Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

WhyTheFear

[Resolvido!] Analise de Log do HijackThis

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:05:01, on 29/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\ARQUIV~1\GbPlugin\GbpSv.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Vtune\TBPanel.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Arquivos de programas\Java\jre6\bin\jusched.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

H:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

H:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

H:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

H:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

H:\Arquivos de programas\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

H:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

H:\WINDOWS\system32\wbem\wmiapsrv.exe

H:\WINDOWS\System32\alg.exe

H:\WINDOWS\system32\wscntfy.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Windows Media Player\wmplayer.exe

H:\WINDOWS\explorer.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Arquivos de programas\AVG\AVG9\avgnsx.exe

H:\Arquivos de programas\AVG\AVG9\avgrsx.exe

H:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

H:\HijHackthis\HiJackThis.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - H:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TBPanel] H:\Arquivos de programas\Vtune\TBPanel.exe /A

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] H:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [second bat creative peak] H:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\Cast Once.exe

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [rule rdr] H:\DOCUME~1\ADMINI~1\DADOSD~1\AUDIOP~1\Find Flap.exe

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ProxyCap] H:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [uTorrent] "H:\Arquivos de programas\uTorrent\uTorrent.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: GbPluginCef - H:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - H:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - H:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - H:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - H:\Arquivos de programas\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10440 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia WhyTheFear

 

1.

*Desative seu antivírus temporariamente

Iniciar > Programas > AVG > AVG Control Center > Proteção Residente do AVG > Desative a opção Ativar a Proteção Residente do AVG > OK

*Faça o download do LopUninstall e salve-o no desktop

*Execute-o. Digite os números e clique em [uninstall]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Ao finalizar, se alguma atualização existir,o download será automático. Aguarde...

*Terminada a atualização, o programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Remova o que for encontrado

*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2775

Windows 5.1.2600 Service Pack 3

 

29/11/2009 12:39:46

mbam-log-2009-11-29 (12-39-46).txt

 

Tipo de Verificação: Completa (H:\|)

Objetos verificados: 185029

Tempo decorrido: 35 minute(s), 40 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

H:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

H:\WINDOWS\system32\NOTEPAD.EXE

H:\HijHackthis\HiJackThis.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.220.231.4:3128

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - H:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TBPanel] H:\Arquivos de programas\Vtune\TBPanel.exe /A

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYARQBVAFkAUwAtAFEAVgBKAFkATQ"&"inst=NwA5AC0AMgA3ADkANQA2ADQ"&"prod=90"&"ver=9.0.707

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ProxyCap] H:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [uTorrent] "H:\Arquivos de programas\uTorrent\uTorrent.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: GbPluginCef - H:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: Gbp Service (GbpSv) - - H:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - H:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - H:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - H:\Arquivos de programas\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9977 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:56, on 2/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\ARQUIV~1\GbPlugin\GbpSv.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

H:\Arquivos de programas\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

H:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

H:\WINDOWS\System32\alg.exe

H:\WINDOWS\system32\wscntfy.exe

H:\Arquivos de programas\Vtune\TBPanel.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Arquivos de programas\Java\jre6\bin\jusched.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

H:\WINDOWS\system32\wbem\wmiapsrv.exe

H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

H:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

H:\Arquivos de programas\uTorrent\uTorrent.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\HijHackthis\HiJackThis.exe

H:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.220.231.4:3128

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - H:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TBPanel] H:\Arquivos de programas\Vtune\TBPanel.exe /A

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ProxyCap] H:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [uTorrent] "H:\Arquivos de programas\uTorrent\uTorrent.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: GbPluginCef - H:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - H:\ARQUIV~1\GbPlugin\gbiehUni.dll

O23 - Service: Gbp Service (GbpSv) - - H:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - H:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - H:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - H:\Arquivos de programas\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9468 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite WhyTheFear

 

 

1.

*Delete o arquivo uninstall localizado no desktop

 

2.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

*Feche o hijack

 

No mais log limpo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.