Notax Postado Novembro 27, 2007 Denunciar Share Postado Novembro 27, 2007 Amigos, boa tarde. peço a gentileza de darem uma olhada no log abaixo, bem como no relatório do avg...Se puderem me dar uma dica de como proceder para limpar essa encrenca agradeço!log do hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:59:42, on 27/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeC:\ARQUIV~1\Grisoft\AVG7\avgcc.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXEC:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEC:\Arquivos de programas\Last.fm\LastFMHelper.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXEC:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXEC:\WINDOWS\System32\alg.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLLO2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [CPQEASYACC]C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEO4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: Win32 Classes - O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cabO20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe--End of file - 5469 bytesrelatorio do AVG anti-spyware---------------------------------------------------------AVG Anti-Spyware - Relatório de verificação--------------------------------------------------------- + Criação: 16:37:38 27/11/2007 + Resultado da verificação: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@2o7[1].txt -> TrackingCookie.2o7 : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@2o7[2].txt -> TrackingCookie.2o7 : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@2o7[3].txt -> TrackingCookie.2o7 : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@atdmt[2].txt -> TrackingCookie.Atdmt : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@atdmt[2].txt -> TrackingCookie.Atdmt : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@com[1].txt -> TrackingCookie.Com : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@searchportal.information[1].txt -> TrackingCookie.Information : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@search.live[1].txt -> TrackingCookie.Live : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@search.live[2].txt -> TrackingCookie.Live : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.live[2].txt -> TrackingCookie.Live : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignorado.C:\Documents and Settings\DANI\Cookies\anyuser@search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@auto.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@auto.search.MSN[2].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@ie.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@auto.search.MSN[1].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[2].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[3].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[4].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[5].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[6].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@search.MSN[7].txt -> TrackingCookie.MSN : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@overture[1].txt -> TrackingCookie.Overture : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@realmedia[1].txt -> TrackingCookie.Realmedia : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@revenue[1].txt -> TrackingCookie.Revenue : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@revsci[2].txt -> TrackingCookie.Revsci : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@site.skype[2].txt -> TrackingCookie.Skype : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@skype[2].txt -> TrackingCookie.Skype : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@skype[3].txt -> TrackingCookie.Skype : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@statcounter[1].txt -> TrackingCookie.Statcounter : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@statcounter[1].txt -> TrackingCookie.Statcounter : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@statcounter[2].txt -> TrackingCookie.Statcounter : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@statcounter[3].txt -> TrackingCookie.Statcounter : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@moads.valuead[2].txt -> TrackingCookie.Valuead : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@m.webtrends[3].txt -> TrackingCookie.Webtrends : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignorado.C:\Documents and Settings\DANI\Cookies\spt@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignorado.C:\Documents and Settings\DANI\Cookies\dani@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignorado.C:\Documents and Settings\DANI\Cookies\rosane@zedo[2].txt -> TrackingCookie.Zedo : Ignorado.::Fim do relatórioAgradeço a atenção.Forte abraçonotax Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Novembro 28, 2007 Denunciar Share Postado Novembro 28, 2007 Baixe o Pocket KillBoxSalve em uma pasta em C:\Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exeClique no botão , e ao perguntar Reboot Now? Clique em Não.Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmO4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\System\MOSearch\Bin\mosearch.exeO16 - DPF: Win32 Classes -Reinicie e poste um novo Log do Hijackthis feito em Modo Normal. Link para o comentário Compartilhar em outros sites More sharing options...
0 Notax Postado Novembro 28, 2007 Autor Denunciar Share Postado Novembro 28, 2007 valeu amigão... fiz tudo que mencionou... segue o log conforme tu pediu:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:18:21, on 28/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeC:\ARQUIV~1\Grisoft\AVG7\avgcc.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXEC:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEC:\Arquivos de programas\Last.fm\LastFMHelper.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXEC:\WINDOWS\system32\wuauclt.exeC:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLLO2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [CPQEASYACC]C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEO4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cabO20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 5830 bytesvaleu a forçaNotax Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Novembro 29, 2007 Denunciar Share Postado Novembro 29, 2007 Faça um scan on line na Kaspersky*Acesse o site, clique em . Na próxima página, clique em I Accept para instalar o controle activeX e em seguida atualize o banco de dados.Na próxima página, clique em My Computer e faça o scan.Tenha paciência. Tanto para atualizar a base de dados, quanto para o próprio exame, demora bastante.Salve e poste o resultado. Link para o comentário Compartilhar em outros sites More sharing options...
0 Notax Postado Dezembro 3, 2007 Autor Denunciar Share Postado Dezembro 3, 2007 Amigão... muito obrigado por hora... e desculpa a demora... é que como tu me avisaste que demorava deixeir pra hoje que seria mais tranquilo!segue o log salvo lá no KASPERSKY:KASPERSKY ONLINE SCANNER REPORT Monday, December 03, 2007 4:40:22 PMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 3/12/2007Kaspersky Anti-Virus database records: 470871 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\C:\D:\ Scan Statistics Total number of scanned objects 36589 Number of viruses found 1 Number of infected objects 2 Number of suspicious objects 0 Duration of the scan process 04:07:20 Infected Object Name Virus Name Last Action C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\spool\PRINTERS\FP00001.SPL Object is locked skipped C:\WINDOWS\SYSTEM32\spool\PRINTERS\FP00001.SHD Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SchedLog.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\DANI\NTUSER.DAT Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temp\AVPCD1.tmp Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temp\AVPCD2.tmp Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temp\AVP1088.tmp Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temp\AVP1089.tmp Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Histórico\History.IE5\MSHist012007120320071204\index.dat Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\DANI\Configurações locais\Dados de aplicativos\Last.fm\Client\lastfmhelper.log Object is locked skipped C:\Documents and Settings\DANI\Cookies\index.dat Object is locked skipped C:\Documents and Settings\DANI\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP25\A0017495.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP25\A0017495.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{0904ECF6-5D25-4130-BA53-ADDE0176971B}\RP29\change.log Object is locked skipped Scan process completed. segue tb nvo log do hijackLogfile of Trend Micro HijackThis v2.0.2Scan saved at 16:46:20, on 3/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeC:\ARQUIV~1\Grisoft\AVG7\avgcc.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\BTTNSERV.EXEC:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEC:\Arquivos de programas\Last.fm\LastFMHelper.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\ARQUIV~1\COMPAQ\EASYAC~1\EAUSBKBD.EXEC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\ARQUIVOS DE PROGRAMAS\COMPAQ\ON-SCREEN DISPLAY\OSD.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS:8080O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\GBIEHCEF.DLLO2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [CPQEASYACC] C:\Arquivos de programas\Compaq\Easy Access Button Support\cpqeadm.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Arquivos de programas\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXEO4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cabO20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 5998 bytesagradeço novamente toda atenção. Notax Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Dezembro 4, 2007 Denunciar Share Postado Dezembro 4, 2007 Baixe o ATF Cleaner e Salve no seu Desktop.Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).Dê dois cliques no ATF-Cleaner.exe para executar a FerramentaMarque “Select All”Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.Reinicie.Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.Delete a pasta !KillBox que está localizada em C:\.Seu Log está limpo. Ainda há algum problema com o PC? Link para o comentário Compartilhar em outros sites More sharing options...
0 Notax Postado Dezembro 4, 2007 Autor Denunciar Share Postado Dezembro 4, 2007 Pô amigão... valeu a força... vou efetuar esses procedimentos amanhã logo cedo...Não querendo abusar mas já abusando...O que foi tudo isso que eu fiz... tipo queria aprender um pouquinho, pra, se houver uma próxima vez, eu saber fazer sozinho...Existe alguma apostila ou tutorial que fale disso assim com essa riqueza de detalhes que tu empregou nesse caso?valeu Notax. Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Dezembro 5, 2007 Denunciar Share Postado Dezembro 5, 2007 O que foi tudo isso que eu fiz... tipo queria aprender um pouquinho, pra, se houver uma próxima vez, eu saber fazer sozinho...Cada caso é um caso, de uma próxima vez o problema poderá não ser o mesmo.Existe alguma apostila ou tutorial que fale disso assim com essa riqueza de detalhes que tu empregou nesse caso?Não existe apostila completa para isto, neste caso aplica-se a várias pesquisas sobre várias ferramentas e o que elas fazem, mais se realmente está interessado, pode começar por aqui:http://linhadefensiva.uol.com.br/docs/hijackthis-completo/ Link para o comentário Compartilhar em outros sites More sharing options...
0 Notax Postado Dezembro 5, 2007 Autor Denunciar Share Postado Dezembro 5, 2007 valeu mais uma vez amigão... já dei uma lida por cima, e vou me aprofundar nisso com certeza... Muito obrigado mais uma vez!Notax Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Dezembro 6, 2007 Denunciar Share Postado Dezembro 6, 2007 Caso Resolvido. Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção. Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
Notax
Amigos, boa tarde. peço a gentileza de darem uma olhada no log abaixo, bem como no relatório do avg...
Se puderem me dar uma dica de como proceder para limpar essa encrenca agradeço!
log do hijackthis:
relatorio do AVG anti-spyware
Agradeço a atenção.
Forte abraço
notax
Link para o comentário
Compartilhar em outros sites
9 respostass a esta questão
Posts Recomendados