Ir ao conteúdo
  • Cadastre-se
TiuTalk

1° vírus/malware em 11 anos de pc! ><

Recommended Posts

Sim... trabalho em pc a 11 anos e nunca tinha pego nada, sempre tomei os devidos cuidados com proteção... mas dessa vez dei uma vacilada e cliquei num link que era tipo... se meu msn é thiago.belem@homail.com o link era thiagobelem.<site>, caiu numa espécie de site de relacionamentos.. resultado.. meu msn agora envia msgs pras pessoas com o <msndelas>.<site> e eu não vejo que estou enviando... (_(

Passei a últma versão do NOD32 atualizada e não achei nada... rodei o spybot e nada também...

O que faço? ^^

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:39:50, on 14/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\xampp\apache\bin\apache.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Arquivos de programas\DreaMule\emule.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html

O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 9517 bytes

StartupList report, 14/8/2008, 20:43:06

StartupList version: 1.52.2

Started from : C:\hijackthis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16705)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\xampp\apache\bin\apache.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Arquivos de programas\DreaMule\emule.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar]

No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

egui = "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

LogMeIn GUI = "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

Rainlendar2 = C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

CGFLoader = C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

CalibrizeResume = C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[Disabled (Auslogics Startup Manager)]

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

TkBellExe = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[OptionalComponents]

=

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]

=

[Disabled (Auslogics Startup Manager)]

msnmsgr = "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

Auslogics BoostSpeed 4 = C:\Arquivos de programas\Auslogics\AusLogics BoostSpeed\boostspeed.exe

DAEMON Tools Lite = "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}

(no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

BitComet ClickCapture - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

G-Buster Browser Defense CEF - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540003}

--------------------------------------------------

Enumerating Task Scheduler jobs:

pen.job

--------------------------------------------------

Enumerating Download Program Files:

[iNotes Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\inotes.dll

CODEBASE = https://correiojb.editorajb.com.br/iNotes.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx

CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[GbpDistObj Class]

InProcServer32 = C:\Arquivos de programas\GbPlugin\gbpdist.dll

CODEBASE = https://imagem.caixa.gov.br/cab/gbpdist.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Arquivos de programas\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\system32\webcheck.dll

WPDShServiceObj: C:\WINDOWS\system32\wpdshserviceobj.dll

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

End of report, 7.456 bytes

Report generated in 0,015 seconds

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×