Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Leandroctp

[Resolvido!] Pc reiniciando [Tela Azul] + HiJackThis

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Leandroctp    0

Leandroctp
Postado

a poco tempo atras o computador travava bastante ao iniciar e raramente travava após um tempo ligado

agora não trava mais ,mas anda reiniciando bastante

 

log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:52:51, on 22/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

H:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\WINDOWS\system32\PnkBstrA.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

H:\WINDOWS\system32\wscntfy.exe

H:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

H:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

H:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - H:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - H:\Arquivos de programas\Bywifi\bywifiie.dll

O3 - Toolbar: &Usefashion - {F12780E0-8D5D-4530-A68A-6CC93B5F891A} - H:\ARQUIV~1\UseLog\USETOO~1.DLL

O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "H:\Arquivos de programas\Avira\Avira Premium Security Suite\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [fssui] "H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [QuickTime Task] "H:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "H:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Reboot.exe

O8 - Extra context menu item: &Clean Traces - H:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - H:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - H:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B1B560-64B1-413A-86D9-37342E088D3B}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avfwsvc.exe

O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c98dfc28657002) (gupdate1c98dfc28657002) - Google Inc. - H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 7777 bytes

 

 

Obrigado

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Leandroctp

 

<!> Com o HijackThis,elimine esta entrada: O4 - Global Startup: Reboot.exe <--

<><><><><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: H:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Leandroctp    0

Leandroctp
Postado

Relatórios

 

ComboFix 09-04-24.01 - usuario 24/04/2009 12:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3071.2571 [GMT -3:00]

Executando de: h:\documents and settings\usuario\Desktop\ComboFix.exe

AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated)

FW: Avira Firewall *enabled*

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-24 to 2009-4-24 ))))))))))))))))))))))))))))

.

 

2009-04-23 09:30 . 2009-04-24 15:46 54156 ---ha-w h:\windows\QTFont.qfn

2009-04-23 09:30 . 2009-04-23 09:30 1409 ----a-w h:\windows\QTFont.for

2009-04-22 01:17 . 2009-04-22 01:17 -------- d-----w h:\windows\system32\KB905474

2009-04-22 01:17 . 2009-03-11 01:26 1434496 ----a-w h:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-22 01:17 . 2009-03-11 01:18 454536 ----a-w h:\windows\system32\KB905474\wgasetup.exe

2009-04-22 01:17 . 2009-02-09 21:51 14318 ----a-w h:\windows\system32\KB905474\wga_eula.txt

2009-04-19 16:42 . 2009-04-19 16:42 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\Media Player Classic

2009-04-17 00:15 . 2009-02-06 10:10 227840 -c----w h:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 00:15 . 2009-03-06 14:20 286208 -c----w h:\windows\system32\dllcache\pdh.dll

2009-04-17 00:15 . 2009-02-09 11:25 111104 -c----w h:\windows\system32\dllcache\services.exe

2009-04-17 00:15 . 2009-02-09 10:53 473600 -c----w h:\windows\system32\dllcache\fastprox.dll

2009-04-17 00:15 . 2009-02-09 10:53 401408 -c----w h:\windows\system32\dllcache\rpcss.dll

2009-04-17 00:15 . 2009-02-09 10:53 731648 -c----w h:\windows\system32\dllcache\lsasrv.dll

2009-04-17 00:15 . 2009-02-09 10:53 730624 -c----w h:\windows\system32\dllcache\ntdll.dll

2009-04-17 00:15 . 2009-02-09 10:53 683520 -c----w h:\windows\system32\dllcache\advapi32.dll

2009-04-17 00:15 . 2009-02-09 10:53 453120 -c----w h:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 00:11 . 2009-03-27 06:53 1203922 -c----w h:\windows\system32\dllcache\sysmain.sdb

2009-04-17 00:11 . 2008-04-21 21:15 216064 -c----w h:\windows\system32\dllcache\wordpad.exe

2009-04-10 23:25 . 2009-04-10 23:41 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\sqlitestudio

2009-04-05 23:12 . 2009-04-08 00:48 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\Winamp

2009-03-30 00:36 . 2009-03-30 00:37 -------- d-----w h:\documents and settings\usuario\Configurações locais\Dados de aplicativos\Ares

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 15:52 . 2001-10-28 15:07 77720 ----a-w h:\windows\system32\perfc016.dat

2009-04-24 15:52 . 2001-10-28 15:07 469232 ----a-w h:\windows\system32\perfh016.dat

2009-04-24 15:34 . 2008-09-19 21:49 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\uTorrent

2009-04-22 00:54 . 2009-03-12 01:05 -------- d-----w h:\arquivos de programas\Bywifi

2009-04-17 02:00 . 2008-09-20 13:37 -------- d-----w h:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-12 14:47 . 2008-09-19 23:06 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\foobar2000

2009-04-11 11:49 . 2009-04-11 11:49 -------- d-----w h:\arquivos de programas\Pando Networks

2009-04-11 08:38 . 2008-12-23 13:32 -------- d-----w h:\arquivos de programas\The Chronicles of Spellborn

2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w h:\arquivos de programas\Tibia 8.4

2009-04-10 22:57 . 2009-04-10 22:57 -------- d-----w h:\arquivos de programas\Asprate

2009-04-10 22:37 . 2008-11-02 12:35 -------- d-----w h:\arquivos de programas\Tibia 8.3

2009-04-05 23:53 . 2009-04-05 23:12 -------- d-----w h:\arquivos de programas\Winamp

2009-04-05 23:33 . 2009-04-05 23:33 -------- d-----w h:\arquivos de programas\Arquivos comuns\NSV

2009-04-05 22:48 . 2009-04-05 22:48 -------- d-----w h:\arquivos de programas\foobar2000

2009-03-30 00:36 . 2009-03-30 00:36 -------- d-----w h:\arquivos de programas\Ares

2009-03-30 00:32 . 2008-11-17 18:08 -------- d-----w h:\arquivos de programas\eMule

2009-03-21 20:24 . 2008-12-16 02:20 -------- d-----w h:\arquivos de programas\Windows Live Safety Center

2009-03-18 18:28 . 2009-03-18 17:55 -------- d-----w h:\documents and settings\usuario\Dados de aplicativos\IObit

2009-03-18 18:27 . 2009-03-18 17:55 -------- d-----w h:\arquivos de programas\IObit

2009-03-13 18:32 . 2008-10-13 11:05 -------- d-----w h:\arquivos de programas\SQL

2009-03-12 20:13 . 2008-09-19 21:54 -------- d-----w h:\arquivos de programas\World of Warcraft

2009-03-06 14:20 . 2004-08-04 00:45 286208 ----a-w h:\windows\system32\pdh.dll

2009-03-05 20:24 . 2008-10-08 16:48 -------- d-----w h:\arquivos de programas\P2P_Energy

2009-02-27 09:28 . 2009-02-15 02:17 -------- d-----w h:\arquivos de programas\Microsoft Silverlight

2009-02-27 01:32 . 2008-09-19 21:45 -------- d-----w h:\arquivos de programas\Warcraft III

2009-02-26 18:47 . 2008-11-25 10:15 -------- d-----w h:\arquivos de programas\Atlantica

2009-02-26 17:10 . 2009-02-22 23:39 -------- d-----w h:\arquivos de programas\Garena

2009-02-20 08:10 . 2004-08-04 00:45 668160 ----a-w h:\windows\system32\wininet.dll

2009-02-20 08:10 . 2004-08-04 00:45 81920 ----a-w h:\windows\system32\ieencode.dll

2009-02-10 22:07 . 2004-08-04 00:40 2070272 ----a-w h:\windows\system32\ntkrnlpa.exe

2009-02-09 14:06 . 2004-08-04 00:38 1846912 ----a-w h:\windows\system32\win32k.sys

2009-02-09 11:25 . 2004-08-04 00:40 2193280 ----a-w h:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2004-08-04 00:45 111104 ----a-w h:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-04 00:45 401408 ----a-w h:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-04 00:45 731648 ----a-w h:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-04 00:45 683520 ----a-w h:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-04 00:45 730624 ----a-w h:\windows\system32\ntdll.dll

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w h:\windows\system32\sirenacm.dll

2009-02-06 10:39 . 2001-10-28 15:07 35328 ----a-w h:\windows\system32\sc.exe

2009-02-03 19:58 . 2004-08-04 00:45 56832 ----a-w h:\windows\system32\secur32.dll

2008-12-21 18:12 . 2008-11-01 03:17 191952 ----a-w h:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

2008-11-15 12:33 . 2008-11-15 12:33 22328 ----a-w h:\documents and settings\usuario\Dados de aplicativos\PnkBstrK.sys

2008-11-01 10:51 . 2008-09-19 21:23 69712 ----a-w h:\documents and settings\usuario\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-05-20 00:04 . 2008-09-19 23:22 837 ----a-w h:\arquivos de programas\CarSpawner.lnk

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

2009-03-05 20:24 1883672 ----a-w h:\arquivos de programas\P2P_Energy\tbP2P0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "h:\arquivos de programas\P2P_Energy\tbP2P0.dll" [2009-03-05 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "h:\arquivos de programas\P2P_Energy\tbP2P0.dll" [2009-03-05 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="h:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ares"="h:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"avgnt"="h:\arquivos de programas\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]

"SunJavaUpdateSched"="h:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"fssui"="h:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]

"QuickTime Task"="h:\arquivos de programas\QuickTime\qttask.exe" [2008-10-14 77824]

"nwiz"="nwiz.exe" - h:\windows\system32\nwiz.exe [2008-09-17 1657376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"h:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"h:\\Arquivos de programas\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"h:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"h:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"h:\\Arquivos de programas\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=

"h:\\WINDOWS\\system32\\PnkBstrA.exe"=

"h:\\WINDOWS\\system32\\PnkBstrB.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"h:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"h:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32459:TCP"= 32459:TCP:utorrent

 

R2 gupdate1c98dfc28657002;Google Update Service (gupdate1c98dfc28657002);h:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-13 133104]

S1 avfwot;avfwot;h:\windows\system32\DRIVERS\avfwot.sys [2008-05-07 71592]

S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;h:\arquivos de programas\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 344321]

S2 AntiVirMailService;Avira Premium Security Suite MailGuard;h:\arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 164097]

S2 antivirwebservice;Avira Premium Security Suite WebGuard;h:\arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]

S2 AVEService;Avira Premium Security Suite MailGuard helper service;h:\arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]

S2 fssfltr;fssfltr;h:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;h:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 avfwim;AvFw Packet Filter Miniport;h:\windows\system32\DRIVERS\avfwim.sys [2008-05-07 71464]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-24 h:\windows\Tasks\GoogleUpdateTaskMachine.job

- h:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-13 16:57]

 

2009-04-24 h:\windows\Tasks\WGASetup.job

- h:\windows\system32\KB905474\wgasetup.exe [2009-04-22 01:18]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

IE: &Clean Traces - h:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - h:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - h:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - h:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {F9B1B560-64B1-413A-86D9-37342E088D3B} = 200.165.132.148 200.165.132.155

FF - ProfilePath - h:\documents and settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\crnkuwcc.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)

FF - prefs.js: network.proxy.type - 2

FF - component: h:\documents and settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\crnkuwcc.default\extensions\geode@labs.mozilla.com\platform\WINNT_x86-msvc\components\loki.dll

FF - plugin: h:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: h:\documents and settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\crnkuwcc.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll

 

---- FIREFOX POLICIES ----

h:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 12:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-583907252-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:6a,db,a9,72,e9,bf,c0,25,f4,d2,1d,b0,2e,0f,cd,71,1a,58,ab,25,e3,

cb,07,d4,fe,58,b9,0e,ec,be,94,07,37,0a,bb,82,23,4f,85,f5,ea,0e,3e,ac,2a,c1,\

"rkeysecu"=hex:5a,29,36,93,1f,fc,97,24,90,84,ab,1e,41,d7,c7,d0

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(1360)

h:\windows\system32\avsda.dll

 

- - - - - - - > 'explorer.exe'(2028)

h:\windows\system32\WPDShServiceObj.dll

h:\windows\system32\PortableDeviceTypes.dll

h:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-04-24 12:59

ComboFix-quarantined-files.txt 2009-04-24 15:58

 

Pré-execução: 15 pasta(s) 188.271.800.320 bytes disponíveis

Pós execução: 14 pasta(s) 188.281.311.232 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

208 --- E O F --- 2009-04-22 01:17

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03:50, on 24/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

H:\Arquivos de programas\QuickTime\qttask.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

H:\Arquivos de programas\Ares\Ares.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

H:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\WINDOWS\system32\PnkBstrA.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

H:\WINDOWS\system32\wscntfy.exe

H:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - H:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - H:\Arquivos de programas\Bywifi\bywifiie.dll

O3 - Toolbar: &Usefashion - {F12780E0-8D5D-4530-A68A-6CC93B5F891A} - H:\ARQUIV~1\UseLog\USETOO~1.DLL

O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "H:\Arquivos de programas\Avira\Avira Premium Security Suite\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [fssui] "H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [QuickTime Task] "H:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "H:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - H:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - H:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - H:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B1B560-64B1-413A-86D9-37342E088D3B}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avfwsvc.exe

O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c98dfc28657002) (gupdate1c98dfc28657002) - Google Inc. - H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 7674 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Leandroctp

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: H:\ComboFix <-- A pasta! + H:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( H:\ToolBar SD\TB_1.txt )

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Leandroctp    0

Leandroctp
Postado

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor LE-1100 )

BIOS : Default System BIOS

USER : Administrador ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira Premium Security Suite 8.0.1.30 (Not Activated)

Firewall : Avira Firewall 8.0.1.30 (Not Activated)

A:\ (USB)

D:\ (USB)

E:\ (USB)

F:\ (USB)

G:\ (CD or DVD)

H:\ (Local Disk) - NTFS - Total:465 Go (Free:177 Go)

I:\ (USB)

J:\ (CD or DVD)

K:\ (CD or DVD)

L:\ (CD or DVD)

M:\ (CD or DVD)

 

"H:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( --- 24/04/2009|22:09 )

 

-----------\\ REMOVIDOS

 

Deletado! - H:\Arquivos de programas\P2P_Energy\INSTALL.LOG

Deletado! - H:\Arquivos de programas\P2P_Energy\P2P_EnergyToolbarHelper.exe

Deletado! - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll

Deletado! - H:\Arquivos de programas\P2P_Energy\tbP2P1.dll

Deletado! - H:\Arquivos de programas\P2P_Energy\tbP2P_.dll

Deletado! - H:\Arquivos de programas\P2P_Energy\toolbar.cfg

Deletado! - H:\Arquivos de programas\P2P_Energy\UNWISE.EXE

Deletado! - H:\Arquivos de programas\P2P_Energy

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(usuario) - {B5EDFBB0-9827-11DA-A72B-0800200C9A66} => forecastfox

(usuario) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "H:\ToolBar SD\TB_1.txt" - --- 24/04/2009|22:11 - Option : [2]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Leandroctp

 

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Leandroctp    0

Leandroctp
Postado

Bom,

acho que meu problema já foi resolvido, já tem um tempinho que o computador não reinicia nem trava mais ,mas se meu computador ainda tem algum problema obrigado :)

 

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/04/23 22:14:41

 

Norman Scanner Engine Version: 6.00.06

Nvcbin.def Version: 6.00.00, Date: 2009/04/23 22:14:41, Variants: 3125455

 

Scan started: 25/04/2009 15:21:30

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: LEANDRO\usuario

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 2170

Number of processes/threads scanned: 2155

Number of processes/threads not scanned: 15

Number of infected processes/threads terminated: 0

Total scanning time: 1m 32s

 

 

Scanning file system...

 

Scanning: H:\*.*

 

H:\Arquivos de programas\Megacubo\bin\pv.exe (Infected with W32/Ircbot.ANFB)

Deleted file

 

H:\Arquivos de programas\Rockstar Games\Nova pasta (5)\CarSpawner.exe (Infected with W32/Smalldrp.ASFZ)

Deleted file

 

H:\Arquivos de programas\Tibia 8.1\Tibia.exe (Infected with W32/Tibia.ACE)

Deleted file

 

H:\Documents and Settings\usuario\Desktop\UnitedTeam-correcao9f302c87a5adcf20eae2cce713a727c7.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

H:\Documents and Settings\usuario\Desktop\Nova pasta (3)\0.3b3-console.rar/0.3b3-console\TheForgottenServer.exe (Infected with W32/Delf.DJXY)

Deleted file

 

H:\Documents and Settings\usuario\Desktop\Nova pasta (3)\0.3b3-gui.rar/0.3b3-gui\TheForgottenServer.exe (Infected with W32/Delf.DHNI)

Deleted file

 

H:\Documents and Settings\usuario\Desktop\Nova pasta (3)\0.3b3-console\TheForgottenServer.exe (Infected with W32/Delf.DJXY)

Deleted file

 

H:\Documents and Settings\usuario\Desktop\Nova pasta (3)\0.3b3-gui\TheForgottenServer.exe (Infected with W32/Delf.DHNI)

Deleted file

 

H:\Documents and Settings\usuario\Meus documentos\Leandro\Revista_Mundo_Estranho_-_Mar_o_2009.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

H:\Documents and Settings\usuario\Meus documentos\Leandro\Filmes\Eagle.Eye.DVDRip.XViD-PUKKA\Subs\p-eeye-cd1.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

 

H:\Documents and Settings\usuario\Meus documentos\Leandro\Filmes\Eagle.Eye.DVDRip.XViD-PUKKA\Subs\p-eeye-cd2.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

 

H:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100546.exe (Infected with W32/Ircbot.ANFB)

Deleted file

 

H:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100547.exe (Infected with W32/Smalldrp.ASFZ)

Deleted file

 

H:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100551.exe (Infected with W32/Tibia.ACE)

Deleted file

 

H:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100552.exe (Infected with W32/Delf.DJXY)

Deleted file

 

H:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100553.exe (Infected with W32/Delf.DHNI)

Deleted file

 

H:\ToolBar SD\pv.exe (Infected with W32/Ircbot.ANFB)

Deleted file

 

Scanning: h:\System Volume Information\*.*

 

h:\System Volume Information\_restore{93CC9B56-873E-435D-8253-9F4CEFD149EE}\RP188\A0100554.exe (Infected with W32/Ircbot.ANFB)

Deleted file

 

 

Running post-scan cleanup routine:

Failed to locate shared service executable: C:\WINDOWS\system32\wuauserv.dll

Removed service: wuauserv

 

Number of files found: 232168

Number of archives unpacked: 664

Number of files scanned: 232134

Number of files not scanned: 34

Number of files skipped due to exclude list: 0

Number of infected files found: 14

Number of infected files repaired/deleted: 14

Number of infections removed: 14

Total scanning time: 1h 9m 8s

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:51:50, on 25/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

H:\Arquivos de programas\QuickTime\qttask.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Ares\Ares.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

H:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\WINDOWS\system32\PnkBstrA.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

H:\WINDOWS\system32\wscntfy.exe

H:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

H:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

H:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - H:\Arquivos de programas\P2P_Energy\tbP2P0.dll (file missing)

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - H:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - H:\Arquivos de programas\Bywifi\bywifiie.dll

O3 - Toolbar: &Usefashion - {F12780E0-8D5D-4530-A68A-6CC93B5F891A} - H:\ARQUIV~1\UseLog\USETOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "H:\Arquivos de programas\Avira\Avira Premium Security Suite\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [fssui] "H:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [QuickTime Task] "H:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "H:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - H:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - H:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - H:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B1B560-64B1-413A-86D9-37342E088D3B}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avfwsvc.exe

O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avmailc.exe

O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\sched.exe

O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avguard.exe

O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - H:\Arquivos de programas\Avira\Avira Premium Security Suite\avesvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c98dfc28657002) (gupdate1c98dfc28657002) - Google Inc. - H:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 7563 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Leandroctp

 

<@> Atualize o Java.

<@> Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

<@> Faça download da última versão do Java Runtime Environment (JRE) 6u13.

<@> Localize: "Java Runtime Environment (JRE) 6 Update 13"

<@> Clique no botão Download.

<@> Marque a opção que diz: "Accept License Agreement"

<@> A página será atualizada!

<@> Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

<@> Feche o IE ou Firefox + Programas que estejam sendo executados.

<@> Vá em Iniciar --> Painel de Controle.

<@> Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

<@> Exemplos de antigas versões:

 

< javaicon.jpg > Java 2 Runtime Environment, SE v1.4.2

< javaicon.jpg > J2SE Runtime Environment 5.0

< javaicon.jpg > J2SE Runtime Environment 5.0 Update 6

 

<@> Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

<@> Clique no botão Remover ou Alterar/Remover.

<@> Repita quantas vezes for necessária,para remover cada versão do Java.

<@> Concluindo,reinicie o computador!

<@> Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

<><><><><><><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><><><><><><>

<!> O log está limpo! :thumbsup:

<!> Tudo Ok?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito