Daniloop Postado Novembro 8, 2007 Denunciar Share Postado Novembro 8, 2007 AEEEE ISSO Q APARECEULogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:45:50, on 8/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\system32\RunDLL32.exeC:\Arquivos de programas\DAEMON Tools\daemon.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\Arquivos de programas\VertrigoServ\Vertrigo.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeC:\Arquivos de programas\Sleepy\service.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exeC:\Arquivos de programas\VertrigoServ\mysql\bin\v_mysqld.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/plugins/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /mO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: VertrigoServ.lnk = C:\Arquivos de programas\VertrigoServ\Vertrigo.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.imprensaoficial.com.br...Apps/vspta3.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cabO20 - Winlogon Notify: __GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Sleepy - Unknown owner - C:\Arquivos de programas\Sleepy\service.exeO23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe--End of file - 6664 bytes Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Novembro 8, 2007 Denunciar Share Postado Novembro 8, 2007 Ok...Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.Baixe o BankerFixDesative o seu antivírus temporariamente, para não haver conflitos.Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.Habilite o seu antivírus.Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txtDepois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\ Link para o comentário Compartilhar em outros sites More sharing options...
0 Daniloop Postado Novembro 8, 2007 Autor Denunciar Share Postado Novembro 8, 2007 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:39:37, on 9/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\system32\RunDLL32.exeC:\Arquivos de programas\DAEMON Tools\daemon.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\Arquivos de programas\VertrigoServ\Vertrigo.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeC:\Arquivos de programas\Sleepy\service.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exeC:\Arquivos de programas\VertrigoServ\mysql\bin\v_mysqld.exeC:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeC:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\msiexec.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/plugins/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /mO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: VertrigoServ.lnk = C:\Arquivos de programas\VertrigoServ\Vertrigo.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.imprensaoficial.com.br...Apps/vspta3.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cabO20 - Winlogon Notify: __GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Sleepy - Unknown owner - C:\Arquivos de programas\Sleepy\service.exeO23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe--End of file - 7459 bytesEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEBankerFix 2.4 - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 9/11/2007 - 0:36-------------------------------------------------------Lista de Definição: 2007-11-06-1=======================================================Arquivo infectado detectado: C:\WINDOWS\svchost.exeArquivo infectado NÃO removido! Killando arquivos em Help ----------------------------------- Killing '*' Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- Link para o comentário Compartilhar em outros sites More sharing options...
0 Daniloop Postado Novembro 9, 2007 Autor Denunciar Share Postado Novembro 9, 2007 Ow Galera da um HELP ae !! huhuuhuhuhuh....Vlw Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Novembro 10, 2007 Denunciar Share Postado Novembro 10, 2007 Não necessita ficar dando "up" no seu tópico, além de ser contra as regras demonstra falta de paciência, meu tempo é escasso, assim uso meu tempo livre para ajudar os usuários. Vamos aos procedimentos:Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).Agora execute o BankerFix novamente.Poste o log em sua próxima resposta.Acesse este site: http://virusscan.jotti.org/Em File to upload coloque: C:\WINDOWS\Downloaded Program Files\gbiehabn.dll Em seguida clique em SubmitCopie e poste o resultado deste exame. Link para o comentário Compartilhar em outros sites More sharing options...
0 Daniloop Postado Novembro 10, 2007 Autor Denunciar Share Postado Novembro 10, 2007 (editado) Espere Editado Novembro 10, 2007 por Daniloop Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Novembro 15, 2007 Denunciar Share Postado Novembro 15, 2007 Quando completar os procedimentos poste uma nova resposta. Link para o comentário Compartilhar em outros sites More sharing options...
0 Daniloop Postado Novembro 16, 2007 Autor Denunciar Share Postado Novembro 16, 2007 (editado) O Negócio do SITE do "SUBMIT" a mensagem é esta:The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this fileE AGORAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALogfile of Trend Micro HijackThis v2.0.2Scan saved at 02:42:04, on 17/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.eazel.com/index.php?rvs=hompagR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/plugins/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /mO4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: VertrigoServ.lnk = C:\Arquivos de programas\VertrigoServ\Vertrigo.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.imprensaoficial.com.br...Apps/vspta3.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cabO20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Sleepy - Unknown owner - C:\Arquivos de programas\Sleepy\service.exeO23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe--End of file - 5042 bytesISSOO Q APARECEU quando EXECUTEI O PROGRAMA EM MODO DE SEGURANÇA...Há alguma coisa de errado ????Como consegue identificar um erro ou malware no caso..Grato. Editado Novembro 16, 2007 por Daniloop Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Novembro 16, 2007 Denunciar Share Postado Novembro 16, 2007 O log deve ser gerado em modo normal. E está faltando o log do BankerFix que está em C:\LinhaDefensiva\relatorio.txt.Como consegue identificar um erro ou malware no caso..Analisando o log. Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
Daniloop
AEEEE ISSO Q APARECEU
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:50, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\DAEMON Tools\daemon.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Arquivos de programas\VertrigoServ\Vertrigo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Sleepy\service.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exe
C:\Arquivos de programas\VertrigoServ\mysql\bin\v_mysqld.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\VertrigoServ\apache\bin\v_apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/plugins/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: VertrigoServ.lnk = C:\Arquivos de programas\VertrigoServ\Vertrigo.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.imprensaoficial.com.br...Apps/vspta3.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O20 - Winlogon Notify: __GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sleepy - Unknown owner - C:\Arquivos de programas\Sleepy\service.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
--
End of file - 6664 bytes
Link para o comentário
Compartilhar em outros sites
8 respostass a esta questão
Posts Recomendados