DuFF_MaN 0 Denunciar post Postado Abril 10, 2009 Galera, por favor, da uma olhada ai, e ve qual o problema dece pc... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:28:52, on 10/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\bndmss.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Safari\Safari.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.187\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ud32.exe O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Windows Network Data Management System Service] "ud32.exe" * O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe O4 - HKCU\..\Run: [Windows Network Data Management System Service] "ud32.exe" * O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe -- End of file - 4009 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 10, 2009 Bom Dia! DuFF_MaN <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DuFF_MaN 0 Denunciar post Postado Abril 11, 2009 Amigo fiz o q você mando.... Aq vai o log do combo fix e do hijackthis: ComboFix 09-04-04.01 - Administrator 2009-04-10 21:08:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2550.2193 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe c:\windows\system32\bndmss.exe c:\windows\system32\Desktop_.ini c:\windows\ws2help.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BNDMSS -------\Service_BNDMSS ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-10 21:10 . 2009-04-10 21:10 <DIR> d-------- c:\windows\system32\xircom 2009-04-10 21:10 . 2009-04-10 21:10 <DIR> d-------- c:\windows\system32\restore 2009-04-10 21:10 . 2009-04-10 21:10 <DIR> d-------- c:\windows\system32\npp 2009-04-10 21:10 . 2009-04-10 21:10 <DIR> d-------- c:\program files\microsoft frontpage 2009-04-10 03:48 . 2009-04-10 03:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic 2009-04-10 03:47 . 2009-04-10 03:47 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-04-10 03:47 . 2008-09-19 14:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-04-10 03:44 . 2009-04-10 17:02 69 --a------ c:\windows\NeroDigital.ini 2009-04-09 16:56 . 2009-04-09 16:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero 2009-04-09 16:53 . 2009-04-09 16:53 <DIR> d-------- c:\program files\Nero 2009-04-09 16:53 . 2009-04-09 16:53 <DIR> d-------- c:\program files\Common Files\Nero 2009-04-09 16:53 . 2009-04-09 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-04-09 16:53 . 2006-03-17 11:45 1,757,184 --a------ c:\windows\system32\imagX7.dll 2009-04-09 16:53 . 2006-03-17 11:45 802,816 --a------ c:\windows\system32\imagXRA7.dll 2009-04-09 16:53 . 2006-03-17 11:45 497,296 --a------ c:\windows\system32\imagXpr7.dll 2009-04-09 16:53 . 2006-03-17 14:49 368,640 --a------ c:\windows\system32\TwnLib4.dll 2009-04-09 16:53 . 2006-03-17 11:45 258,048 --a------ c:\windows\system32\imagXR7.dll 2009-04-05 16:31 . 2009-04-05 16:31 <DIR> d-------- c:\program files\Foxit Software 2009-04-05 16:31 . 2009-04-05 16:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit 2009-04-05 16:20 . 2009-04-05 16:20 <DIR> d-------- c:\program files\DVDVideoSoft 2009-04-05 16:20 . 2009-04-05 16:20 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2009-04-05 16:20 . 2009-04-05 16:20 <DIR> d-------- c:\program files\AskBarDis 2009-04-05 16:20 . 2002-01-05 15:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2009-04-05 15:36 . 2009-04-05 15:35 2,281,359 --a------ C:\video[1].flv 2009-04-05 04:05 . 2009-04-05 04:05 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-03-31 12:46 . 2009-04-10 20:14 8,552 --a------ c:\documents and settings\Administrator\bvd32.exe 2009-03-30 22:05 . 2009-03-30 22:05 25,088 --a------ C:\DEMONSTRATIVO DIGITAÇÃO.xls 2009-03-30 22:05 . 2009-03-30 22:05 9,216 --a------ C:\DEMONSTRATIVO DIGITAÇÃO1.xls 2009-03-30 21:56 . 2009-03-30 21:57 <DIR> d-------- c:\program files\Mobile Partner 2009-03-30 21:56 . 2007-08-24 20:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys 2009-03-30 21:56 . 2007-08-24 20:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys 2009-03-26 17:04 . 2009-03-28 10:37 <DIR> d-------- c:\program files\Vertrix 2 2009-03-22 01:25 . 2009-04-08 19:37 <DIR> d-------- c:\program files\Garena 2009-03-19 20:09 . 2009-03-19 20:09 <DIR> d---s---- c:\documents and settings\Administrator\UserData 2009-03-18 18:52 . 2009-03-18 18:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-16 21:07 . 2009-03-24 19:47 <DIR> d-------- c:\program files\Mangas e HQ's 2009-03-16 00:18 . 2009-03-16 00:18 <DIR> d-------- c:\windows\srchasst 2009-03-16 00:17 . 2009-03-16 00:17 <DIR> d-------- c:\windows\system32\1046 2009-03-16 00:17 . 2004-06-01 06:00 65,536 --a------ c:\windows\system32\WMErrPTB.dll 2009-03-16 00:17 . 2004-06-01 06:00 34,666 --a------ c:\windows\WMPrfPTB.prx 2009-03-16 00:06 . 2009-03-16 00:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-03-16 00:06 . 2009-03-16 00:06 12,624 --ah----- c:\windows\system32\mlfcache.dat 2009-03-16 00:05 . 2009-03-16 00:05 <DIR> d-------- c:\program files\Safari 2009-03-16 00:05 . 2009-03-16 00:05 <DIR> d-------- c:\program files\Bonjour 2009-03-16 00:05 . 2009-03-16 00:05 <DIR> d-------- c:\program files\Apple Software Update 2009-03-16 00:05 . 2009-03-16 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-16 00:05 . 2009-03-16 00:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-15 20:03 . 2005-05-03 19:43 69,632 --a------ c:\windows\Alcmtr.exe 2009-03-15 16:06 . 2009-03-15 16:47 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-14 18:31 . 2009-03-14 18:31 <DIR> d-------- c:\program files\CDisplay 2009-03-14 16:19 . 2009-04-10 21:10 <DIR> d-------- c:\documents and settings\Administrator\Tracing 2009-03-14 16:10 . 2009-03-14 16:10 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-14 16:10 . 2009-03-14 16:10 <DIR> d-------- c:\program files\Microsoft 2009-03-14 16:09 . 2009-04-10 21:10 <DIR> d-------- c:\windows\PCHEALTH 2009-03-14 16:09 . 2009-03-14 16:10 <DIR> d-------- c:\program files\Windows Live 2009-03-14 15:39 . 2009-03-14 15:39 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-14 03:37 . 2009-03-14 03:37 110,592 --a------ c:\windows\Wplugin.dll 2009-03-14 03:37 . 2009-03-14 03:37 12 --a------ c:\windows\explorer.exe.local 2009-03-14 02:02 . 2009-03-16 01:10 8,552 --a------ c:\documents and settings\Administrator\bv2.exe 2009-03-13 19:14 . 2009-03-13 19:24 <DIR> d-------- C:\Aulas de Japonês 2009-03-13 14:50 . 2009-03-13 21:24 139,264 --a------ c:\windows\War3Unin.exe 2009-03-13 14:50 . 2009-03-14 03:37 77,215 --a------ c:\windows\War3Unin.dat 2009-03-13 14:50 . 2009-03-13 21:24 2,829 --a------ c:\windows\War3Unin.pif 2009-03-13 14:49 . 2009-04-10 20:01 <DIR> d-------- c:\program files\Warcraft III 2009-03-13 14:34 . 2009-03-13 14:34 <DIR> d-------- c:\program files\DAEMON Tools 2009-03-13 14:28 . 2009-03-13 14:28 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-13 13:58 . 2009-03-13 13:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TMP 2009-03-13 13:40 . 2009-03-13 13:40 <DIR> d-------- c:\program files\Atheros 2009-03-13 13:40 . 2007-05-02 12:00 546,976 --a------ c:\windows\system32\drivers\ar5211.sys 2009-03-13 13:40 . 2007-05-02 12:00 546,976 --a------ c:\windows\system32\ar5211.sys 2009-03-13 13:40 . 2007-05-02 12:00 84,470 --a------ c:\windows\system32\net5211.inf 2009-03-13 13:40 . 2007-05-09 11:16 20,888 --a------ c:\windows\system32\net5211.cat 2009-03-13 13:39 . 2009-03-13 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Atheros 2009-03-13 13:39 . 2009-03-13 13:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield 2009-03-13 13:29 . 2009-03-13 13:29 <DIR> d-------- c:\windows\Options 2009-03-13 13:29 . 2006-10-26 12:08 50,752 --------- c:\windows\system32\agrsmdel.exe 2009-03-13 13:16 . 2009-03-13 13:16 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-13 13:16 . 2007-02-26 11:33 172,032 --a------ c:\windows\system32\igfxres.dll 2009-03-13 13:16 . 2009-03-13 13:16 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-13 13:13 . 2009-03-13 13:13 <DIR> d-------- C:\Intel 2009-03-13 13:02 . 2009-03-13 13:02 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intel 2009-03-13 13:01 . 2009-03-13 13:23 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-13 13:01 . 2009-03-13 13:24 <DIR> d-------- c:\program files\Intel 2009-03-13 12:59 . 2009-03-13 12:59 <DIR> d-------- c:\program files\Synaptics 2009-03-13 12:59 . 2005-08-25 08:12 191,168 --a------ c:\windows\system32\drivers\SynTP.sys 2009-03-13 12:59 . 2005-08-25 08:16 114,688 --a------ c:\windows\system32\SynCtrl.dll 2009-03-13 12:59 . 2005-08-25 08:16 90,201 --a------ c:\windows\system32\SynTPAPI.dll 2009-03-13 12:59 . 2005-08-25 08:15 82,012 --a------ c:\windows\system32\SynCOM.dll 2009-03-13 12:59 . 2005-08-25 08:28 81,920 --a------ c:\windows\system32\SynTPCo2.dll 2009-03-13 12:59 . 2005-08-25 08:26 69,721 --a------ c:\windows\system32\SynTPFcs.dll 2009-03-13 12:58 . 2009-03-13 12:58 <DIR> d-------- c:\program files\Marvell 2009-03-13 12:56 . 2007-11-14 10:18 553 -r------- c:\windows\USetup.iss 2009-03-13 12:55 . 2009-03-15 20:03 <DIR> d-------- c:\program files\Realtek 2009-03-13 12:55 . 2009-03-22 01:24 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-03-13 12:54 . 2009-03-13 12:59 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-03-13 08:50 . 2009-04-10 18:35 <DIR> d-------- c:\documents and settings\Administrator 2009-03-13 00:42 . 2009-03-13 00:42 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-03-13 00:42 . 2006-10-04 07:06 1,197,294 --------- c:\windows\system32\dllcache\sysmain.sdb 2009-03-13 00:42 . 2006-10-04 07:06 764,868 --------- c:\windows\system32\dllcache\apph_sp.sdb 2009-03-13 00:42 . 2006-10-04 07:06 217,118 --------- c:\windows\system32\dllcache\apphelp.sdb 2009-03-13 00:41 . 2009-03-13 00:41 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-13 00:41 . 2009-03-13 00:41 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-13 00:41 . 2006-09-25 18:58 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-03-13 00:39 . 2007-07-21 21:40 6,144 --a------ c:\windows\system32\kbdbr.dll 2009-03-13 00:28 . 2009-03-13 00:28 552 --a------ c:\windows\system32\d3d8caps.dat 2009-03-13 00:16 . 2009-04-10 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-03-13 00:16 . 2009-03-13 00:29 664 --a------ c:\windows\system32\d3d9caps.dat 2009-03-13 00:14 . 2009-03-13 00:16 <DIR> d-------- c:\program files\TmNationsForever . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-13 19:55 315,392 ----a-w c:\windows\HideWin.exe 2009-02-07 02:52 49,504 ----a-w c:\windows\system32\sirenacm.dll . ------- Sigcheck ------- 2007-01-08 07:13 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-26 10:32 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "ud32.exe"= ud32.exe:BNDMSS --- Other Services/Drivers In Memory --- *NewlyCreated* - HELPSVC NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess Tapisrv Themes WZCSVC Wmi WmdmPmSp winmgmt xmlprov BITS wuauserv ShellHWDetection WmdmPmSN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdcc19ec-1daf-11de-9d74-0017c408a95a}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdcc19ef-1daf-11de-9d74-0017c408a95a}] \Shell\AutoRun\command - E:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-12CFG914-K641-26SF-N32P - c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe HKCU-Run-Windows Network Data Management System Service - ud32.exe HKLM-Run-Windows Network Data Management System Service - ud32.exe HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll MSConfigStartUp-12CFG914-K641-26SF-N32P - c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 21:10:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\docume~1\ADMINI~1\LOCALS~1\temp\RtkBtMnt.exe . ************************************************************************** . Completion time: 2009-04-10 21:12:10 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-11 04:12:04 Pre-Run: 52.077.035.520 bytes free Post-Run: 8 pasta(s) 52,053,524,480 bytes disponíveis 267 hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:53:15, on 11/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Safari\Safari.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.765\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) -- End of file - 3234 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 11, 2009 Bom Dia! DuFF_MaN <@> Baixe: < ToolBar S&D > <@> Salve-o no Disco Local-C,em uma pasta própria. <@> Reinicie o computador,em Modo de Segurança. <-- Importante! <@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok. <@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde! <@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... ) <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::c:\documents and settings\Administrator\bv2.exe E:\AutoRun.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdcc19ec-1daf-11de-9d74-0017c408a95a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdcc19ef-1daf-11de-9d74-0017c408a95a}] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "ud32.exe"=- Driver:: "CiSvc" "UPS" <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DuFF_MaN 0 Denunciar post Postado Abril 22, 2009 Cara fiz o que você mandou, os logs ficaram desse jeito: ComboFix 09-04-23.02 - Administrator 22/04/2009 18:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2550.2231 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt FILE :: c:\documents and settings\Administrator\bv2.exe E:\AutoRun.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\bv2.exe c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe c:\windows\system32\csrcs.exe c:\windows\system32\msconfig.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_CiSvc -------\Service_UPS ((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 ))))))))))))))))))))))))))))))) . 2009-04-23 01:28 . 2009-04-23 01:28 0 --sha-r C:\kht 2009-04-23 01:28 . 2009-04-23 01:28 1292 --sha-r c:\windows\system32\autorun.in 2009-04-23 01:28 . 2009-04-23 01:28 1191 --sha-r c:\windows\system32\autorun.i 2009-04-20 08:53 . 2009-04-20 08:53 -------- d-----w c:\documents and settings\Administrator\Application Data\teamspeak2 2009-04-20 08:53 . 2009-04-20 08:53 34064 ----a-w c:\windows\system32\lhacm.acm 2009-04-20 02:37 . 2009-04-20 02:37 -------- d-----w C:\ToolBar S&D 2009-04-20 02:36 . 2009-04-23 01:24 -------- d-----w C:\ToolBar SD 2009-04-19 01:50 . 2009-04-22 06:20 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-04-13 01:25 . 2009-04-13 01:25 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help 2009-04-12 23:47 . 2009-04-12 23:47 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help 2009-04-12 23:47 . 2009-04-19 09:21 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-11 04:10 . 2009-04-11 04:10 -------- d-----w c:\windows\system32\xircom 2009-04-11 04:10 . 2009-04-11 04:10 -------- d-----w c:\windows\system32\restore 2009-04-11 04:10 . 2009-04-11 04:10 -------- d-----w c:\windows\system32\npp 2009-04-10 10:48 . 2009-04-10 10:49 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic 2009-04-10 10:44 . 2009-04-22 04:58 69 ----a-w c:\windows\NeroDigital.ini 2009-04-09 23:56 . 2009-04-09 23:56 -------- d-----w c:\documents and settings\Administrator\Application Data\Nero 2009-04-09 23:53 . 2006-03-17 21:49 368640 ----a-w c:\windows\system32\TwnLib4.dll 2009-04-09 23:53 . 2006-03-17 18:45 802816 ----a-w c:\windows\system32\imagXRA7.dll 2009-04-09 23:53 . 2006-03-17 18:45 497296 ----a-w c:\windows\system32\imagXpr7.dll 2009-04-09 23:53 . 2006-03-17 18:45 258048 ----a-w c:\windows\system32\imagXR7.dll 2009-04-09 23:53 . 2009-04-09 23:53 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-04-09 23:53 . 2006-03-17 18:45 1757184 ----a-w c:\windows\system32\imagX7.dll 2009-04-05 23:31 . 2009-04-05 23:31 -------- d-----w c:\documents and settings\Administrator\Application Data\Foxit 2009-04-05 23:20 . 2002-01-05 22:37 344064 ----a-w c:\windows\system32\msvcr70.dll 2009-04-05 22:36 . 2009-04-05 22:35 2281359 ----a-w C:\video[1].flv 2009-04-05 11:05 . 2009-04-05 11:05 -------- d--h--w c:\windows\system32\GroupPolicy 2009-03-31 19:46 . 2009-04-23 01:01 8552 ----a-w c:\documents and settings\Administrator\bvd32.exe 2009-03-31 05:05 . 2009-03-31 05:05 25088 ----a-w C:\DEMONSTRATIVO DIGITAÇÃO.xls 2009-03-31 05:05 . 2009-03-31 05:05 9216 ----a-w C:\DEMONSTRATIVO DIGITAÇÃO1.xls 2009-03-26 22:15 . 2009-03-26 22:15 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 01:24 . 2009-04-23 00:58 1655 ----a-w C:\TB.txt 2009-04-22 04:32 . 2009-03-13 21:49 -------- d-----w c:\program files\Warcraft III 2009-04-22 02:56 . 2009-03-22 08:25 -------- d-----w c:\program files\Garena 2009-04-20 08:53 . 2009-04-20 08:53 -------- d-----w c:\program files\Teamspeak2_RC2 2009-04-20 07:21 . 2009-03-13 21:50 77777 ----a-w c:\windows\War3Unin.dat 2009-04-19 03:33 . 2009-03-16 07:06 12624 ---ha-w c:\windows\system32\mlfcache.dat 2009-04-19 02:14 . 2009-03-31 04:56 -------- d-----w c:\program files\Mobile Partner 2009-04-19 02:13 . 2009-04-19 02:08 -------- d-----w c:\program files\CyberScript32 2009-04-19 01:55 . 2009-04-19 01:50 -------- d-----w c:\program files\uTorrent 2009-04-11 04:10 . 2009-04-11 04:10 -------- d-----w c:\program files\microsoft frontpage 2009-04-10 19:58 . 2009-03-13 07:16 -------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2009-04-10 10:47 . 2009-04-10 10:47 -------- d-----w c:\program files\K-Lite Codec Pack 2009-04-09 23:53 . 2009-04-09 23:53 -------- d-----w c:\program files\Nero 2009-04-09 23:53 . 2009-04-09 23:53 -------- d-----w c:\program files\Common Files\Nero 2009-04-05 23:31 . 2009-04-05 23:31 -------- d-----w c:\program files\Foxit Software 2009-04-05 23:20 . 2009-04-05 23:20 -------- d-----w c:\program files\Common Files\DVDVideoSoft 2009-04-05 23:20 . 2009-04-05 23:20 -------- d-----w c:\program files\DVDVideoSoft 2009-03-28 17:37 . 2009-03-27 00:04 -------- d-----w c:\program files\Vertrix 2 2009-03-25 02:47 . 2009-03-17 04:07 -------- d-----w c:\program files\Mangas e HQ's 2009-03-22 08:24 . 2009-03-13 19:55 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-19 01:52 . 2009-03-19 01:52 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-16 07:06 . 2009-03-16 07:06 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer 2009-03-16 07:05 . 2009-03-16 07:05 -------- d-----w c:\program files\Safari 2009-03-16 07:05 . 2009-03-16 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-16 07:05 . 2009-03-16 07:05 -------- d-----w c:\program files\Bonjour 2009-03-16 07:05 . 2009-03-16 07:05 -------- d-----w c:\program files\Apple Software Update 2009-03-16 07:05 . 2009-03-16 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-16 03:03 . 2009-03-13 20:16 0 ----a-w C:\RTHDCPL_Dump.txt 2009-03-16 03:03 . 2009-03-13 19:55 -------- d-----w c:\program files\Realtek 2009-03-15 23:47 . 2009-03-15 23:06 -------- d-----w c:\program files\Windows Live Safety Center 2009-03-15 01:31 . 2009-03-15 01:31 -------- d-----w c:\program files\CDisplay 2009-03-14 23:19 . 2009-03-14 22:39 10384 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-14 23:10 . 2009-03-14 23:10 -------- d-----w c:\program files\Microsoft 2009-03-14 23:10 . 2009-03-14 23:09 -------- d-----w c:\program files\Windows Live 2009-03-14 23:10 . 2009-03-14 23:10 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-14 22:39 . 2009-03-14 22:39 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-14 10:37 . 2009-03-14 10:37 110592 ----a-w c:\windows\Wplugin.dll 2009-03-14 04:24 . 2009-03-13 21:50 2829 ----a-w c:\windows\War3Unin.pif 2009-03-14 04:24 . 2009-03-13 21:50 139264 ----a-w c:\windows\War3Unin.exe 2009-03-13 21:34 . 2009-03-13 21:34 -------- d-----w c:\program files\DAEMON Tools 2009-03-13 21:28 . 2009-03-13 21:28 639224 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-13 20:58 . 2009-03-13 20:58 -------- d-----w c:\documents and settings\Administrator\Application Data\TMP 2009-03-13 20:40 . 2009-03-13 20:40 -------- d-----w c:\program files\Atheros 2009-03-13 20:39 . 2009-03-13 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros 2009-03-13 20:39 . 2009-03-13 20:39 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2009-03-13 20:24 . 2009-03-13 20:01 -------- d-----w c:\program files\Intel 2009-03-13 20:02 . 2009-03-13 20:02 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel 2009-03-13 19:59 . 2009-03-13 19:59 -------- d-----w c:\program files\Synaptics 2009-03-13 19:59 . 2009-03-13 19:54 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-13 19:58 . 2009-03-13 19:58 -------- d-----w c:\program files\Marvell 2009-03-13 19:55 . 2009-03-13 19:55 315392 ----a-w c:\windows\HideWin.exe 2009-03-13 07:42 . 2009-03-13 07:42 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-13 07:16 . 2009-03-13 07:14 -------- d-----w c:\program files\TmNationsForever 2009-03-13 03:43 . 2009-03-13 03:43 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-02-07 02:52 . 2009-02-07 02:52 49504 ----a-w c:\windows\system32\sirenacm.dll . ------- Sigcheck ------- [-] 2007-01-08 14:13 360576 BB4D3A8E6F7EB1D370BC4AD27AB23368 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "12CFG914-K641-26SF-N32P"="c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-06 16380416] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= NETSVCS REQUIRES REPAIRS - current entries shown 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess Tapisrv Themes WZCSVC Wmi WmdmPmSp winmgmt xmlprov BITS wuauserv ShellHWDetection WmdmPmSN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . - - - - ORPHANS REMOVED - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe . ------- Supplementary Scan ------- . uStart Page = about:blank mWindow Title = uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 18:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2068) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\docume~1\ADMINI~1\LOCALS~1\temp\RtkBtMnt.exe c:\program files\Bonjour\mDNSResponder.exe . ************************************************************************** . Completion time: 2009-04-23 18:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-23 01:39 ComboFix2.txt 2009-04-11 04:12 Pre-Run: 54.678.196.224 bytes free Post-Run: 11 pasta(s) 54.698.033.152 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 243 ________________________________________________________________________________ _________________________________________________ -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Processador Intel Pentium II ) BIOS : Ver 1.00PARTTBL USER : Administrator ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:74 Go (Free:50 Go) D:\ (CD or DVD) F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( qua 22/04/2009|17:58 ) -----------\\ REMOVIDOS Deletado! - C:\Program Files\AskBarDis\bar Deletado! - C:\Program Files\AskBarDis\unins000.dat Deletado! - C:\Program Files\AskBarDis\unins000.exe Deletado! - C:\Program Files\AskBarDis -----------\\ Procura por Arquivos / Ficheiros ... -----------\\ Extensions (Administrator) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="about:blank" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Procurando por outras infecções Não foram encontradas outras infecções. ________________________________________________________________________________ _________________________________________________ e agora faço mais alguma coisa? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 23, 2009 Boa Noite! DuFF_MaN <@> Baixe: < FixPolicies > <@> Salve-o no Desktop! <@> Esteja logado como Administrador. <@> Execute o arquivo FixPolicies.exe,com um duplo-clique. <@> Clique em Install. <@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd --> Enter. <@> Dê permissão ao reparo,caso seja negada por programas de proteção. <@> Aguarde o término da verificação! <><><><><><><><><><><> <@> Baixe: < XPSP2_NetSvcs > ( ...by sUBs ) <@> Descompacte-o para o desktop! <@> Execute o ( .reg ),com um duplo-clique. <@> Confirme a inserção ao registro --> Reinicie! <><><><><><><><><><><> <@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas. <@> Salve-as,no desktop,como: CFScript <-- Texto! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe c:\windows\system32\autorun.in c:\windows\system32\autorun.i C:\kht Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x0) Folder:: c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste o CFScript.txt,para o ícone do ComboFix. <@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe. <@> Terminando,poste: ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DuFF_MaN 0 Denunciar post Postado Abril 26, 2009 Amigo consegui fazer quase tudo, menos a parte do combofix. Fiz o arquivo de texto arrastei ele carregou, mas naum rodou o combofix e ele, o combofix, desapareceu do desktop. Aq vai o log do hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:47:56, on 26/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\csrcs.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Safari\Safari.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.688\HiJackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [28132] C:\iulhfk.exe O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 2437 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 27, 2009 Bom Dia! DuFF_MaN Amigo consegui fazer quase tudo, menos a parte do combofix.Fiz o arquivo de texto arrastei ele carregou, mas naum rodou o combofix e ele, o combofix, desapareceu do desktop. <!> Amigo! Voçê retornou com graves infecções! :upset: <><><><><><><><><> <!> Formate o computador e,à seguir,poste um novo log do HijackThis. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 27, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
