Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

x_confused

[Arquivado] Log - hijack

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:41:59, on 23/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{3282D6A7-1397-480F-9DBC-45A8B8B5BF31}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{3282D6A7-1397-480F-9DBC-45A8B8B5BF31}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 4349 bytes

 

 

Att.

 

X-Confused

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa x_confused,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde jgarcia, obrigado pelo suporte. Segue log combo fix:

 

ComboFix 08-06-20.4 - Usuario 2008-06-24 12:06:03.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.258 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))

.

 

2008-06-23 14:53 . 2008-06-23 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-23 14:53 . 2008-06-23 14:53 <DIR> d-------- C:\Arquivos de programas\Avira

2008-06-23 14:41 . 2008-06-23 14:41 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-06-23 14:41 . 2008-06-23 14:40 812,344 --a------ C:\HJTInstall.exe

2008-06-23 12:57 . 2008-06-23 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-06-12 16:01 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 16:01 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-01 10:25 . 2004-11-01 11:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-23 16:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-06-20 18:47 --------- d-----w C:\Arquivos de programas\EA Games

2008-06-20 00:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-12 19:36 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AdobeUM

2008-06-12 19:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-12 19:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-12 19:13 --------- d-----w C:\Arquivos de programas\Macromedia

2008-06-11 00:40 --------- d-----w C:\Arquivos de programas\DreMule

2008-06-05 19:44 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Image Zone Express

2008-06-01 13:14 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-06-01 13:14 --------- d-----w C:\Arquivos de programas\Maxis

2008-05-17 16:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-05-17 16:10 --------- d-----w C:\Arquivos de programas\OnGame

2008-05-11 15:25 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Sony

2008-05-11 15:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-05-11 15:25 --------- d-----w C:\Arquivos de programas\QuickTime

2008-05-10 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-05-10 17:55 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-02-10 00:39 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-08-14 20:56 56 --sh--r C:\WINDOWS\system32\E21C6FF12C.sys

2007-08-14 20:56 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-23_13.11.21,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-23 16:06:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-24 14:58:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-01-21 21:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 10:43 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 10:43 86016]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\

PowerReg Scheduler.exe [2008-05-22 12:36:51 256000]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Usuario^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Usuario^Menu Iniciar^Programas^Inicializar^WinMySQLadmin.lnk]

path=C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\WinMySQLadmin.lnk

backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frag Ooze Cash Scr]

C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze\Deaf Glue.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-11 23:12 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 06:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

-ra------ 2006-08-11 10:43 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

C:\Arquivos de programas\Shareaza\Shareaza.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-09-13 13:31 22880040 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 16:45 313472 C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OracleXETNSListener"=2 (0x2)

"OracleXEClrAgent"=3 (0x3)

"OracleServiceXE"=2 (0x2)

"OracleMTSRecoveryService"=3 (0x3)

"MySql"=2 (0x2)

"FirebirdServerDefaultInstance"=3 (0x3)

"FirebirdGuardianDefaultInstance"=2 (0x2)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"aspnet_state"=3 (0x3)

"Apache"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"InCDsrv"=2 (0x2)

"ImapiService"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Jogos\\HalfLife\\hl.exe"=

"C:\\Arquivos de programas\\WS_FTP\\WS_FTP95.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 07:47]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 07:47]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 07:47]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 07:47]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 07:47]

 

*Newly Created Service* - SSMDRV

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-06-24 15:00:00 C:\WINDOWS\Tasks\A65278199191ED1D.job"

- c:\docume~1\usuario\dadosd~1\realch~1\mealforstart.exe

"2008-05-17 13:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-24 12:07:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

.

Tempo para conclusão: 2008-06-24 12:09:59

ComboFix-quarantined-files.txt 2008-06-24 15:09:52

 

Pre-Run: 35,202,514,944 bytes disponíveis

Post-Run: 35,194,384,384 bytes disponíveis

 

188 --- E O F --- 2008-06-20 18:14:48

 

 

Att.

 

x_confused

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa x_confused,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\Tasks\A65278199191ED1D.job

c:\docume~1\usuario\dadosd~1\realch~1\mealforstart.exe

C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze\Deaf Glue.exe

C:\WINDOWS\bootstat.dat

Folder::

c:\docume~1\usuario\dadosd~1\realch~1

C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frag Ooze Cash Scr]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.