Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Jefferson Bezerra

[Resolvido] Identificar virus

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Jefferson Bezerra    0

Jefferson Bezerra
Postado

Apos um amigo utilizar meu PC, ele começou a ficar lento, e a abrir as velhas janelas do browser durante a navegação.

percebi que ao inicializar o sistema, um processo do ixplore.exe é inicializado, mas, eu nem cheguei a abrir o browser. se eu finalizar tarefa para o processo do iexplore o mesmo torna a abrir no mesmo momento.

 

segue o log:

Logfile of HijackThis v1.99.1Scan saved at 16:54:33, on 10/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXEC:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exeC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\ARQUIV~1\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exeO4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174109040425O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: MsgPlusLoader.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis.

 

Aguardo o Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

Jefferson Bezerra    0

Jefferson Bezerra
Postado

Feito. Segue novo log

 

Obs.: Nesse meio tempo, executei uma varredura total do anti-virus e alguns arquivo foram excluídos.

 

 

Logfile of HijackThis v1.99.1Scan saved at 02:28:02, on 11/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXEC:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exeC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exeC:\ARQUIV~1\Mozilla Firefox\firefox.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exeO4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174109040425O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: MsgPlusLoader.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, selecione as linhas abaixo e clique em

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - AppInit_DLLs: MsgPlusLoader.dll

 

Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Jefferson Bezerra    0

Jefferson Bezerra
Postado 
Logfile of HijackThis v1.99.1
Scan saved at 21:27:34, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174109040425
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

 

 

Aguardo Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

Jefferson Bezerra    0

Jefferson Bezerra
Postado

Log do combofix

ComboFix 08-05-15.3 - Daniel 2008-05-18 23:00:49.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.247 [GMT -3:00]Executando de: C:\Documents and Settings\Daniel\Desktop\ComboFix.exe * Criado um novo ponto de restauro[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Flora\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML.(((((((((((((((((((((((   Ficheiros criados de 2008-04-19 to 2008-05-19  )))))))))))))))))))))))))))))))).2008-05-12 11:04 . 2008-05-12 11:04	<DIR>	d--------	C:\Arquivos de programas\Multimedia Card Reader2008-05-11 02:25 . 2008-05-11 02:26	<DIR>	d--------	C:\LinhaDefensiva2008-05-10 16:53 . 2008-05-12 21:27	<DIR>	d--------	C:\hijackthis2008-05-10 15:42 . 2008-05-10 15:42	<DIR>	d--------	C:\Temp2008-05-10 15:15 . 2007-07-25 12:43	1,510	--a------	C:\Kaspersky Anti-Virus Personal - 2010.key2008-05-10 15:13 . 2008-05-10 16:08	96,645	--a------	C:\WINDOWS\system32\drivers\klin.dat2008-05-10 15:13 . 2008-05-10 16:08	87,941	--a------	C:\WINDOWS\system32\drivers\klick.dat2008-05-10 15:12 . 2008-05-17 09:17	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab2008-05-10 15:12 . 2008-05-10 15:12	<DIR>	d--------	C:\Arquivos de programas\Kaspersky Lab2008-05-10 15:12 . 2008-05-18 23:05	9,192,992	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat2008-05-10 15:12 . 2008-05-12 14:46	124,400	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx2008-05-10 15:12 . 2008-05-17 03:02	55,840	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat2008-05-10 15:12 . 2008-05-12 14:46	3,128	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx2008-05-05 18:59 . 2008-05-05 18:59	30,590	--a------	C:\WINDOWS\system32\pavas.ico2008-05-05 18:59 . 2008-05-05 18:59	2,550	--a------	C:\WINDOWS\system32\Uninstall.ico2008-05-05 18:59 . 2008-05-05 18:59	1,406	--a------	C:\WINDOWS\system32\Help.ico2008-05-05 18:58 . 2008-05-05 19:01	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan2008-05-03 10:47 . 2008-05-03 10:47	<DIR>	d--------	C:\Arquivos de programas\stop store2008-05-01 11:24 . 2008-05-12 11:05	<DIR>	d--h-----	C:\Arquivos de programas\InstallShield Installation Information2008-04-28 18:18 . 2008-04-28 18:17	58,952	--a------	C:\WINDOWS\system32\MsgPlusLoader.dll2008-04-28 18:17 . 2008-04-28 18:17	<DIR>	d--------	C:\Arquivos de programas\MessengerPlus! 32008-04-28 18:17 . 2008-05-18 22:55	<DIR>	d--------	C:\Arquivos de programas\Adverts.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-17 13:39	3,766	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys2008-03-25 04:49	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:49	183,072	----a-w	C:\WINDOWS\system32\msjint40.dll2008-03-20 19:46	---------	d-----w	C:\Documents and Settings\Flora\Dados de aplicativos\Thinstall2008-03-20 08:09	1,845,376	----a-w	C:\WINDOWS\system32\win32k.sys2008-03-01 13:02	826,368	----a-w	C:\WINDOWS\system32\wininet.dll2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll2008-02-20 05:37	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll2007-03-21 21:36	10,857	----a-w	C:\Arquivos de programas\Dreamweaver CS3 Read Me.html2007-03-21 11:35	56	--sh--r	C:\WINDOWS\system32\7E173F8060.sys.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* entradas vazias & legítimas por defeito não são mostradas.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NWEReboot"="" []"Cmaudio"="cmicnfg.cpl" []"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 11:54 262210]"EPSON Stylus CX4100 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe" [2005-03-08 00:00 98304]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2008-04-28 18:17 190024]"Sunkist2k"="C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49 139264]"meet great active lies"="C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exe" [ ]"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:50 200768]C:\Documents and Settings\Daniel\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\INTERNET ERROR]C:\DOCUME~1\Daniel\DADOSD~1\STOPST~1\timebags.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"="C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0120755b-1b67-11dd-b3b4-00115b536d5f}]\Shell\auto\command - H:\Knight.exe open\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open\Shell\explore\command - H:\Knight.exe open\Shell\find\command - H:\Knight.exe open\Shell\install\command - H:\Knight.exe open\Shell\open\command - H:\Knight.exe open[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b5eb73-fce4-11db-b22c-00115b536d5f}]\Shell\Auto\command - winsys3.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5abae60e-266f-11dd-b3af-00115b536d5f}]\Shell\AutoRun\command - H:\ekugb3.bat\Shell\explore\Command - H:\ekugb3.bat\Shell\open\Command - H:\ekugb3.bat[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5abae61e-266f-11dd-b3af-00115b536d5f}]\Shell\Auto\command - sxs.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5abae61f-266f-11dd-b3af-00115b536d5f}]\Shell\Auto\command - M:\sxs.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{829d7ddb-a20d-11dc-b30f-00115b536d5f}]\Shell\AutoRun\command - ntde1ect.com\Shell\explore\Command - ntde1ect.com\Shell\open\Command - ntde1ect.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{829d7dea-a20d-11dc-b30f-00115b536d5f}]\Shell\Auto\command - MicrosoftPowerPoint.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950d1b4c-227b-11dd-b3ae-00115b536d5f}]\Shell\AutoRun\command - H:\y82td3td.com\Shell\explore\Command - H:\y82td3td.com\Shell\open\Command - H:\y82td3td.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cb92090-eeab-11dc-b38b-00115b536d5f}]\Shell\Auto\command - H:\winsys3.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{add0086d-1c3e-11dd-b3b5-00115b536d5f}]\Shell\Auto\command - winsys3.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdb44ccf-612c-11dc-b2cc-00115b536d5f}]\Shell\Auto\command - MicrosoftPowerPoint.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf35c748-fa47-11db-b229-00115b536d5f}]\Shell\AutoRun\command - H:\LaunchU3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9219353-5c73-11dc-b2c6-00115b536d5f}]\Shell\Auto\command - MicrosoftPowerPoint.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4ad1f10-1e98-11dc-b25b-00115b536d5f}]\Shell\Auto\command - winsys3.exe\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f325b78d-f418-11dc-b398-00115b536d5f}]\Shell\auto\command - Knight.exe open\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open\Shell\explore\command - Knight.exe open\Shell\find\command - Knight.exe open\Shell\install\command - Knight.exe open\Shell\open\command - Knight.exe open*Newly Created Service* - CATCHME.Conteúdo da pasta 'Tarefas Agendadas'"2008-05-19 02:00:00 C:\WINDOWS\Tasks\B2D236A09D31A8EC.job"- c:\docume~1\flora\dadosd~1\stopst~1\Cake bias bone.exe"2008-05-19 02:00:00 C:\WINDOWS\Tasks\B8A9248C9612CF58.job"- c:\docume~1\daniel\dadosd~1\stopst~1\Cake bias bone.exe"2008-05-19 02:00:00 C:\WINDOWS\Tasks\BB54477A9C37FEAE.job"- c:\docume~1\jeffer~1\dadosd~1\stopst~1\Cake bias bone.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-18 23:05:26Windows 5.1.2600 Service Pack 2 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros ocultos ...Varredura completada com sucessoFicheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-05-18 23:07:14ComboFix-quarantined-files.txt  2008-05-19 02:06:57Pre-Run: 14,069,309,440 bytes disponíveisPost-Run: 19,055,812,608 bytes disponíveis163	--- E O F ---	2008-05-17 06:03:51

 

 

log do hijackthis

Logfile of HijackThis v1.99.1Scan saved at 23:12:48, on 18/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXEC:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exeC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exec:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exeO4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\ARQUIV~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174109040425O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Siga as instruções abaixo

Abra o Bloco de Notas copie o conteúdo abaixo:

C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exe

Salve como Teste.txt então vá ao Online malware scan lá clique em arquivo

e selecione o arquivo que você salvou o Teste.txt então clique em Submit

Poste aqui o log do Online scan e gere um novo log do Hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

Jefferson Bezerra    0

Jefferson Bezerra
Postado

Caro Silas,

Eu ia editar a resposta anterior mas, como ja respondesses segue a situação atual.

 

Verifiquei que o mesmo arquivo nao esta mais presente no caminho:C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exe

 

rodei novamente o combofix e essa entrada continua aparecendo

 

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]..."meet great active lies"="C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exe" [ ]

 

quanto ao wormFix, o arquivo que tem lá é o Worm-fix.exe executei-o e o mesmo não me da opção de selecionar entrada alguma, somente exibi uma pequena janela com o título "Remove orkut blocker worm" e dois botões: "About" e "Remove" cliquei no remove e ele exibe a mensagem "Worm remover sucesseful. Thank you", porem lembro-he que não solicita que eu escolha arquivo algum.

 

tambem rodei o worm-fix.exe com o parametro worn, mas, não muda nada. (fix.exe worn como pussestes me levou a pensar que worn talvez seja um parametro.

 

é isso.

att

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Sigas as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Jefferson Bezerra    0

Jefferson Bezerra
Postado

MSNFix 1.719

 

C:\hijackthis\MSNFix

Fix lançado dia --- 30/05/2008 - 18:38:12,85 By Daniel

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\WINDOWS\system32OpenGL.dat

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\WINDOWS\system32OpenGL.dat

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\DOCUME~1\Daniel\CONFIG~1\Temp\Worm-fix.exe.zip] A160559F755BEA6F3A8713B0D3581D11

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\Daniel\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo --- 30052008_19233254.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

HijackThis

Logfile of HijackThis v1.99.1Scan saved at 19:29:01, on 30/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\RunDll32.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exeC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\ARQUIV~1\MOZILL~1\FIREFOX.EXEC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Arquivos de programas\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\DEAD SOFTWARE.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174109040425O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito