Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

fofspc

[Arquivado]possível problemacom ntos.exe pc reinicia qdo rodo o hijack

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

fofspc    0

fofspc
Postado

Amigos do Imasters,peço mais uma vez a sua ajuda. Dessa vez o pc reinicia qdo tento rodar o hijack this e até há alguns minutos os acentos eram duplicados. pelo que andei lendo, tratava-se do ntos.exe (deletei com o killbox).- O grande problema é que, além de não conseguir um log do hijack, o computador apresenta a memoria virtual próxima do máximo após algumas horas de uso, sendo que acabei de expandir a quantidade de memória no pc.(o problema existia antes disso).Obrigado, Fofspc.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia fofspc!

 

>@< Faça o download do < SPROCESS.EXE 2.6 >.

>@< Salve-o no Disco Local-C.

>@< Execute o programa e poste o relatório,que estará em: C:\SProcLog.txt

>@< O relatório,é semelhante ao HijackThis mas,sem a opção de Fix.

______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + C:\SProcLog.txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

fofspc    0

fofspc
Postado

Aqui estão os relatórios:

Combo fix:

 

ComboFix 07-10-02.2 - Administrador 2007-10-02 15:44:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.177 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrador\Dados de aplicativos\install.dat

C:\WINDOWS\system32\8_exception.nls

C:\WINDOWS\system32\iepref32.dll

C:\WINDOWS\system32\qmopt.dll

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll

C:\WINDOWS\system32\wsnpoem\video.dll

C:\WINDOWS\WebAssist.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_LANMANDRV

-------\LEGACY_NDNET1

-------\LEGACY_RUNTIME

-------\LEGACY_RUNTIME2

-------\lanmandrv

-------\runtime

-------\runtime2

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))))

.

 

2007-10-02 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-02 15:39 25,099 --a------ C:\SProces.exe

2007-09-28 23:50 <DIR> d-------- C:\!KillBox

2007-09-28 23:32 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-09-28 16:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-09-27 17:30 94,208 --a------ C:\WINDOWS\DIIUnin.exe

2007-09-27 17:30 31,602 --a------ C:\WINDOWS\DIIUnin.dat

2007-09-27 17:30 2,829 --a------ C:\WINDOWS\DIIUnin.pif

2007-09-27 17:15 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2007-09-27 17:15 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2007-09-27 17:15 <DIR> d-------- C:\Arquivos de programas\D-Tools

2007-09-26 20:30 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2007-09-26 20:30 <DIR> d-------- C:\Arquivos de programas\VstPlugins

2007-09-26 20:27 <DIR> d-------- C:\Arquivos de programas\Image-Line

2007-09-26 20:04 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2007-09-25 21:27 184,320 --a------ C:\WINDOWS\system32\7qu7UKKm.dll

2007-09-24 05:46 184,320 --a------ C:\WINDOWS\system32\yEnT3F2B.dll

2007-09-23 21:26 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-09-23 21:14 184,320 --a------ C:\WINDOWS\system32\t462HPDM.dll

2007-09-08 17:27 184,320 --a------ C:\WINDOWS\system32\xT5Xq5yJ.dll

2007-09-08 17:26 184,320 --a------ C:\WINDOWS\system32\aXVa76co.dll

2007-09-08 17:24 184,320 --a------ C:\WINDOWS\system32\J6gk2asv.dll

2007-09-08 17:24 184,320 --a------ C:\WINDOWS\system32\G20f8N6e.dll

2007-09-08 17:24 184,320 --a------ C:\WINDOWS\system32\63kk3Xun.dll

2007-09-08 17:24 184,320 --a------ C:\WINDOWS\system32\3EN41ltW.dll

2007-09-06 09:13 184,320 --a------ C:\WINDOWS\system32L7JcsyO.dll

2007-09-02 16:23 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-09-02 16:22 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-02 03:03 --------- d-------- C:\Arquivos de programas\eMule

2007-10-01 22:35 --------- d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-09-28 23:33 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-09-28 23:33 --------- d-------- C:\Arquivos de programas\StepMania

2007-09-27 17:59 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2007-09-27 17:59 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2007-09-27 17:59 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2007-09-26 19:56 --------- d-------- C:\Arquivos de programas\Mgutil

2007-09-23 21:29 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-31 15:03 26176 --a------ C:\WINDOWS\system32\FH2N7Ai8.exe

2007-08-13 00:52 --------- d-------- C:\Arquivos de programas\Google

2007-08-12 23:28 --------- d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-12 21:42 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-14 08:29 1988 --a------ C:\WINDOWS\Fonts\FontsInst.vbs

2007-07-10 18:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-07-10 11:01 95700 --a------ C:\WINDOWS\system32\ielog.dll

2007-07-10 10:57 47849 --a------ C:\WINDOWS\system32\cjpeg.exe

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

2007-09-25 21:27 184320 --a------ C:\WINDOWS\system32\7qu7UKKm.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"VTTimer"="VTTimer.exe" [2004-09-01 05:28 C:\WINDOWS\system32\VTTimer.exe]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 14:12]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-28 23:41]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:45]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 06:01:04]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - D:\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 17:47:48]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 06:01:04]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSharedDocuments"=1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSharedDocuments"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\win_8l0.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

"C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]

C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]

C:\WINDOWS\system32\ntos.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

 

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-02 03:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 13:00:00 C:\WINDOWS\Tasks\At11.job"

"2007-10-02 14:00:00 C:\WINDOWS\Tasks\At12.job"

"2007-10-02 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-01 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-01 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-01 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 04:00:00 C:\WINDOWS\Tasks\At2.job"

"2007-10-01 22:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-01 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 00:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 01:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 02:00:01 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 03:00:00 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 04:00:00 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 05:00:00 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 06:00:00 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 07:00:00 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 05:00:00 C:\WINDOWS\Tasks\At3.job"

"2007-10-02 08:00:00 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 09:00:00 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 10:00:00 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 11:00:00 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 12:00:00 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 13:00:00 C:\WINDOWS\Tasks\At35.job"

"2007-10-02 14:00:00 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 15:00:00 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 16:00:00 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 17:00:00 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 18:00:00 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-01 19:00:00 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-01 20:00:00 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-01 21:00:00 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-01 22:00:00 C:\WINDOWS\Tasks\At44.job"

"2007-10-01 23:00:00 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 00:00:00 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 01:00:00 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 02:00:01 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\system32\sfhFUJSJ.exe

"2007-10-02 03:00:00 C:\WINDOWS\Tasks\At49.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 04:00:00 C:\WINDOWS\Tasks\At50.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 05:00:00 C:\WINDOWS\Tasks\At51.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 06:00:00 C:\WINDOWS\Tasks\At52.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 07:00:00 C:\WINDOWS\Tasks\At53.job"

"2007-10-02 08:00:00 C:\WINDOWS\Tasks\At54.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 09:00:00 C:\WINDOWS\Tasks\At55.job"

"2007-10-02 10:00:00 C:\WINDOWS\Tasks\At56.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 11:00:00 C:\WINDOWS\Tasks\At57.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 12:00:00 C:\WINDOWS\Tasks\At58.job"

"2007-10-02 13:00:00 C:\WINDOWS\Tasks\At59.job"

"2007-10-02 08:00:00 C:\WINDOWS\Tasks\At6.job"

"2007-10-02 14:00:00 C:\WINDOWS\Tasks\At60.job"

"2007-10-02 15:00:00 C:\WINDOWS\Tasks\At61.job"

"2007-10-02 16:00:00 C:\WINDOWS\Tasks\At62.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 17:00:00 C:\WINDOWS\Tasks\At63.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 18:00:00 C:\WINDOWS\Tasks\At64.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-01 19:00:00 C:\WINDOWS\Tasks\At65.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-01 20:00:00 C:\WINDOWS\Tasks\At66.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-01 21:00:00 C:\WINDOWS\Tasks\At67.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-01 22:00:00 C:\WINDOWS\Tasks\At68.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-01 23:00:00 C:\WINDOWS\Tasks\At69.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 00:00:00 C:\WINDOWS\Tasks\At70.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 01:00:00 C:\WINDOWS\Tasks\At71.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 02:00:02 C:\WINDOWS\Tasks\At72.job"

- C:\WINDOWS\system32\FH2N7Ai8.exe

"2007-10-02 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\To1BS6xH.exe

"2007-10-02 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\To1BS6xH.exe

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-02 15:49:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-02 15:52:14 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-02 15:51

.

--- E O F ---

 

Sproces:

 

 

 

Tue Oct 02 15:41:57 2007

SProces v2.8 ©2007 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2

Internet Explorer: (v6.0.2900.2180) ;SP2;

 

Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\LEXBCES.EXE

C:\WINDOWS\SYSTEM32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\VTTIMER.EXE

C:\ARQUIV~1\GRISOFT\AVG7\AVGCC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

D:\CRYSTAL CLEAR\ROCKETDOCK\ROCKETDOCK.EXE

C:\ARQUIVOS DE PROGRAMAS\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE

C:\ARQUIV~1\GRISOFT\AVG7\AVGAMSVR.EXE

C:\ARQUIV~1\GRISOFT\AVG7\AVGUPSVC.EXE

C:\ARQUIV~1\GRISOFT\AVG7\AVGEMC.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\USNSVC.EXE

C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\FIREFOX.EXE

C:\SPROCES.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\7qu7UKKm.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - Startup: desktop.ini

O4 - Startup: RocketDock.lnk

O4 - Global Startup: desktop.ini

O4 - Global Startup: Microsoft Office.lnk

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_05) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.5.0_05) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\win_8l0.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-carregador Browseui - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon de cache de categorias de componente - %SystemRoot%\system32\browseui.dll

 

Información Adicional:

----------------------

ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - AVG Anti-Spyware 7.5 - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

 

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Network Redirector (AvgTdi) - GRISOFT, s.r.o. - C:\WINDOWS\System32\Drivers\avgtdi.sys

O23 - Service: Inicializador de Processo de Servidor DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Chamada de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

O23 - Service: Secdrv - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

 

Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-Media WDM Audio Interface (cmuda) - C-Media Inc - C:\WINDOWS\SYSTEM32\drivers\cmuda.sys

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: VIA Rhine-Family Fast Ethernet Adapter Driver Service (FETND5BV) - VIA Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\fetnd5bv.sys

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Driver de IPv6 do Firewall do Windows (Ip6Fw) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\Ip6Fw.sys (file missing)

O23 - Service: Driver de link paralelo direto (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys

O23 - Service: W2K Pctel Serial Device Driver (Ptserial) - PCTEL, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\ptserial.sys

O23 - Service: Realtek 10/100/1000 NIC Family all in one NDIS XP Driver (RTL8023xp) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\Rtlnicxp.sys

O23 - Service: runtime - Unknown owner - C:\WINDOWS\System32\drivers\runtime.sys (file missing)

O23 - Service: Serviços de terminal (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)

O23 - Service: viagfx - Copyright © VIA/S3 Graphics Co, Ltd. - C:\WINDOWS\SYSTEM32\DRIVERS\vtmini.sys

O23 - Service: Vinyl AC'97 Audio Controller (WDM) (VIAudio) - VIA Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\viaudios.sys

O23 - Service: W2K Vmodm (Vmodem) - PCTEL, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys

O23 - Service: W2K Vpctcom (Vpctcom) - PCtel, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys

O23 - Service: W2K Vvoice (Vvoice) - PCtel, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys

 

continua

 

 

Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys

 

27 Servicios.

10 de Carga Automatica.

16 de Carga Manual.

1 Deshabilitados.

 

obrigado!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite fofspc!

 

>@< Vá em Iniciar >> Executar >> Digite: msconfig >> Ok.

>@< Abrir-se-á o: Utilitário de configuração do sistema.

>@< Clique em Serviços.

>@< Desmarque a caixa referente à êste Serviço: < runtime >

>@< Clique em Aplicar >> Ok.

____________________

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!

>@< Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\system32\t462HPDM.dll

C:\WINDOWS\system32\xT5Xq5yJ.dll

C:\WINDOWS\system32\aXVa76co.dll

C:\WINDOWS\system32\J6gk2asv.dll

C:\WINDOWS\system32\G20f8N6e.dll

C:\WINDOWS\system32\63kk3Xun.dll

C:\WINDOWS\system32\3EN41ltW.dll

C:\WINDOWS\system32\L7JcsyO.dll

C:\WINDOWS\system32\7qu7UKKm.dll

C:\WINDOWS\system32\yEnT3F2B.dll

C:\WINDOWS\system32\FH2N7Ai8.exe

C:\WINDOWS\system32\ielog.dll

C:\WINDOWS\system32\ntos.exe

C:\WINDOWS\system32\win_8l0.dll

C:\WINDOWS\system32\To1BS6xH.exe

C:\WINDOWS\system32\sfhFUJSJ.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Faça e poste um nôvo log ( SProcLog.txt ) + Avenger.txt,na sua resposta.

>@< Ps: Caso já possa,rodar o HijackThis,poste-o no lugar de SProcLog.txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

fofspc    0

fofspc
Postado

O hijack rodou!Aqui está:Logfile of HijackThis v1.99.1Scan saved at 22:18:13, on 9/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\ARQUIV~1\Grisoft\AVG7\avgcc.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeD:\Crystal Clear\RocketDock\RocketDock.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Gustavo\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\7qu7UKKm.dll (file missing)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: RocketDock.lnk = D:\Crystal Clear\RocketDock\RocketDock.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\WINDOWS\system32\win_8l0.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEE o Avenger:Logfile of The Avenger version 1, by Swandog46Running from registry key:\Registry\Machine\System\CurrentControlSet\Services\nwsgcvpx*******************Script file located at: \??\C:\mygslcwv.txtScript file opened successfully.Script file read successfullyBackups directory opened successfully at C:\Avenger*******************Beginning to process script file:File C:\WINDOWS\system32\t462HPDM.dll deleted successfully.File C:\WINDOWS\system32\xT5Xq5yJ.dll deleted successfully.File C:\WINDOWS\system32\aXVa76co.dll deleted successfully.File C:\WINDOWS\system32\J6gk2asv.dll deleted successfully.File C:\WINDOWS\system32\G20f8N6e.dll deleted successfully.File C:\WINDOWS\system32\63kk3Xun.dll deleted successfully.File C:\WINDOWS\system32\3EN41ltW.dll deleted successfully.File C:\WINDOWS\system32\L7JcsyO.dll not found!Deletion of file C:\WINDOWS\system32\L7JcsyO.dll failed!Could not process line:C:\WINDOWS\system32\L7JcsyO.dllStatus: 0xc0000034File C:\WINDOWS\system32\7qu7UKKm.dll deleted successfully.File C:\WINDOWS\system32\yEnT3F2B.dll deleted successfully.File C:\WINDOWS\system32\FH2N7Ai8.exe deleted successfully.File C:\WINDOWS\system32\ielog.dll deleted successfully.File C:\WINDOWS\system32\ntos.exe not found!Deletion of file C:\WINDOWS\system32\ntos.exe failed!Could not process line:C:\WINDOWS\system32\ntos.exeStatus: 0xc0000034File C:\WINDOWS\system32\win_8l0.dll not found!Deletion of file C:\WINDOWS\system32\win_8l0.dll failed!Could not process line:C:\WINDOWS\system32\win_8l0.dllStatus: 0xc0000034File C:\WINDOWS\system32\To1BS6xH.exe not found!Deletion of file C:\WINDOWS\system32\To1BS6xH.exe failed!Could not process line:C:\WINDOWS\system32\To1BS6xH.exeStatus: 0xc0000034File C:\WINDOWS\system32\sfhFUJSJ.exe not found!Deletion of file C:\WINDOWS\system32\sfhFUJSJ.exe failed!Could not process line:C:\WINDOWS\system32\sfhFUJSJ.exeStatus: 0xc0000034File C:\WINDOWS\Tasks\At1.job deleted successfully.File C:\WINDOWS\Tasks\At10.job deleted successfully.File C:\WINDOWS\Tasks\At11.job deleted successfully.File C:\WINDOWS\Tasks\At12.job deleted successfully.File C:\WINDOWS\Tasks\At13.job deleted successfully.File C:\WINDOWS\Tasks\At14.job deleted successfully.File C:\WINDOWS\Tasks\At15.job deleted successfully.File C:\WINDOWS\Tasks\At16.job deleted successfully.File C:\WINDOWS\Tasks\At17.job deleted successfully.File C:\WINDOWS\Tasks\At18.job deleted successfully.File C:\WINDOWS\Tasks\At19.job deleted successfully.File C:\WINDOWS\Tasks\At2.job deleted successfully.File C:\WINDOWS\Tasks\At20.job deleted successfully.File C:\WINDOWS\Tasks\At21.job deleted successfully.File C:\WINDOWS\Tasks\At22.job deleted successfully.File C:\WINDOWS\Tasks\At23.job deleted successfully.File C:\WINDOWS\Tasks\At24.job deleted successfully.File C:\WINDOWS\Tasks\At25.job deleted successfully.File C:\WINDOWS\Tasks\At26.job deleted successfully.File C:\WINDOWS\Tasks\At27.job deleted successfully.File C:\WINDOWS\Tasks\At28.job deleted successfully.File C:\WINDOWS\Tasks\At29.job deleted successfully.File C:\WINDOWS\Tasks\At3.job deleted successfully.File C:\WINDOWS\Tasks\At30.job deleted successfully.File C:\WINDOWS\Tasks\At31.job deleted successfully.File C:\WINDOWS\Tasks\At32.job deleted successfully.File C:\WINDOWS\Tasks\At33.job deleted successfully.File C:\WINDOWS\Tasks\At34.job deleted successfully.File C:\WINDOWS\Tasks\At35.job deleted successfully.File C:\WINDOWS\Tasks\At36.job deleted successfully.File C:\WINDOWS\Tasks\At37.job deleted successfully.File C:\WINDOWS\Tasks\At38.job deleted successfully.File C:\WINDOWS\Tasks\At39.job deleted successfully.File C:\WINDOWS\Tasks\At4.job deleted successfully.File C:\WINDOWS\Tasks\At40.job deleted successfully.File C:\WINDOWS\Tasks\At41.job deleted successfully.File C:\WINDOWS\Tasks\At42.job deleted successfully.File C:\WINDOWS\Tasks\At43.job deleted successfully.File C:\WINDOWS\Tasks\At44.job deleted successfully.File C:\WINDOWS\Tasks\At45.job deleted successfully.File C:\WINDOWS\Tasks\At46.job deleted successfully.File C:\WINDOWS\Tasks\At47.job deleted successfully.File C:\WINDOWS\Tasks\At48.job deleted successfully.File C:\WINDOWS\Tasks\At49.job deleted successfully.File C:\WINDOWS\Tasks\At5.job deleted successfully.File C:\WINDOWS\Tasks\At50.job deleted successfully.File C:\WINDOWS\Tasks\At51.job deleted successfully.File C:\WINDOWS\Tasks\At52.job deleted successfully.File C:\WINDOWS\Tasks\At53.job deleted successfully.File C:\WINDOWS\Tasks\At54.job deleted successfully.File C:\WINDOWS\Tasks\At55.job deleted successfully.File C:\WINDOWS\Tasks\At56.job deleted successfully.File C:\WINDOWS\Tasks\At57.job deleted successfully.File C:\WINDOWS\Tasks\At58.job deleted successfully.File C:\WINDOWS\Tasks\At59.job deleted successfully.File C:\WINDOWS\Tasks\At6.job deleted successfully.File C:\WINDOWS\Tasks\At60.job deleted successfully.File C:\WINDOWS\Tasks\At61.job deleted successfully.File C:\WINDOWS\Tasks\At62.job deleted successfully.File C:\WINDOWS\Tasks\At63.job deleted successfully.File C:\WINDOWS\Tasks\At64.job deleted successfully.File C:\WINDOWS\Tasks\At65.job deleted successfully.File C:\WINDOWS\Tasks\At66.job deleted successfully.File C:\WINDOWS\Tasks\At67.job deleted successfully.File C:\WINDOWS\Tasks\At68.job deleted successfully.File C:\WINDOWS\Tasks\At69.job deleted successfully.File C:\WINDOWS\Tasks\At7.job deleted successfully.File C:\WINDOWS\Tasks\At70.job deleted successfully.File C:\WINDOWS\Tasks\At71.job deleted successfully.File C:\WINDOWS\Tasks\At72.job deleted successfully.File C:\WINDOWS\Tasks\At8.job deleted successfully.File C:\WINDOWS\Tasks\At9.job deleted successfully.Completed script processing.*******************Finished! Terminate.Obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia fofspc!

 

>@< Apague as pastas,em destaque:

 

C:\QooBox << Pertence ao ComboFix.

C:\Avenger\backups

_______________

 

>@< Faça uma pesquisa,pelo Jotti,ao arquivo:

 

win_8l0.dll

 

>@< Em File to upload,coloque o caminho: C:\WINDOWS\system32\win_8l0.dll

>@< Em seguida,clique em Submit.

>@< Copie e poste,o relatório desta análise.

_______________

 

>@< Reinicie o computador,em Modo de Segurança!

>@< Abra o HijackThis,e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked!

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\7qu7UKKm.dll (file missing)

>@< Ainda no HijackThis,clique em: Open the misc tools section.

>@< Clique em: Delete an NT Service.

>@< Coloque o nome do Serviço: runtime,na caixa.

>@< Clique em Ok.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste um novo Log do HijackThis,na sua resposta + relatório do Jotti.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito