[Resolvido]63 malwares... o que fazer

[Notax]

Amigos, boa tarde. peço a gentileza de darem uma olhada no log abaixo, bem como no relatório do avg...

Se puderem me dar uma dica de como proceder para limpar essa encrenca agradeço!

log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:59:42, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXE

C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE

C:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLL

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [CPQEASYACC]C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Win32 Classes -

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

--

End of file - 5469 bytes

relatorio do AVG anti-spyware

---------------------------------------------------------

AVG Anti-Spyware - Relatório de verificação

---------------------------------------------------------

+ Criação: 16:37:38 27/11/2007

+ Resultado da verificação:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@2o7[1].txt -> TrackingCookie.2o7 : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@2o7[2].txt -> TrackingCookie.2o7 : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@2o7[3].txt -> TrackingCookie.2o7 : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@atdmt[2].txt -> TrackingCookie.Atdmt : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@atdmt[2].txt -> TrackingCookie.Atdmt : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@com[1].txt -> TrackingCookie.Com : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@searchportal.information[1].txt -> TrackingCookie.Information : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@search.live[1].txt -> TrackingCookie.Live : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@search.live[2].txt -> TrackingCookie.Live : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.live[2].txt -> TrackingCookie.Live : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignorado.

C:\Documents and Settings\DANI\Cookies\anyuser@search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@auto.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@auto.search.MSN[2].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@ie.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@auto.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[2].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[3].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[4].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[5].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[6].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[7].txt -> TrackingCookie.MSN : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@overture[1].txt -> TrackingCookie.Overture : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@realmedia[1].txt -> TrackingCookie.Realmedia : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@revenue[1].txt -> TrackingCookie.Revenue : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@revsci[2].txt -> TrackingCookie.Revsci : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@site.skype[2].txt -> TrackingCookie.Skype : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@skype[2].txt -> TrackingCookie.Skype : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@skype[3].txt -> TrackingCookie.Skype : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@statcounter[1].txt -> TrackingCookie.Statcounter : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@statcounter[1].txt -> TrackingCookie.Statcounter : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@statcounter[2].txt -> TrackingCookie.Statcounter : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@statcounter[3].txt -> TrackingCookie.Statcounter : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@moads.valuead[2].txt -> TrackingCookie.Valuead : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[3].txt -> TrackingCookie.Webtrends : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignorado.

C:\Documents and Settings\DANI\Cookies\spt@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignorado.

C:\Documents and Settings\DANI\Cookies\dani@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignorado.

C:\Documents and Settings\DANI\Cookies\rosane@zedo[2].txt -> TrackingCookie.Zedo : Ignorado.

::Fim do relatório

Agradeço a atenção.

Forte abraço

notax

[JackSSA]

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exe

Clique no botão , e ao perguntar Reboot Now? Clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exe

O16 - DPF: Win32 Classes -

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

[Notax]

valeu amigão... fiz tudo que mencionou... segue o log conforme tu pediu:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:21, on 28/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXE

C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLL

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [CPQEASYACC]C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5830 bytes

valeu a força

Notax

[JackSSA]

Faça um scan on line na Kaspersky

*Acesse o site, clique em .

Na próxima página, clique em I Accept para instalar o controle activeX e em seguida atualize o banco de dados.

Na próxima página, clique em My Computer e faça o scan.

Tenha paciência. Tanto para atualizar a base de dados, quanto para o próprio exame, demora bastante.

Salve e poste o resultado.

[Notax]

Amigão... muito obrigado por hora... e desculpa a demora... é que como tu me avisaste que demorava deixeir pra hoje que seria mais tranquilo!

segue o log salvo lá no KASPERSKY:

KASPERSKY ONLINE SCANNER REPORT

Monday, December 03, 2007 4:40:22 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 3/12/2007

Kaspersky Anti-Virus database records: 470871

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

Scan Statistics

Total number of scanned objects 36589

Number of viruses found 1

Number of infected objects 2

Number of suspicious objects 0

Duration of the scan process 04:07:20

Infected Object Name Virus Name Last Action

C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\spool\PRINTERS\FP00001.SPL Object is locked skipped

C:\WINDOWS\SYSTEM32\spool\PRINTERS\FP00001.SHD Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SchedLog.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\DANI\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temp\AVPCD1.tmp Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temp\AVPCD2.tmp Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temp\AVP1088.tmp Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temp\AVP1089.tmp Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Histórico\History.IE5\MSHist012007120320071204\index.dat Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Last.fm\Client\lastfmhelper.log Object is locked skipped

C:\Documents and Settings\DANI\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\DANI\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP25\A0017495.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP25\A0017495.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP29\change.log Object is locked skipped

Scan process completed.

segue tb nvo log do hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:20, on 3/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXE

C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLL

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [CPQEASYACC] C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5998 bytes

agradeço novamente toda atenção.

Notax

[JackSSA]

Baixe o ATF Cleaner e Salve no seu Desktop.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Dê dois cliques no ATF-Cleaner.exe para executar a Ferramenta

Marque “Select All”

Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.

Reinicie.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Delete a pasta !KillBox que está localizada em C:\.

Seu Log está limpo. Ainda há algum problema com o PC?

[Notax]

Pô amigão... valeu a força... vou efetuar esses procedimentos amanhã logo cedo...

Não querendo abusar mas já abusando...

O que foi tudo isso que eu fiz... tipo queria aprender um pouquinho, pra, se houver uma próxima vez, eu saber fazer sozinho...

Existe alguma apostila ou tutorial que fale disso assim com essa riqueza de detalhes que tu empregou nesse caso?

valeu

Notax.

[JackSSA]

O que foi tudo isso que eu fiz... tipo queria aprender um pouquinho, pra, se houver uma próxima vez, eu saber fazer sozinho...

Cada caso é um caso, de uma próxima vez o problema poderá não ser o mesmo.

Existe alguma apostila ou tutorial que fale disso assim com essa riqueza de detalhes que tu empregou nesse caso?

Não existe apostila completa para isto, neste caso aplica-se a várias pesquisas sobre várias ferramentas e o que elas fazem, mais se realmente está interessado, pode começar por aqui:

http://linhadefensiva.uol.com.br/docs/hijackthis-completo/

[Notax]

valeu mais uma vez amigão... já dei uma lida por cima, e vou me aprofundar nisso com certeza...

Muito obrigado mais uma vez!

Notax

[RenatoMejias]

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.