C:\Program Files\POPDiscador\POPDiscador.exe --minimized

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [slipStream] "C:\Program Files\Acelerador POP\slipcore.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Acelerador POP.lnk = C:\Program Files\Acelerador POP\slipgui.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Program Files\Acelerador POP\gui_resource.dll/328

O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Program Files\Acelerador POP\gui_resource.dll/327

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1192177059515

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{714EBA45-40F1-4664-AA00-68D9A8A35D11}: NameServer = 200.175.8.89 200.175.5.185

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9471 bytes

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 20/12/2007 - 0:13

-------------------------------------------------------

Lista de Definição: 2007-12-12-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\Winbra.cas

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\gmilogof.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\Mscheldork.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\Walcult.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\Zred2.exe

Arquivo infectado removido com sucesso!

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

Dezembro 19, 2007

Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.
Baixe o BankerFix
Desative o seu antivírus temporariamente, para não haver conflitos.
Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.
Habilite o seu antivírus.
Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt
Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\

Desculpe se estiver sendo chato, mas não sei como desativar meu anti-vírus tenho q desinstalar???

E esse novo log que tu falaste, faço o mesmo procedimento que fiz anteriormente??

Obrigado pela ajuda!!

Dezembro 19, 2007

Segui as intruções... por favor avisem-me quando estiver pronto. Obrigado!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:08:49, on 19/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\sm56hlpr.exe

C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe

C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\POPDiscador\POPDiscador.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Acelerador POP\slipcore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\gmilogof.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\Acelerador POP\slipgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\MSN Messenger\usnsvc.exe