Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

andreluis.mathias

[Arquivado] PrdMgr.exe - Não consigo acessar a rede do meu Notebo

Recommended Posts

Sr. Perfect ai está o Tópico como você solicitou.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:33:47, on 23/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\drivers\FmMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.593\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://e+/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.1:8090

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

 

 

 

Se possivel me ajuda.

 

 

 

Obrigado.

 

André.

Compartilhar este post


Link para o post
Compartilhar em outros sites

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Perfect ai estão os logs atualizados

 

ComboFix 08-11-22.02 - Administrador 2008-11-24 20:30:08.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.672 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Microsoft\backup.ftp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

 

2008-11-24 20:21 . 2008-11-24 20:21 244 --ah----- C:\sqmnoopt18.sqm

2008-11-24 20:21 . 2008-11-24 20:21 232 --ah----- C:\sqmdata18.sqm

2008-11-23 12:38 . 2008-11-23 12:38 268 --ah----- C:\sqmdata17.sqm

2008-11-23 12:38 . 2008-11-23 12:38 244 --ah----- C:\sqmnoopt17.sqm

2008-11-23 11:02 . 2008-11-23 11:02 268 --ah----- C:\sqmdata16.sqm

2008-11-23 11:02 . 2008-11-23 11:02 244 --ah----- C:\sqmnoopt16.sqm

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\xircom

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\oobe

2008-11-23 08:39 . 2008-11-23 08:39 268 --ah----- C:\sqmdata15.sqm

2008-11-23 08:39 . 2008-11-23 08:39 244 --ah----- C:\sqmnoopt15.sqm

2008-11-23 08:30 . 2008-11-23 08:30 <DIR> d-------- c:\windows\vnDrvBas

2008-11-23 08:27 . 2008-11-23 08:27 268 --ah----- C:\sqmdata14.sqm

2008-11-23 08:27 . 2008-11-23 08:27 244 --ah----- C:\sqmnoopt14.sqm

2008-11-23 08:15 . 2008-11-23 08:15 268 --ah----- C:\sqmdata13.sqm

2008-11-23 08:15 . 2008-11-23 08:15 244 --ah----- C:\sqmnoopt13.sqm

2008-11-22 15:49 . 2008-11-22 15:49 268 --ah----- C:\sqmdata12.sqm

2008-11-22 15:49 . 2008-11-22 15:49 244 --ah----- C:\sqmnoopt12.sqm

2008-11-17 21:30 . 2008-11-17 21:30 268 --ah----- C:\sqmdata11.sqm

2008-11-17 21:30 . 2008-11-17 21:30 244 --ah----- C:\sqmnoopt11.sqm

2008-11-17 21:27 . 2008-11-17 21:27 <DIR> d--h----- c:\windows\PIF

2008-11-17 19:56 . 2008-11-17 19:56 268 --ah----- C:\sqmdata10.sqm

2008-11-17 19:56 . 2008-11-17 19:56 244 --ah----- C:\sqmnoopt10.sqm

2008-11-17 19:31 . 2008-11-17 19:31 268 --ah----- C:\sqmdata09.sqm

2008-11-17 19:31 . 2008-11-17 19:31 244 --ah----- C:\sqmnoopt09.sqm

2008-11-17 19:11 . 2008-11-17 19:11 268 --ah----- C:\sqmdata08.sqm

2008-11-17 19:11 . 2008-11-17 19:11 244 --ah----- C:\sqmnoopt08.sqm

2008-11-17 19:07 . 2008-11-17 19:07 268 --ah----- C:\sqmdata07.sqm

2008-11-17 19:07 . 2008-11-17 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-11-17 18:58 . 2008-11-17 18:58 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-11-17 18:54 . 2008-11-17 18:54 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-11-17 18:42 . 2008-11-17 18:42 268 --ah----- C:\sqmdata06.sqm

2008-11-17 18:42 . 2008-11-17 18:42 244 --ah----- C:\sqmnoopt06.sqm

2008-11-12 14:13 . 2008-11-12 14:13 268 --ah----- C:\sqmdata05.sqm

2008-11-12 14:13 . 2008-11-12 14:13 244 --ah----- C:\sqmnoopt05.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 22:26 45,056 ----a-w c:\windows\system32\ftp.exe

2008-11-24 22:26 359,936 ------w c:\windows\system32\drivers\tcpip.sys

2008-10-01 20:22 89,600 ----a-w C:\8b4l8r9h1v9.exe

2008-09-30 22:37 76,288 --sh--r c:\windows\system32\drivers\FmMgr.exe

2008-09-09 20:18 52,701 ----a-w c:\windows\BricoPackUninst.cmd

2008-09-09 20:18 5,997 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2008-09-09 20:18 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-07-27 01:18 0 ----a-w c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2008-03-18 15:54 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 9.10.53.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-23 10:51:32 38,094 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-23 18:33:25 38,094 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-23 10:51:32 46,642 ----a-w c:\windows\system32\perfc016.dat

+ 2008-11-23 18:33:25 46,642 ----a-w c:\windows\system32\perfc016.dat

- 2008-11-23 10:51:32 305,652 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-23 18:33:25 305,652 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-23 10:51:32 338,832 ----a-w c:\windows\system32\perfh016.dat

+ 2008-11-23 18:33:25 338,832 ----a-w c:\windows\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"FmMgr.exe"="c:\windows\system32\drivers\FmMgr.exe" [2008-09-30 76288]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

-ra------ 2007-01-23 00:24 724992 c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-03-27 04:35 36352 c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-03-18 180480]

R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-03-18 634880]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b229a6-4391-11dd-a683-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550a7c30-3e15-11dd-a679-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f6e802-2b57-11dd-a65b-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83169d0e-0305-11dd-a613-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83169d0f-0305-11dd-a613-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{858dcdc4-51d4-11dd-a69e-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c5b6c4-243a-11dd-a64d-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{999f7498-02dd-11dd-a612-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72ecc-940b-11dd-a70d-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72ecd-940b-11dd-a70d-0015af24af92}]

\Shell\Auto\command - G:\msnmsgr.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\twhrmwkp.default\

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 20:31:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(356)

c:\windows\system32\rsaenh.dll

 

- - - - - - - > 'lsass.exe'(412)

c:\windows\system32\msprivs.dll

c:\windows\system32\rsaenh.dll

.

Tempo para conclusão: 2008-11-24 20:31:47

ComboFix-quarantined-files.txt 2008-11-24 22:31:33

ComboFix2.txt 2008-11-23 11:12:14

 

Pré-execução: 7 pasta(s) 11.122.585.600 bytes disponíveis

Pós execução: 7 pasta(s) 11,114,332,160 bytes disponíveis

 

180

 

----------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 20:35:06, on 24/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\drivers\FmMgr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.313\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://e+/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.1:8090

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, concentre seu tempo nessa análise. Não perca tempo mandando MP, eu tenho acesso a todos os meus tópicos, vamos la.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\system32\drivers\FmMgr.exe

F:\msnmsgr.exe

G:\msnmsgr.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b229a6-4391-11dd-a683-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550a7c30-3e15-11dd-a679-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f6e802-2b57-11dd-a65b-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83169d0e-0305-11dd-a613-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83169d0f-0305-11dd-a613-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{858dcdc4-51d4-11dd-a69e-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c5b6c4-243a-11dd-a64d-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{999f7498-02dd-11dd-a612-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72ecc-940b-11dd-a70d-0015af24af92}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e72ecd-940b-11dd-a70d-0015af24af92}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FmMgr.exe"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

Ps:. Faça o procedimento com o pen drive conectado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Sr. Perfect !

 

Conforme orientado pelo Sr. ai estão os novos logs.

 

ComboFix 08-11-22.02 - Administrador 2008-11-27 11:59:03.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.644 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\windows\system32\drivers\FmMgr.exe

F:\msnmsgr.exe

G:\msnmsgr.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\FmMgr.exe

c:\windows\system32\Microsoft\backup.ftp

F:\autorun.inf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-27 to 2008-11-27 ))))))))))))))))))))))))))))

.

 

2008-11-24 22:35 . 2008-11-24 22:35 244 --ah----- C:\sqmnoopt19.sqm

2008-11-24 22:35 . 2008-11-24 22:35 232 --ah----- C:\sqmdata19.sqm

2008-11-24 20:21 . 2008-11-24 20:21 244 --ah----- C:\sqmnoopt18.sqm

2008-11-24 20:21 . 2008-11-24 20:21 232 --ah----- C:\sqmdata18.sqm

2008-11-23 12:38 . 2008-11-23 12:38 268 --ah----- C:\sqmdata17.sqm

2008-11-23 12:38 . 2008-11-23 12:38 244 --ah----- C:\sqmnoopt17.sqm

2008-11-23 11:02 . 2008-11-23 11:02 268 --ah----- C:\sqmdata16.sqm

2008-11-23 11:02 . 2008-11-23 11:02 244 --ah----- C:\sqmnoopt16.sqm

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\xircom

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\oobe

2008-11-23 08:39 . 2008-11-23 08:39 268 --ah----- C:\sqmdata15.sqm

2008-11-23 08:39 . 2008-11-23 08:39 244 --ah----- C:\sqmnoopt15.sqm

2008-11-23 08:30 . 2008-11-23 08:30 <DIR> d-------- c:\windows\vnDrvBas

2008-11-23 08:27 . 2008-11-23 08:27 268 --ah----- C:\sqmdata14.sqm

2008-11-23 08:27 . 2008-11-23 08:27 244 --ah----- C:\sqmnoopt14.sqm

2008-11-23 08:15 . 2008-11-23 08:15 268 --ah----- C:\sqmdata13.sqm

2008-11-23 08:15 . 2008-11-23 08:15 244 --ah----- C:\sqmnoopt13.sqm

2008-11-22 15:49 . 2008-11-22 15:49 268 --ah----- C:\sqmdata12.sqm

2008-11-22 15:49 . 2008-11-22 15:49 244 --ah----- C:\sqmnoopt12.sqm

2008-11-17 21:30 . 2008-11-17 21:30 268 --ah----- C:\sqmdata11.sqm

2008-11-17 21:30 . 2008-11-17 21:30 244 --ah----- C:\sqmnoopt11.sqm

2008-11-17 21:27 . 2008-11-17 21:27 <DIR> d--h----- c:\windows\PIF

2008-11-17 19:56 . 2008-11-17 19:56 268 --ah----- C:\sqmdata10.sqm

2008-11-17 19:56 . 2008-11-17 19:56 244 --ah----- C:\sqmnoopt10.sqm

2008-11-17 19:31 . 2008-11-17 19:31 268 --ah----- C:\sqmdata09.sqm

2008-11-17 19:31 . 2008-11-17 19:31 244 --ah----- C:\sqmnoopt09.sqm

2008-11-17 19:11 . 2008-11-17 19:11 268 --ah----- C:\sqmdata08.sqm

2008-11-17 19:11 . 2008-11-17 19:11 244 --ah----- C:\sqmnoopt08.sqm

2008-11-17 19:07 . 2008-11-17 19:07 268 --ah----- C:\sqmdata07.sqm

2008-11-17 19:07 . 2008-11-17 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-11-17 18:58 . 2008-11-17 18:58 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-11-17 18:54 . 2008-11-17 18:54 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-11-17 18:42 . 2008-11-17 18:42 268 --ah----- C:\sqmdata06.sqm

2008-11-17 18:42 . 2008-11-17 18:42 244 --ah----- C:\sqmnoopt06.sqm

2008-11-12 14:13 . 2008-11-12 14:13 268 --ah----- C:\sqmdata05.sqm

2008-11-12 14:13 . 2008-11-12 14:13 244 --ah----- C:\sqmnoopt05.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-27 13:46 45,056 ----a-w c:\windows\system32\ftp.exe

2008-11-27 13:46 359,936 ------w c:\windows\system32\drivers\tcpip.sys

2008-10-01 20:22 89,600 ----a-w C:\8b4l8r9h1v9.exe

2008-09-09 20:18 52,701 ----a-w c:\windows\BricoPackUninst.cmd

2008-09-09 20:18 5,997 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2008-09-09 20:18 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-07-27 01:18 0 ----a-w c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2008-03-18 15:54 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 9.10.53.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-23 10:51:32 38,094 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-27 13:52:50 38,094 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-23 10:51:32 46,642 ----a-w c:\windows\system32\perfc016.dat

+ 2008-11-27 13:52:50 46,642 ----a-w c:\windows\system32\perfc016.dat

- 2008-11-23 10:51:32 305,652 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-27 13:52:50 305,652 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-23 10:51:32 338,832 ----a-w c:\windows\system32\perfh016.dat

+ 2008-11-27 13:52:50 338,832 ----a-w c:\windows\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

-ra------ 2007-01-23 00:24 724992 c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-03-27 04:35 36352 c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-03-18 180480]

R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-03-18 634880]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-27 12:00:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(372)

c:\windows\system32\rsaenh.dll

 

- - - - - - - > 'lsass.exe'(428)

c:\windows\system32\msprivs.dll

c:\windows\system32\rsaenh.dll

.

Tempo para conclusão: 2008-11-27 12:00:40

ComboFix-quarantined-files.txt 2008-11-27 14:00:33

ComboFix2.txt 2008-11-24 22:31:48

ComboFix3.txt 2008-11-23 11:12:14

 

Pré-execução: 7 pasta(s) 11,087,511,552 bytes disponíveis

Pós execução: 7 pasta(s) 11,079,200,768 bytes disponíveis

 

153

 

 

-------------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 20:35:06, on 24/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\drivers\FmMgr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.313\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://e+/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.1:8090

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

 

        • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

 

C:\WINDOWS\system32\drivers\FmMgr.exe

 

        • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;

        • Clique no e responda Não à pergunta.

 

- Reinicie o computador em Modo de Segurança[/url] (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

 

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

 

O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe

 

- Feche todas as janelas, clique em Sim;

 

- Reinciie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Sr. Perfect !

 

Não sei se fiz certo, estava meio confusa sua ultima resposta, mas ai está o log.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:39:58, on 27/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX03.703\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://e+/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.1:8090

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo :)

 

• Algum problema?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Sr. Perfect !

 

Agradeço sua ajuda até aqui, mas ainda estou com um grave problema não consigo fixar ip nem acessar qualquer tipo de rede.

 

Abri o prompt do DOS e dei o seguinte comando

 

IPCONFIG

 

e apareceu a seguinte mensagem

 

"Configuração do IP do Windows

Erro interno: Não há suporte para o pedido

Contacte os Serviços de Suporte aos Produtos Microsoft para obter ajuda.

Informação adicional: não é possivel consultar o nome do host."

 

 

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.