Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
El Hazard

Analise de Log

Recommended Posts

Peguei um virus e meu orkut agora tava enviando umas msg assim:

"Oie

tudo bom?

ficou sabendo? agora da para ver fotos bloqueadas veja nesse comunidade

-link de alguma comunidade com algum link ou script que infecta seu pc-

espero ter ajudado te mais!!!"

aí vi q tinha um cara com o mesmo problema q eu!! então disseram pra ele passar o combofix! fiz o q disseram pra ele fazer... alguém pode me dizer se ja estou limpo? aí vai o log do hijackthis e do combofix

Logfile of HijackThis v1.99.1

Scan saved at 01:09:51, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Anderson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040508 serial=DR12CUS-2178927-HVQ lang=BP

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

ComboFix 08-03-22.1 - Anderson 2008-03-22 23:38:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.549 [GMT -3:00]

Executando de: C:\Documents and Settings\Anderson\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))

.

2008-03-22 17:28 . 2008-03-22 17:28 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-03-22 17:28 . 2008-03-22 17:28 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-03-22 17:27 . 2008-03-22 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-22 17:27 . 2008-03-22 17:27 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-03-22 17:27 . 2008-03-22 23:43 5,175,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-22 17:27 . 2008-03-22 23:42 70,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-03-22 17:27 . 2008-03-22 23:42 7,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-22 17:27 . 2008-03-22 23:42 1,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-03-22 17:18 . 2008-03-22 17:18 <DIR> d-------- C:\kav

2008-03-10 16:35 . 2008-03-10 16:35 <DIR> d-------- C:\Arquivos de programas\GPLGS

2008-03-10 16:28 . 2008-03-10 16:28 <DIR> d-------- C:\Arquivos de programas\Acro Software

2008-03-10 16:28 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll

2008-03-10 16:27 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Anderson\Dados de aplicativos\Corel

2008-03-07 00:26 . 2008-03-07 00:26 244 --ah----- C:\sqmnoopt05.sqm

2008-03-06 23:47 . 2008-03-06 23:47 19,582 --a------ C:\WINDOWS\FontData.fdb

2008-03-06 17:39 . 2008-03-06 17:39 <DIR> d-------- C:\Documents and Settings\Marcelo\Dados de aplicativos\Corel

2008-03-06 17:19 . 2008-03-06 17:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-06 17:18 . 2008-03-06 17:18 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-01 18:27 . 2008-03-01 18:27 268 --ah----- C:\sqmdata04.sqm

2008-03-01 18:27 . 2008-03-01 18:27 244 --ah----- C:\sqmnoopt04.sqm

2008-02-23 14:34 . 2008-02-27 00:26 <DIR> d-------- C:\Documents and Settings\Marcelo\Dados de aplicativos\skypePM

2008-02-23 14:34 . 2008-02-23 14:34 32 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-23 14:32 . 2008-02-27 00:28 <DIR> d-------- C:\Documents and Settings\Marcelo\Dados de aplicativos\Skype

2008-02-23 14:31 . 2008-02-23 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-23 14:31 . 2008-02-23 14:31 <DIR> d-------- C:\Arquivos de programas\Skype

2008-02-23 14:31 . 2008-02-23 14:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-22 20:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-03-22 20:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-22 20:24 --------- d-----w C:\Arquivos de programas\Symantec

2008-03-07 14:45 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\AdobeUM

2008-03-06 20:20 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-06 20:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-06 14:23 --------- d-----w C:\Arquivos de programas\Java

2008-02-26 18:27 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\uTorrent

2008-02-23 23:32 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\LimeWire

2008-02-23 01:04 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\.purple

2008-02-21 23:12 357,768 ----a-w C:\Documents and Settings\Marcelo\SymXPep2.dll

2008-02-08 21:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

2008-02-08 21:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat

2008-01-24 19:18 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\Media Player Classic

2008-01-24 19:17 --------- d-----w C:\Documents and Settings\Marcelo\Dados de aplicativos\DivX

2007-12-24 15:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-06-09 02:29 24,192 ----a-w C:\Documents and Settings\Administrador\usbsermptxp.sys

2007-06-09 02:29 22,768 ----a-w C:\Documents and Settings\Administrador\usbsermpt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-23 01:41 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-23 01:44 86016]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-23 01:40 81920]

"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 11:58 282624 C:\WINDOWS\sttray.exe]

"Microsoft Updates"="svshost.exe" []

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft Updates"="svshost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2004-09-13 15:49 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 07:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-06-04 19:54]

R2 CWRPPD01;CWRPPD01;C:\WINDOWS\system32\drivers\cwrppd01.sys [2000-01-28 15:12]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

S3 HPx9G+;HPx9G+ Device USB Driver;C:\WINDOWS\system32\DRIVERS\HPx9G2k.sys [2005-02-17 14:38]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-20 13:57]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 14:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99623644-1567-11dc-976e-89f9d06f8940}]

\Shell\auto\command - Knight.exe open

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - Knight.exe open

\Shell\find\command - Knight.exe open

\Shell\install\command - Knight.exe open

\Shell\open\command - Knight.exe open

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 23:43:44

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

.

**************************************************************************

.

Completion time: 2008-03-22 23:47:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-23 02:47:30

.

2008-03-12 22:34:39 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\svshost.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe

O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo norma, gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

aí está o novo log do hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 19:53:53, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Anderson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040508 serial=DR12CUS-2178927-HVQ lang=BP

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×