Ir ao conteúdo
  • Cadastre-se

Provável Infecção.


Posts recomendados

À procura de uma provável infecção por um vírus que enviava mensagens "automaticamente" pela meinha conta do Hotmail para todos os meus contatos do MSN - sem deixar registro na pasta "Sent e-mails", acabei me deparando com a suspeita de outros problemas, incluindo um "banker".

Agradeceria se me pudessem ajudar.

Segue o log:

Logfile of HijackThis v1.99.1

Scan saved at 05:22:41, on 21/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\KYE\RF Wireless PowerScroll Mouse\gnetmous.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\user\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Gnetmous] C:\Arquivos de programas\KYE\RF Wireless PowerScroll Mouse\gnetmous.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E318EA38-29BB-4789-A877-3967B6178925}: NameServer = 200.204.0.138 200.204.0.10

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Link para o comentário
Compartilhar em outros sites

Por favor, aceite meu pedido de desculpas. Estou acostumado com as regras de outros sites.

Agradeço desde já pela ajuda.

Seguem abaixo os logs:

DDS (Ver_09-06-26.01) - NTFSx86

Run by user at 2:48:15,14 on dom 26/07/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1919.1294 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\KYE\RF Wireless PowerScroll Mouse\gnetmous.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\user\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\gbiehabn.dll

TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\arquivos de programas\babylon\babylon toolbar\BabylonIEToolBar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

TB: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [DriverMax]

uRun: [Norton SystemWorks] "c:\arquivos de programas\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Gnetmous] c:\arquivos de programas\kye\rf wireless powerscroll mouse\gnetmous.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [ccApp] "c:\arquivos de programas\arquivos comuns\symantec shared\ccApp.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [NWEReboot]

mRun: [Media Codec Update Service] c:\arquivos de programas\essentials codec pack\update.exe -silent

mRun: [babylon Client] c:\arquivos de programas\babylon\babylon-pro\Babylon.exe -AutoStart

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Ad-Watch] c:\arquivos de programas\lavasoft\ad-aware\AAWTray.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Translate with &Babylon - c:\arquivos de programas\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm

IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\arquivos de programas\icqlite\ICQLite.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

Trusted Zone: bancobrasil.com.br\www2

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: GbPluginAbn - c:\windows\downloaded program files\gbiehabn.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\gbiehabn.dll

LSA: Notification Packages = :\WINDOW scecli

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2008-12-25 27056]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-30 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2009-4-4 906520]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776]

R2 ccEvtMgr;Symantec Event Manager;c:\arquivos de programas\arquivos comuns\symantec shared\CCEVTMGR.EXE [2004-9-14 197992]

R2 ccSetMgr;Symantec Settings Manager;c:\arquivos de programas\arquivos comuns\symantec shared\CCSETMGR.EXE [2004-9-14 181608]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-12-25 53320]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 NProtectService;Norton Unerase Protection;c:\arquiv~1\norton~1\norton~1\NPROTECT.EXE [2004-9-16 99432]

R2 Symantec Core LC;Symantec Core LC;c:\arquivos de programas\arquivos comuns\symantec shared\ccpd-lc\symlcsvc.exe [2008-7-19 819352]

S3 ccPwdSvc;Symantec Password Validation;c:\arquivos de programas\arquivos comuns\symantec shared\CCPWDSVC.EXE [2004-9-14 79208]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-7-19 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-7-19 85696]

=============== Created Last 30 ================

2009-07-21 00:35 3,309,600 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-07-21 00:35 41,948 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-07-19 11:40 <DIR> --d----- c:\docume~1\user\dadosd~1\Malwarebytes

2009-07-19 11:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-19 11:40 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-19 11:40 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-07-19 11:40 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-27 22:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\AVG Security Toolbar

==================== Find3M ====================

2009-06-27 22:34 327,688 a------- c:\windows\system32\drivers\avgldx86.sys

2009-06-27 22:34 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-06-15 19:19 27,056 a------- c:\windows\system32\drivers\gbpkm.sys

2009-05-30 17:12 15,688 a------- c:\windows\system32\lsdelete.exe

2009-05-07 12:33 347,136 a------- c:\windows\system32\localspl.dll

2009-05-02 15:59 413,126 a------- c:\windows\system32\perfh016.dat

2009-05-02 15:59 61,400 a------- c:\windows\system32\perfc016.dat

2009-04-29 01:45 827,392 a------- c:\windows\system32\wininet.dll

2009-04-29 01:45 78,336 a------- c:\windows\system32\ieencode.dll

2008-07-19 13:10 604 a---h--- c:\arquivos de programas\STLL Notifier

2004-03-11 13:27 40,960 a------- c:\arquivos de programas\Uninstall_CDS.exe

2009-03-29 06:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009032920090330\index.dat

============= FINISH: 2:48:46,23 ===============

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-26 09:28:29

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 1006A310 C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 1006A040 C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE[2816] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605629 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011678771cd

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011678771cd

---- EOF - GMER 1.0.15 ----

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Link para o comentário
Compartilhar em outros sites

Muito obrigado pela ajuda.

Como pedido, segue o log:

Scan

----

Scanned: 4411

Detected: 0

Untreated: 0

Start time: 29/7/2009 02:12:02

Duration: 00:02:11

Finish time: 29/7/2009 02:14:13

Detected

--------

Status Object

------ ------

Events

------

Time Name Status Reason

---- ---- ------ ------

29/7/2009 02:12:09 Running module: smss.exe\smss.exe ok scanned

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Seus logs não apontam infecção, poderia explicar melhor seu problema?

Link para o comentário
Compartilhar em outros sites

Há alguns dias recebi em minha conta do Hotmail 5 mensagens do tipo "Delivery Status Notification (Failure)‏", cada uma com uma pequena lista de endereços que, de alguma forma (bloqueados ou com permissão para contato) constavam de minha lista de contatos do Messenger; descobri, então, que todos os endereços listados em meu MSN receberam mensagens enviadas da minha conta do Hotmail com um arquivo "malicioso" anexado, apesar do registro de envio não consta na pasta de enviados. Troquei a senha do Hotmail e tentei descobrir o que aconteceu.

Ao procurar algum problema em meu micro, fui informado de que, apesar de não ter sido encontrada nenhuma justificativa para o envio das mensagens, um "banker" havia atacado meu micro e estava redirecionando meus acessos ao meu banco; recebi a ajuda de alguns amigos que, pelo jeito, limparam meu micro antes de eu enviar os logs ao lube do hardware".

Agradeço pela ajuda. Alguma explicação para as mensagens? Como evito isso?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Mude sua senha do Messenger e veja se isso resolve.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.