Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Iceds

[Resolvido!] Análise de log

Recommended Posts

Bem este pc esta 1 tanto esquisito... ele inicia e da varios erros e as vezes n processa paginas nem arquivos nem pastas, gostaria que algum moderador analisasse meu log se possivel, serei mtu grato, obrigado desde ja.

 

Log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:30:27, on 20/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondarpc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [fssyiv] C:\WINDOWS\system32\fssyiv.exe

O4 - HKLM\..\Run: [bakg] C:\WINDOWS\system32\bakg.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 6285 bytes

 

 

 

--- Aguardando respostas, obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Iceds

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem dig, aki está o log do combofix. ps: tive q desinstalar o avast, pois ele nao keria desativar a proteção residente por um certo erro de RPC

 

Log do combofix:

ComboFix 09-03-19.02 - Anderson 2009-03-20 15:04:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.725 [GMT -3:00]

Executando de: c:\documents and settings\Anderson\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system\oeminfo.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-20 to 2009-03-20 ))))))))))))))))))))))))))))

.

 

2009-03-20 14:00 . 2009-03-20 14:30 <DIR> d-------- C:\Hijack

2009-03-20 11:31 . 2009-03-20 11:31 268 --ah----- C:\sqmdata07.sqm

2009-03-20 11:31 . 2009-03-20 11:31 244 --ah----- C:\sqmnoopt07.sqm

2009-03-20 10:39 . 2009-03-20 10:39 268 --ah----- C:\sqmdata06.sqm

2009-03-20 10:39 . 2009-03-20 10:39 244 --ah----- C:\sqmnoopt06.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-18 00:02 98,304 ----a-w c:\windows\DUMP50ee.tmp

2009-03-17 23:24 98,304 ----a-w c:\windows\DUMP52d3.tmp

2009-03-16 02:40 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\LimeWire

2009-03-15 06:43 --------- d-----w c:\arquivos de programas\PartyGaming.Net

2009-03-15 06:42 --------- d-----w c:\arquivos de programas\PokerStars

2009-02-14 01:08 --------- d-----w c:\arquivos de programas\Metal Gear Solid

2009-02-14 00:35 --------- d-----w c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-14 00:35 --------- d-----w c:\arquivos de programas\DAEMON Tools Lite

2009-02-12 03:34 --------- d-----w c:\arquivos de programas\Alcohol Soft

2009-02-04 01:43 20,480 ------w c:\windows\system32\H@tKeysH@@k.DLL

2009-02-04 01:24 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools Lite

2009-02-04 01:13 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools Pro

2009-02-04 01:13 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools

2009-02-04 01:12 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-02-04 00:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-02-03 22:48 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\EmailNotifier

2009-02-03 22:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Megaupload

2009-02-03 22:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"PowerBar"="c:\arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.ffds"= c:\arquivos de programas\Theorica Divx ;-) Codecs\ffdshow.ax

"vidc.i263"= c:\windows\system32\i263_32.drv

"msacm.imc"= c:\windows\system32\imc32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2007-11-08 26752]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1870680b-8fd8-11dc-bf15-0008542b5e7a}]

\Shell\AutoRun\command - F:\xih9.cmd

\Shell\explore\Command - F:\xih9.cmd

\Shell\open\Command - F:\xih9.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cbfebfa-9244-11dc-bf1e-0008542b5e7a}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad039859-f60b-11dd-8113-0008542b5e7a}]

\Shell\AutoRun\command - E:\setup.EXE /autorun

\Shell\directx\command - e:\directx\dxsetup.exe

\Shell\dxtest\command - e:\directx\dxdiag.exe

\Shell\log\command - E:\machine.exe -l

\Shell\machine\command - E:\machine.exe

\Shell\setup\command - E:\setup.exe /autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad039866-f60b-11dd-8113-0008542b5e7a}]

\Shell\AutoRun\command - E:\setup.EXE /autorun

\Shell\directx\command - e:\directx\dxsetup.exe

\Shell\dxtest\command - e:\directx\dxdiag.exe

\Shell\log\command - E:\machine.exe -l

\Shell\machine\command - E:\machine.exe

\Shell\setup\command - E:\setup.exe /autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad03987b-f60b-11dd-8113-0008542b5e7a}]

\Shell\AutoRun\command - E:\setup.EXE /autorun

\Shell\directx\command - e:\directx\dxsetup.exe

\Shell\dxtest\command - e:\directx\dxdiag.exe

\Shell\log\command - E:\machine.exe -l

\Shell\machine\command - E:\machine.exe

\Shell\setup\command - E:\setup.exe /autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda787ae-a84a-11dc-bf84-0008542b5e7a}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1530f5e-f258-11dd-8109-0008542b5e7a}]

\Shell\AutoRun\command - E:\setup.EXE /autorun

\Shell\directx\command - e:\directx\dxsetup.exe

\Shell\dxtest\command - e:\directx\dxdiag.exe

\Shell\log\command - E:\machine.exe -l

\Shell\machine\command - E:\machine.exe

\Shell\setup\command - E:\setup.exe /autorun

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

HKLM-Run-fssyiv - c:\windows\system32\fssyiv.exe

HKLM-Run-bakg - c:\windows\system32\bakg.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ondarpc.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-20 15:06:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-20 15:07:44

ComboFix-quarantined-files.txt 2009-03-20 18:07:43

 

Pré-execução: 21 pasta(s) 42.119.090.176 bytes disponíveis

Pós execução: 21 pasta(s) 42,746,974,208 bytes disponíveis

 

144 --- E O F --- 2009-02-26 15:56:46

 

 

E aki vai o log do Hijack atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:21, on 20/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondarpc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 4772 bytes

 

Aguardo novas instruções, abraços!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Iceds

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

e:\directx\dxsetup.exe

e:\directx\dxdiag.exe

E:\machine.exe

F:\xih9.cmd

E:\setup.EXE

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1870680b-8fd8-11dc-bf15-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cbfebfa-9244-11dc-bf1e-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad039859-f60b-11dd-8113-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad039866-f60b-11dd-8113-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad03987b-f60b-11dd-8113-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda787ae-a84a-11dc-bf84-0008542b5e7a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1530f5e-f258-11dd-8109-0008542b5e7a}]

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aki vai o log do combofix que você me pediu dig:

 

ComboFix 09-03-19.02 - Anderson 2009-03-20 16:13:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.680 [GMT -3:00]

Executando de: c:\documents and settings\Anderson\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Anderson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

e:\directx\dxdiag.exe

e:\directx\dxsetup.exe

E:\machine.exe

E:\setup.EXE

F:\xih9.cmd

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-20 to 2009-03-20 ))))))))))))))))))))))))))))

.

 

2009-03-20 14:00 . 2009-03-20 15:10 <DIR> d-------- C:\Hijack

2009-03-20 11:31 . 2009-03-20 11:31 268 --ah----- C:\sqmdata07.sqm

2009-03-20 11:31 . 2009-03-20 11:31 244 --ah----- C:\sqmnoopt07.sqm

2009-03-20 10:39 . 2009-03-20 10:39 268 --ah----- C:\sqmdata06.sqm

2009-03-20 10:39 . 2009-03-20 10:39 244 --ah----- C:\sqmnoopt06.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-18 00:02 98,304 ----a-w c:\windows\DUMP50ee.tmp

2009-03-17 23:24 98,304 ----a-w c:\windows\DUMP52d3.tmp

2009-03-16 02:40 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\LimeWire

2009-03-15 06:43 --------- d-----w c:\arquivos de programas\PartyGaming.Net

2009-03-15 06:42 --------- d-----w c:\arquivos de programas\PokerStars

2009-02-14 01:08 --------- d-----w c:\arquivos de programas\Metal Gear Solid

2009-02-14 00:35 --------- d-----w c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-14 00:35 --------- d-----w c:\arquivos de programas\DAEMON Tools Lite

2009-02-12 03:34 --------- d-----w c:\arquivos de programas\Alcohol Soft

2009-02-04 01:43 20,480 ------w c:\windows\system32\H@tKeysH@@k.DLL

2009-02-04 01:24 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools Lite

2009-02-04 01:13 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools Pro

2009-02-04 01:13 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\DAEMON Tools

2009-02-04 01:12 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-02-04 00:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-02-03 22:48 --------- d-----w c:\documents and settings\Anderson\Dados de aplicativos\EmailNotifier

2009-02-03 22:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Megaupload

2009-02-03 22:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"PowerBar"="c:\arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.ffds"= c:\arquivos de programas\Theorica Divx ;-) Codecs\ffdshow.ax

"vidc.i263"= c:\windows\system32\i263_32.drv

"msacm.imc"= c:\windows\system32\imc32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2007-11-08 26752]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ondarpc.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-20 16:14:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-20 16:15:27

ComboFix-quarantined-files.txt 2009-03-20 19:15:25

ComboFix2.txt 2009-03-20 18:07:45

 

Pré-execução: 21 pasta(s) 42,708,635,648 bytes disponíveis

Pós execução: 21 pasta(s) 42,697,080,832 bytes disponíveis

 

107 --- E O F --- 2009-02-26 15:56:46

 

 

E aki vai o log do hijack atualizado :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:27, on 20/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondarpc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 4774 bytes

 

Aguardo novas instruções e mais uma obrigado por toda sua ajuda, abraços!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Iceds

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Vá a este link,e baixe: < malwarebyte.pngalwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Inteligente!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Dae dig meu amigo, aki está o log do alwarebytes que você pediu:

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1878

Windows 5.1.2600 Service Pack 2

 

20/3/2009 16:43:52

mbam-log-2009-03-20 (16-43-52).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 67952

Tempo decorrido: 2 minute(s), 1 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

E aki vai o log do hijack atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:44:58, on 20/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondarpc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 4874 bytes

 

Aguardo novas instruções e espero que esse malware va embora e nunca mais volte, rs. obrigado desde ja, abraços!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Iceds

 

<!> Como está o computador? Houve melhoras?

<><><><><><><><><><><><><><><>

<@> Atualize o Java.

<@> Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

<@> Faça download da última versão do Java Runtime Environment (JRE) 6u12.

<@> Localize: "Java Runtime Environment (JRE) 6 Update 12"

<@> Clique no botão Download.

<@> Marque a opção que diz: "Accept License Agreement"

<@> A página será atualizada!

<@> Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

<@> Feche o IE ou Firefox + Programas que estejam sendo executados.

<@> Vá em Iniciar --> Painel de Controle.

<@> Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

<@> Exemplos de antigas versões:

 

< javaicon.jpg > Java 2 Runtime Environment, SE v1.4.2

< javaicon.jpg > J2SE Runtime Environment 5.0

< javaicon.jpg > J2SE Runtime Environment 5.0 Update 6

 

<@> Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

<@> Clique no botão Remover ou Alterar/Remover.

<@> Repita quantas vezes for necessária,para remover cada versão do Java.

<@> Concluindo,reinicie o computador!

<@> Instale a nova versão,com um duplo clique em jre-6u12-windows-i586-p.exe.

<><><><><><><><><><><><><><><>

<!> O log está limpo! :thumbsup:

<!> Tudo Ok?

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu deus dig, você eh o cara meu!!!!!!!!! ta funcionando td perfeitinho kra, ateh o som da entrada do windows voltou a fazer, obrigado denovo kra, você eh mtu gente fina, brigado por perder sua tarde comigo, abraços ae e vlw, qdo precisar no que eu puder ajudar tamo ae, teh mais ae kra, vlwzao!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.