Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Annluciap

[Resolvido!] Trojan

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Annluciap    0

Annluciap
Postado

Olá,

 

alguém poderia olhar o log abaixo, por favor?

 

Obrigada.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:09:36, on 9/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt

O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS3\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 7748 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Annluciap    0

Annluciap
Postado

Seguem os logs....

 

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1482

Windows 5.1.2600 Service Pack 3

 

10/12/2008 09:45:32

mbam-log-2008-12-10 (09-45-32).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 55394

Tempo decorrido: 8 minute(s), 53 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

*****************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:46:00, on 10/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/br/pt

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt

O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.52,143.54.1.53

O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 6437 bytes

 

**************************

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

Annluciap    0

Annluciap
Postado

Oi,

 

segue log do ComboFix.

 

Obrigada.

 

 

 

 

ComboFix 08-12-07.04 - bscsh 2008-12-11 10:16:58.4 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1789 [GMT -2:00]

Executando de: c:\documents and settings\bscsh\Desktop\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-11 to 2008-12-11 ))))))))))))))))))))))))))))

.

 

2008-12-11 10:16 . 2008-12-11 10:18 <DIR> d-------- C:\ComboFix

2008-12-11 10:16 . 2008-12-11 10:18 <DIR> d-------- C:\ComboFix

2008-12-11 09:38 . 2008-12-11 09:38 <DIR> d-------- c:\windows\LastGood

2008-12-10 10:22 . 2008-12-10 10:22 <DIR> d-------- C:\Alwil Software

2008-12-10 10:22 . 2008-12-10 10:22 <DIR> d-------- C:\Alwil Software

2008-12-10 10:22 . 2008-12-10 10:22 <DIR> d-------- C:\Alwil Software

2008-12-10 09:59 . 2008-12-10 09:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\F-Secure

2008-12-10 09:26 . 2008-12-10 09:26 <DIR> d-------- c:\documents and settings\aperte enter\Dados de aplicativos\Malwarebytes

2008-12-10 09:26 . 2008-12-03 19:59 15,504 --------- c:\windows\system32\drivers\mbam.sys

2008-12-10 09:25 . 2008-12-10 09:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-10 09:25 . 2008-12-03 19:59 38,496 --------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-09 15:34 . 2008-12-09 15:34 <DIR> d---s---- c:\documents and settings\bscsh\UserData

2008-12-09 15:31 . 2008-12-10 09:26 <DIR> d--hs---- C:\RECYCLER

2008-12-09 15:31 . 2008-12-10 09:26 <DIR> d--hs---- C:\RECYCLER

2008-12-09 15:28 . 2008-12-09 15:28 <DIR> drahs---- C:\cmdcons

2008-12-09 15:28 . 2008-12-09 15:28 <DIR> drahs---- C:\cmdcons

2008-12-08 17:31 . 2006-02-15 02:22 <DIR> d--h----- c:\documents and settings\Admcsh\Modelos

2008-12-08 17:31 . 2008-12-08 17:31 <DIR> dr------- c:\documents and settings\Admcsh\Meus documentos

2008-12-08 17:31 . 2006-02-14 23:16 <DIR> dr------- c:\documents and settings\Admcsh\Menu Iniciar

2008-12-08 17:31 . 2008-12-08 17:31 <DIR> dr------- c:\documents and settings\Admcsh\Favoritos

2008-12-08 17:31 . 2007-08-24 13:39 <DIR> d-------- c:\documents and settings\Admcsh\Dados de aplicativos\ThinkVantage

2008-12-08 17:31 . 2007-08-24 13:29 <DIR> d-------- c:\documents and settings\Admcsh\Dados de aplicativos\Symantec

2008-12-08 17:31 . 2007-08-24 13:39 <DIR> d-------- c:\documents and settings\Admcsh\Dados de aplicativos\Lenovo

2008-12-08 17:31 . 2008-12-08 17:35 <DIR> dr-h----- c:\documents and settings\Admcsh\Dados de aplicativos

2008-12-08 17:31 . 2008-12-11 10:18 <DIR> d--h----- c:\documents and settings\Admcsh\Configurações locais

2008-12-08 17:31 . 2006-02-14 23:16 <DIR> d--h----- c:\documents and settings\Admcsh\Ambiente de rede

2008-12-08 17:31 . 2006-02-14 23:16 <DIR> d--h----- c:\documents and settings\Admcsh\Ambiente de impressão

2008-12-08 17:31 . 2008-12-08 17:35 <DIR> d-------- c:\documents and settings\Admcsh

2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- C:\AL500

2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- C:\AL500

2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- C:\AL500

2008-12-08 15:42 . 2008-10-24 09:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-12-08 15:41 . 2006-02-15 02:22 <DIR> d--h----- c:\documents and settings\Aperte enter_2\Modelos

2008-12-08 15:41 . 2008-12-08 15:42 <DIR> dr------- c:\documents and settings\Aperte enter_2\Meus documentos

2008-12-08 15:41 . 2006-02-14 23:16 <DIR> dr------- c:\documents and settings\Aperte enter_2\Menu Iniciar

2008-12-08 15:41 . 2008-12-08 15:42 <DIR> dr------- c:\documents and settings\Aperte enter_2\Favoritos

2008-12-08 15:41 . 2007-08-24 13:39 <DIR> d-------- c:\documents and settings\Aperte enter_2\Dados de aplicativos\ThinkVantage

2008-12-08 15:41 . 2007-08-24 13:29 <DIR> d-------- c:\documents and settings\Aperte enter_2\Dados de aplicativos\Symantec

2008-12-08 15:41 . 2007-08-24 13:39 <DIR> d-------- c:\documents and settings\Aperte enter_2\Dados de aplicativos\Lenovo

2008-12-08 15:41 . 2008-12-08 15:46 <DIR> dr-h----- c:\documents and settings\Aperte enter_2\Dados de aplicativos

2008-12-08 15:41 . 2008-12-11 10:18 <DIR> d--h----- c:\documents and settings\Aperte enter_2\Configurações locais

2008-12-08 15:41 . 2006-02-14 23:16 <DIR> d--h----- c:\documents and settings\Aperte enter_2\Ambiente de rede

2008-12-08 15:41 . 2006-02-14 23:16 <DIR> d--h----- c:\documents and settings\Aperte enter_2\Ambiente de impressão

2008-12-08 15:41 . 2008-12-08 15:42 <DIR> d-------- c:\documents and settings\Aperte enter_2

2008-12-08 15:41 . 2008-09-04 15:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

d-sha-r 0 2008-12-09 17:28:46 \cmdcons

d-sha-r 0 2008-12-09 17:28:46 \cmdcons

d-sh--w 0 2008-12-10 13:41:59 \Config.Msi

d-sh--w 0 2008-12-10 13:41:59 \Config.Msi

d-sh--w 0 2008-12-10 11:26:47 \RECYCLER

d-sh--w 0 2008-12-10 11:26:47 \RECYCLER

d---a-w 0 2008-12-11 12:18:12 \WINDOWS

d---a-w 0 2008-12-11 12:18:12 \WINDOWS

2008-12-10 13:37 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-12-10 12:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-08 17:35 5,427 ------w c:\windows\system32\EGATHDRV.SYS

2008-11-10 07:43 410,984 ------w c:\windows\system32\deploytk.dll

2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 16:13 202,776 ------w c:\windows\system32\wuweb.dll

2008-10-16 16:13 202,776 ------w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 16:13 1,809,944 ------w c:\windows\system32\wuaueng.dll

2008-10-16 16:13 1,809,944 ------w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 16:12 561,688 ------w c:\windows\system32\wuapi.dll

2008-10-16 16:12 561,688 ------w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 16:12 323,608 ------w c:\windows\system32\wucltui.dll

2008-10-16 16:12 323,608 ------w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 16:09 92,696 ------w c:\windows\system32\dllcache\cdm.dll

2008-10-16 16:09 92,696 ------w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ------w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 51,224 ------w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 16:09 43,544 ------w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ------w c:\windows\system32\wups.dll

2008-10-16 16:08 34,328 ------w c:\windows\system32\dllcache\wups.dll

2008-10-16 16:06 268,648 ------w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ------w c:\windows\system32\muweb.dll

2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-03 10:04 247,326 ------w c:\windows\system32\strmdll.dll

2008-10-03 10:04 247,326 ------w c:\windows\system32\dllcache\strmdll.dll

2008-09-30 18:43 1,286,152 ------w c:\windows\system32\msxml4.dll

2008-09-15 15:26 1,846,528 ------w c:\windows\system32\win32k.sys

2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys

--sha-w 2,145,386,496 2008-12-11 12:13:01 \pagefile.sys

--sha-w 2,145,386,496 2008-12-11 12:13:01 \pagefile.sys

--sh--r 251,696 2008-07-11 18:07:33 \NTLDR

--sh--r 251,696 2008-07-11 18:07:33 \NTLDR

--sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM

--sh--r 47,564 2004-08-04 12:00:00 \NTDETECT.COM

--sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin

--sh--r 4,952 2004-08-04 12:00:00 \bootfont.bin

--sh--r 281 2008-12-09 17:28:46 \boot.ini

--sh--r 281 2008-12-09 17:28:46 \boot.ini

--sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS

--sh--r 0 2006-02-16 08:27:17 \MSDOS.SYS

--sh--r 0 2006-02-16 08:27:17 \IO.SYS

--sh--r 0 2006-02-16 08:27:17 \IO.SYS

---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm

---h--w 268 2007-11-05 16:50:40 \sqmdata00.sqm

---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm

---h--w 244 2007-11-05 16:50:39 \sqmnoopt00.sqm

------w 3,894,694 2007-08-24 15:30:27 \install.log

------w 3,894,694 2007-08-24 15:30:27 \install.log

.

 

((((((((((((((((((((((((((((( snapshot_2008-12-09_15.30.22,29 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe

+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe

- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr

+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr

- 2008-07-19 14:32:15 26,944 ------w c:\windows\system32\drivers\aavmker4.sys

+ 2008-11-26 17:15:35 26,944 ------w c:\windows\system32\drivers\aavmker4.sys

- 2008-07-19 14:37:42 20,560 ------w c:\windows\system32\drivers\aswFsBlk.sys

+ 2008-11-26 17:17:25 20,560 ------w c:\windows\system32\drivers\aswFsBlk.sys

- 2008-01-17 17:34:01 93,264 ------w c:\windows\system32\drivers\aswmon.sys

+ 2008-11-26 17:18:25 93,296 ------w c:\windows\system32\drivers\aswmon.sys

- 2008-07-19 14:37:21 94,416 ------w c:\windows\system32\drivers\aswmon2.sys

+ 2008-11-26 17:18:18 94,032 ------w c:\windows\system32\drivers\aswmon2.sys

- 2008-07-19 14:33:42 23,152 ------w c:\windows\system32\drivers\aswRdr.sys

+ 2008-11-26 17:16:29 23,152 ------w c:\windows\system32\drivers\aswRdr.sys

- 2008-07-19 14:35:18 78,416 ------w c:\windows\system32\drivers\aswSP.sys

+ 2008-11-26 17:17:36 111,184 ------w c:\windows\system32\drivers\aswSP.sys

- 2008-07-19 14:32:36 42,912 ------w c:\windows\system32\drivers\aswTdi.sys

+ 2008-11-26 17:16:38 50,864 ------w c:\windows\system32\drivers\aswTdi.sys

- 2008-07-11 18:09:44 64,594 ------w c:\windows\system32\perfc009.dat

+ 2008-12-10 11:48:59 64,594 ------w c:\windows\system32\perfc009.dat

- 2008-07-11 18:09:44 73,728 ------w c:\windows\system32\perfc016.dat

+ 2008-12-10 11:48:59 73,728 ------w c:\windows\system32\perfc016.dat

- 2008-07-11 18:09:44 406,614 ------w c:\windows\system32\perfh009.dat

+ 2008-12-10 11:48:59 406,614 ------w c:\windows\system32\perfh009.dat

- 2008-07-11 18:09:44 439,968 ------w c:\windows\system32\perfh016.dat

+ 2008-12-10 11:48:59 439,968 ------w c:\windows\system32\perfh016.dat

- 2008-07-08 12:58:40 18,296 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w c:\windows\system32\spmsg.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\windows\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"avast!"="c:\alwils~1\Avast4\ashDisp.exe" [2008-11-26 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Aleph 500.14.2 Version Check.lnk - c:\al500\ALEPHCOM\BIN\VERSION.EXE [2008-12-08 761856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-06-18 15:06 49152 c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R3 BCMTPM;BCMTPM;c:\windows\system32\DRIVERS\btpmw32.sys [2007-08-24 17290]

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 111184]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-10 20560]

S2 PrivateDisk;PrivateDisk;\??\c:\arquivos de programas\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]

S2 smi2;smi2;\??\c:\arquivos de programas\SMI2\smi2.sys [2006-07-14 3968]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ufrgs.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {154EE3C1-6D0E-4F5F-9AD4-2F66BD914029} = 143.54.1.53,143.54.1.52

FireFox -: Profile - c:\documents and settings\bscsh\Dados de aplicativos\Mozilla\Firefox\Profiles\yfmytyuj.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://imasters.com.br/

FF -: plugin - c:\arquivos de programas\Adobe\Reader 8.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\windows\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\windows\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-11 10:18:11

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\Ati2evxx.dll

c:\arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

.

Tempo para conclusão: 2008-12-11 10:18:59

ComboFix-quarantined-files.txt 2008-12-11 12:18:57

ComboFix2.txt 2008-12-09 17:30:43

ComboFix3.txt 2008-10-17 17:48:37

ComboFix4.txt 2008-03-10 12:28:09

 

Pré-execução: 28 pasta(s) 131.055.153.152 bytes disponíveis

Pós execução: 28 pasta(s) 131,092,508,672 bytes disponíveis

 

210 --- E O F --- 2008-12-10 18:34:26

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Sigas as instruções abaixo:

 

Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

Annluciap    0

Annluciap
Postado

Segue log do Hijack, o log do BankerFix não foi gerado, apareceu a mensagem de que não tinha sido encontrado nada, mas sem log.

 

Obrigada.

 

 

**********************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:24:52, on 15/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\Alwil Software\Avast4\aswUpdSv.exe

c:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe

C:\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-RHO3J.lnk = C:\Arquivos de programas\Virus Removal Tool\is-RHO3J\startup.exe

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt

O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 7257 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o SDFix e e arquive na sua área de trabalho.

 

*Execute o SDFix.exe[/b] clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Annluciap    0

Annluciap
Postado

Segue o que você solicitou.

 

Obrigada.

 

 

***************

 

 

SDFix: Version 1.240

Run by bscsh on seg 15/12/2008 at 15:52

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-15 16:00:12

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Wed 19 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 12 Dec 2007 0 ..SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 12 Jan 2005 27,136 ...H. --- "C:\Documents and Settings\aperte enter\Desktop\Inform tica BSCSH\Manuten‡Æo microcomputadores\~WRL0001.tmp"

 

Finished!

 

***********************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:06:42, on 15/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\Alwil Software\Avast4\aswUpdSv.exe

c:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

c:\Alwil Software\Avast4\ashMaiSv.exe

c:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe

C:\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt

O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 7307 bytes

 

*****************

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

apos instalado execute-o e adicone todoas as áreas fisicas e removiveis, feito isso clique em Scan.

Apos esse processo cole novo log do hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

Annluciap    0

Annluciap
Postado

Olá, segue log do Hijack e Norman...

 

Obrigada.

 

**************************

 

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2008/12/22 07:18:18

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2008/12/22 07:18:18, Variants: 2326175

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: VIOLETA\aperte enter

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scan started: 23/12/2008 09:55:54

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 2017

Number of processes/threads scanned: 2017

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 31s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\Documents and Settings\All Users\Documentos\aaqojw.exe (Infected with W32/Agent.JIIR)

Deleted file

 

C:\Documents and Settings\bscsh\Configurações locais\Temporary Internet Files\Content.IE5\45A7MRWB\bankerfix[1].exe (Infected with Malware.KLW)

Deleted file

 

C:\System Volume Information\_restore{AD15DA38-984D-4229-BBCF-EB301DB16B61}\RP15\A0000945.exe (Infected with W32/Agent.JIIR)

Deleted file

 

Scanning: E:\*.*

 

Scanning: c:\System Volume Information\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 193437

Number of archives unpacked: 6764

Number of files scanned: 193369

Number of files not scanned: 68

Number of files skipped due to exclude list: 0

Number of infected files found: 3

Number of infected files repaired/deleted: 3

Number of infections removed: 3

Total scanning time: 25m 24s

 

********************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:33:48, on 23/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\Alwil Software\Avast4\aswUpdSv.exe

c:\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

c:\Alwil Software\Avast4\ashMaiSv.exe

c:\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe

C:\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/br/pt

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\WINDOWS\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\WINDOWS\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\WINDOWS\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\WINDOWS\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] c:\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Arquivos de programas\Lenovo\System Update\sulauncher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - \Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/br/pt

O17 - HKLM\System\CCS\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS1\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O17 - HKLM\System\CS2\Services\Tcpip\..\{154EE3C1-6D0E-4F5F-9AD4-2F66BD914029}: NameServer = 143.54.1.53,143.54.1.52

O20 - Winlogon Notify: AwayNotify - C:\Arquivos de programas\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - c:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - c:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: System Update (SUService) - - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 7203 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito