menor de capital

Magazine
Go Back   Computador Juice > Computer Software > Vírus, spyware e Segurança
Reload this Page

IEXPLORER.EXE vírus pls revisão hijack log

Registar Site Spy Member List Doação Pesquisa Today's Posts Mark Forums Read Fórum Regimento

Register


 Default 

IEXPLORER.EXE vírus pls revisão hijack log




Reply
Página 1 de 2 1 2
 
Thread Tools
  #1  
Old 21. Set 2008, 12:02
Os novos Estados-Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 12:01:37, em 9/21/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Centenn.ial \ Auditoria \ CAgent32.exe
C: \ Centenn.ial \ Auditoria \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ System32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
c: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ suservice.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ calc.exe
c: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ tp4mon.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ NWTRAY.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe
C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
C: \ WINDOWS \ system32 \ TpShocks.exe
C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe
C: \ Program Files \ Lenovo \ Zoom \ TpScrex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
F2 - REG: system.ini: UserInit = c: \ windows \ system32 \ userinit.exe, c: \ _inte gra \ bin \ shstart.exe
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe
O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe
O4 - HKLM \ .. \ Run: [TVT Scheduler Proxy] C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-B592-9FD03D16CC74): Domain = keane.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: Application Management Service (AppMgSvc) - Unknown owner - C: \ Program.exe (arquivo ausente)
O23 - Service: BHCP Service (BHsrv) - Unknown owner - C: \ Program.exe (arquivo ausente)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ Auditoria \ CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ Auditoria \ xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - A Novell, Inc. - C: \ WINDOWS \ system32 \ cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ System Update \ suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ System32 \ TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
O23 - Service: Symantec LiveState Agent para Windows (WControl) - Symantec Corporation - c: \ _integra \ bin \ ccmagent.exe
--
Fim do processo - 8621 bytes
  #2  
Old 21. Set 2008, 15:30
Moderador Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Baixar Malwarebytes' Anti-Malware (MBAM)
  • Dê um clique duplo mbam-setup.exe e siga as instruções para instalar o programa.
  • Ao final, certifique-se de uma marca de verificação é colocada ao lado da seguinte forma:
    • Actualizar Malwarebytes' Anti-Malware
    • Lançamento Malwarebytes' Anti-Malware
  • Em seguida, clique em Concluir.
  • Se uma atualização for encontrada, ela vai baixar e instalar a versão mais recente.
  • Uma vez carregado o programa, selecione Execute verificação rápidaE, em seguida, clique em Scan.
  • Quando a pesquisa estiver concluída, clique em OKE, em seguida, Mostrar resultados para ver os resultados.
  • Tenha certeza de que tudo está marcada, e clique em Remover Selecionados.
  • Desinfecção Quando estiver concluída, será aberto um log no Bloco de Notas e você pode ser solicitado a reiniciar. (Veja Nota Extra)
  • O log é automaticamente salvo pelo MBAM e pode ser visualizada clicando no separador no MBAM Logs.
  • Copie e cole todo o relatório em sua próxima resposta.

Nota adicional: Se MBAM encontrar um arquivo que é difícil de remover, você será presenteado com 1 de 2 solicitações, clique em OK para deixar MBAM e quer avançar com o processo de desinfecção, se solicitado para reiniciar o computador, faça-o imediatamente.
__________________
  #3  
Old 21. Set 2008, 18:18
Os novos Estados-Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Não malware encontrado, aqui está o relatório
-------------------------------------------------- ----
5/1/2600 Windows Service Pack 2
9/21/2008 6:16:07
mbam-log-2008-09-21 (18-16-07). txt
Scan type: Quick Scan
Objetos digitalizados: 52621
Tempo decorrido: 4 minuto (s), 41 segundo (s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Valores do Registro infectados: 0
Dados de Registro Items Infected: 0
Pastas infectadas: 0
Arquivos infectados: 0
Memory Processes Infected:
(N º itens maliciosos detectados)
Memory Modules Infected:
(N º itens maliciosos detectados)
Registry Keys Infected:
(N º itens maliciosos detectados)
Valores do Registro infectados:
(N º itens maliciosos detectados)
Dados de Registro Items Infected:
(N º itens maliciosos detectados)
Folders Infected:
(N º itens maliciosos detectados)
Arquivos Infectados:
(N º itens maliciosos detectados)
  #4  
Old 21. Set 2008, 18:40
Moderador Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Não existe nenhum malware mostrando em qualquer log.

O que exatamente está acontecendo?
__________________
  #5  
Old 21. Set 2008, 19:23
Os novos Estados-Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Múltiplas IEXPLORER.EXE processo estão em processo spwaning lista. Eles imediatamente pop-up se eu matá-los um por um. Às vezes eu também ouvir alguns sons como um daqueles executando qualquer janela do navegador, mas não visível. Há definitivamente errado eles não são supostos para existir.
  #6  
Old 21. Set 2008, 19:26
Moderador Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Download ComboFix por subcategorias de um dos links abaixo. Certifique-se de guardá-lo para o topo Desktop.

Link # 1
Link # 2

** Nota: É importante que ele é guardado directamente para o seu desktop

Feche todos os browsers abertos. (Firefox, Internet Explorer, etc) antes de iniciar ComboFix.

Temporariamente desabilitar seu antivírus, E qualquer antispyware proteção em tempo real antes realizar uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.

Dê um clique duplo combofix.exe e siga as instruções.
Quando terminar ComboFix irá produzir um log para você.
Publicar a Log ComboFix e um novo HijackThis log na sua próxima resposta.

Importante: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que a barraca.

Lembre-se de reativar a sua protecção antivírus e antispyware ComboFix quando estiver completa.
__________________
  #7  
Old 21. Set 2008, 19:42
Os novos Estados-Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

ComboFix Log
-----------------------
ComboFix 08-09-20.05 - 012466 2008-09-21 19:31:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT -7:00]
Executando de: C: \ Keanetools \ ComboFix.exe
* Criado um novo ponto restaurar
ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
.
((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ WINDOWS \ system32 \ x64
.
((((((((((((((((((((((((((((((((((((((( Drivers / Serviços )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ Legacy_BHSRV
------- \ Service_BHsrv

((((((((((((((((((((((((( Arquivos criados a partir de 2008/08/22 a 2008/09/22 ))))))))))) ))))))))))))))))))))
.
2008/09/21 18:09. 2008/09/21 18:10 <dir> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008/09/21 18:09. 2008/09/21 18:09 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/09/21 18:09. 2008/09/21 18:09 <dir> d -------- C: \ Documents and Settings \012466 \ Dados de aplicativos \ Malwarebytes
2008/09/21 18:09. 2008/09/10 00:04 38,528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/09/21 18:09. 2008/09/10 00:03 17,200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/09/21 11:07. 2008/09/21 11:07 <dir> d -------- C: \ Program Files \ Lavasoft
2008/09/21 11:07. 2008/09/21 11:08 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008/09/21 11:06. 2008/09/21 11:06 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/09/20 23:40. 2008/09/20 23:40 <dir> d -------- C: \ Program Files \ Trend Micro
2008/09/19 09:03. 2008/09/19 09:08 <dir> d -------- C: \ WINDOWS \ SxsCaPendDel
2008/09/19 00:49. 2008/09/19 00:52 <dir> d -------- C: \ Documents and Settings \012466 \. Housecall6.6
2008/09/19 00:27. 2008/09/19 09:04 <dir> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/09/18 20:25. 2002/02/04 06:22 1230336 - a ------ C: \ WINDOWS \ system32 \ msxml4.dll
2008/09/18 20:25. 2007/09/14 05:01 922,920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe
2008/09/18 20:25. 2002/02/04 06:13 82,432 - a ------ C: \ WINDOWS \ system32 \ Msxml4r.dll
2008/09/18 20:25. 2002/02/04 06:13 44,544 - a ------ C: \ WINDOWS \ system32 \ Msxml4a.dll
2008/09/18 20:25. 2002/02/07 18:43 9679 - a ------ C: \ WINDOWS \ system32 \ msxml4r.cat
2008/09/18 20:25. 2002/02/07 18:43 9675 - a ------ C: \ WINDOWS \ system32 \ msxml4.cat
2008/09/18 20:25. 2002/02/06 20:31 3489 - a ------ C: \ WINDOWS \ system32 \ msxml4.Manifest
2008/09/18 20:25. 2002-02-06 20:31 500 - a ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest
2008/09/18 20:21. 2008/09/18 20:21 <dir> d -------- C: \ Program Files \ Common Files \ Lenovo
2008/09/18 18:27. 2008/09/21 11:54 21,272 - a ------ C: \ WINDOWS \ system32 \ bynpea.key
2008/09/18 18:25. 2008/09/18 18:25 1 - a ------ C: \ WINDOWS \ system32 \004fdb9.imi
2008/09/15 14:23. 2008/09/15 14:23 332,800 --- hs ---- C: \ WINDOWS \ system32 \ _Bhsrv.msi
2008/09/15 12:15. 2008/09/18 15:57 69,942 - a ------ C: \ WINDOWS \ system32 \ rrjack.key
2008/09/15 12:15. 2008/09/15 12:15 1 - a ------ C: \ WINDOWS \ system32 \0048444.imi
2008/09/13 19:27. 2008-09-13 19:27 24 - a ------ C: \ WINDOWS \ cdplayer.ini
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Real
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Common Files \ Xing partilhada
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Common Files \ Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/22 02:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008/09/22 02:33 --------- d ----- w C: \ Program Files \ cliente VPN Cisco
2008-09-21 18:56 16 - sh - r C: \ MSCIOTL.SYS
2008/09/21 18:55 8,416 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS
2008/09/20 19:26 430,816 - sh - w C: \ Program Files \ _MsInfo.msi
2008/09/19 03:25 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação
2008/09/19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage
2008/09/19 03:21 --------- d ----- w C: \ Program Files \ Lenovo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328]
"Persistência" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-03-24 53408]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656]
"TPHOTKEY" = "C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe" [2007-03-09 66176]
"UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592]
"DLA" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037]
"EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp. Exe" [2007-04-26 243248]
"LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368]
"TVT Scheduler Proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe" [2008-03-04 487424]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896]
"TrackPointSrv" = "tp4mon.exe" [2004/08/03 C: \ WINDOWS \ system32 \ tp4mon.exe]
"NWTRAY" = "NWTRAY.EXE" [2002/03/12 C: \ WINDOWS \ system32 \ nwtray.exe]
"TpShocks" = "TpShocks.exe" [2007/03/29 C: \ WINDOWS \ system32 \ TpShocks.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Communicator" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"CompatibleRUPSecurity" = 1 (0x1)
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ act rentversion \ Policies \ Explorer]
"StartMenuLogOff" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ tpfnf2]
2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ HotKey \ notifyf2.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ tphotkey]
2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ lsa]
Authentication Packages REG_MULTI_SZ MSV1_0 nwv1_0
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
R0 Shockprf; Shockprf; C: \ WINDOWS \ system32 \ DRIVERS \ Apsx 86.sys [2007/03/02 100656]
R0 TPDIGIMN; TPDIGIMN; C: \ WINDOWS \ system32 \ DRIVERS \ ApsH M86.sys [2007-03-02 19760]
R2 smefs; SMEFileSystem; C: \ WINDOWS \ system32 \ drivers \ sm efs.sys [2006-02-08 20508]
R3 CdProbe; CdProbe; C: \ WINDOWS \ system32 \ DRIVERS \ cdprob e.sys [2008-09-21 8416]
R3 smedrv; SMEDriver; C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006/02/08 9516]
S2 AppMgSvc; Application Management Service; C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MsInfo.msi [2008-09-20 430816]
S2 yraebbgi; yraebbgi; C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys []
S2 yrtxzgwh; yrtxzgwh; C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys []
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
wrtxzg REG_MULTI_SZ wrtxzg
nraebb REG_MULTI_SZ nraebb
.
.
Scan Suplementar ------- -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.com/
O8 -: E & xportar para o Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 19:35:12
5/1/2600 Windows Service Pack 2 NTFS
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
ficheiros ocultos: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ A ppMgSvc]
"ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MsInfo.msi"
.
--------------------- DLLs Loaded Sob Running Processes ---------------------
PROCESS: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll
.
------------------------ Other Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ zoom \ TpScrex.exe
C: \ Program Files \ Symantec AntiVirus \ DoScan.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ CENTENN.IAL \ AUDITORIA \ CAgent32.exe
C: \ CENTENN.IAL \ AUDITORIA \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
C: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ SUService.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ ComboFix \ pv.cfexe
.
************************************************** ************************
.
Conclusão time: 2008-09-21 19:36:58 - máquina foi reinicializada
ComboFix-quarantined-files.txt 2008-09-22 02:36:54
Pré-Run: 64333811712 bytes livres
Post-Run: 64523264000 bytes livres
175





Log HijackThis
-----------------------------------
Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 7:38:41, em 9/21/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
c: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ tp4mon.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ NWTRAY.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe
C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ Zoom \ TpScrex.exe
C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
C: \ WINDOWS \ system32 \ TpShocks.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Centenn.ial \ Auditoria \ CAgent32.exe
C: \ Centenn.ial \ Auditoria \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ calc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ System32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
c: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ suservice.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O4 - HKLM \ .. \ Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [TPHOTKEY] C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [EZEJMNAP] C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp.Exe
O4 - HKLM \ .. \ Run: [LPManager] C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe
O4 - HKLM \ .. \ Run: [TpShocks] TpShocks.exe
O4 - HKLM \ .. \ Run: [TVT Scheduler Proxy] C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Communicator] "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (B8E7B489-2160-4DE7-B592-9FD03D16CC74): Domain = keane.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (D239A412-22C2-4683-95BC-1FFAA687D0DF): NameServer = 172.21.18.101,172.21.18.102
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
O23 - Service: Application Management Service (AppMgSvc) - Unknown owner - C: \ Program.exe (arquivo ausente)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C: \ Centenn.ial \ Auditoria \ CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C: \ Centenn.ial \ Auditoria \ xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - A Novell, Inc. - C: \ WINDOWS \ system32 \ cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C: \ Program Files \ Lenovo \ System Update \ suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C: \ WINDOWS \ System32 \ TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
O23 - Service: Symantec LiveState Agent para Windows (WControl) - Symantec Corporation - c: \ _integra \ bin \ ccmagent.exe
--
Fim do processo - 8581 bytes
  #8  
Old 21. Set 2008, 21:24
Moderador Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Excluir esses arquivos / pastas, como se segue:

1. Ir para Iniciar > Correr > Tipo Notepad.exe e clique em OK para abrir o Bloco de Notas.
Ele deve ser Notepad, Wordpad não.
2. Copie o código abaixo o texto na caixa de realce todo o texto e pressionar Ctrl + C

Código:
Killall:: Driver:: BHSRV BHsrv File:: C: \ WINDOWS \ system32 \ bynpea.key C: \ WINDOWS \ system32 \ 004fdb9.imi C: \ WINDOWS \ system32 \ _Bhsrv.msi C: \ WINDOWS \ system32 \ rrjack. Tecla C: \ WINDOWS \ system32 \ 0048444.imi C: \ WINDOWS \ system32 \ drivers \ bynpea.sys C: \ WINDOWS \ system32 \ drivers \ rrjack.sys C: \ WINDOWS \ system32 \ calc.exe
3. Vá até a janela e clique em Bloco de notas Editar > Colar
4. Em seguida, clique em Arquivo > Salvar
5. Nome do arquivo CFScript.txt - Salve o arquivo para o seu desktop
6. Em seguida, arraste o CFScript (mantenha o botão esquerdo do mouse ao arrastar o arquivo) e largá-la (liberar o botão esquerdo do mouse) em ComboFix.exe como você vê na imagem abaixo. Importante: Realize estas instruções cuidadosamente!



ComboFix irá começar a executar, basta seguir as instruções na tela.
Após o reboot (no caso ele pede para reiniciar), que irá produzir um log para você.
Post que log (Combofix.txt) em sua próxima resposta.

Nota: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que seu sistema de congelar
__________________
  #9  
Old 21. Set 2008, 22:20
Os novos Estados-Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

ComboFix log depois de executar CFSCript
-------------------------------------------------- --------
ComboFix 08-09-20.05 - 012466 2008-09-21 22:11:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00]
Executando de: C: \ Keanetools \ ComboFix.exe
Comando interruptores utilizados:: C: \ Documents and Settings \012466 \ Desktop \ CFScript.txt
* Criado um novo ponto restaurar
ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
FILE::
C: \ WINDOWS \ system32 \ _Bhsrv.msi
C: \ WINDOWS \ system32 \0048444.imi
C: \ WINDOWS \ system32 \004fdb9.imi
C: \ WINDOWS \ system32 \ bynpea.key
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ drivers \ bynpea.sys
C: \ WINDOWS \ system32 \ drivers \ rrjack.sys
C: \ WINDOWS \ system32 \ rrjack.key
.
((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ _Bhsrv.msi
C: \ WINDOWS \ system32 \0048444.imi
C: \ WINDOWS \ system32 \004fdb9.imi
C: \ WINDOWS \ system32 \ bynpea.key
C: \ WINDOWS \ system32 \ calc.exe
C: \ WINDOWS \ system32 \ rrjack.key
.
((((((((((((((((((((((((( Arquivos criados a partir de 2008/08/22 a 2008/09/22 ))))))))))) ))))))))))))))))))))
.
2008/09/21 18:09. 2008/09/21 18:10 <dir> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008/09/21 18:09. 2008/09/21 18:09 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/09/21 18:09. 2008/09/21 18:09 <dir> d -------- C: \ Documents and Settings \012466 \ Dados de aplicativos \ Malwarebytes
2008/09/21 18:09. 2008/09/10 00:04 38,528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/09/21 18:09. 2008/09/10 00:03 17,200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/09/21 11:07. 2008/09/21 11:07 <dir> d -------- C: \ Program Files \ Lavasoft
2008/09/21 11:07. 2008/09/21 11:08 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008/09/21 11:06. 2008/09/21 11:06 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/09/20 23:40. 2008/09/20 23:40 <dir> d -------- C: \ Program Files \ Trend Micro
2008/09/19 09:03. 2008/09/19 09:08 <dir> d -------- C: \ WINDOWS \ SxsCaPendDel
2008/09/19 00:49. 2008/09/19 00:52 <dir> d -------- C: \ Documents and Settings \012466 \. Housecall6.6
2008/09/19 00:27. 2008/09/19 09:04 <dir> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/09/18 20:25. 2002/02/04 06:22 1230336 - a ------ C: \ WINDOWS \ system32 \ msxml4.dll
2008/09/18 20:25. 2007/09/14 05:01 922,920 --------- C: \ WINDOWS \ system32 \ ahlprun.exe
2008/09/18 20:25. 2002/02/04 06:13 82,432 - a ------ C: \ WINDOWS \ system32 \ Msxml4r.dll
2008/09/18 20:25. 2002/02/04 06:13 44,544 - a ------ C: \ WINDOWS \ system32 \ Msxml4a.dll
2008/09/18 20:25. 2002/02/07 18:43 9679 - a ------ C: \ WINDOWS \ system32 \ msxml4r.cat
2008/09/18 20:25. 2002/02/07 18:43 9675 - a ------ C: \ WINDOWS \ system32 \ msxml4.cat
2008/09/18 20:25. 2002/02/06 20:31 3489 - a ------ C: \ WINDOWS \ system32 \ msxml4.Manifest
2008/09/18 20:25. 2002-02-06 20:31 500 - a ------ C: \ WINDOWS \ system32 \ msxml4r.Manifest
2008/09/18 20:21. 2008/09/18 20:21 <dir> d -------- C: \ Program Files \ Common Files \ Lenovo
2008/09/13 19:27. 2008-09-13 19:27 24 - a ------ C: \ WINDOWS \ cdplayer.ini
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Real
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Common Files \ Xing partilhada
2008/09/13 19:26. 2008/09/13 19:26 <dir> d -------- C: \ Program Files \ Common Files \ Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/22 05:14 8,416 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDProbe.SYS
2008-09-22 05:14 16 - sh - r C: \ MSCIOTL.SYS
2008/09/22 05:14 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008/09/22 03:07 --------- d ----- w C: \ Program Files \ cliente VPN Cisco
2008/09/20 19:26 430,816 - sh - w C: \ Program Files \ _MsInfo.msi
2008/09/19 03:25 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação
2008/09/19 03:25 --------- d ----- w C: \ Program Files \ ThinkVantage
2008/09/19 03:21 --------- d ----- w C: \ Program Files \ Lenovo
.
((((((((((((((((((((((((((((( Snapshot@2008-09-21_19.36.38.64 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008/09/21 18:59:45 71,370 ---- aw C: \ WINDOWS \ system32 \ Perfc009.dat
+ 2008-09-22 02:39:43 71.370 ---- aw C: \ WINDOWS \ system32 \ Perfc009.dat
- 2008/09/21 18:59:45 439,832 ---- aw C: \ WINDOWS \ system32 \ Perfh009.dat
+ 2008/09/22 02:39:43 439,832 ---- aw C: \ WINDOWS \ system32 \ Perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2007-08-15 162328]
"Persistência" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2007-08-15 137752]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-03-24 53408]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-06-14 124656]
"TPHOTKEY" = "C: \ Program Files \ Lenovo \ HotKey \ TPOSDSVC.exe" [2007-03-09 66176]
"UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-18 110592]
"DLA" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2005-05-19 127037]
"EZEJMNAP" = "C: \ PROGRA ~ 1 \ ThinkPad \ UTILIT ~ 1 \ EzEjMnAp. Exe" [2007-04-26 243248]
"LPManager" = "C: \ PROGRA ~ 1 \ THINKV ~ 1 \ PrdCtr \ LPMGR.exe" [2007-03-22 120368]
"TVT Scheduler Proxy" = "C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ scheduler_proxy.exe" [2008-03-04 487424]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-09-13 185896]
"TrackPointSrv" = "tp4mon.exe" [2004/08/03 C: \ WINDOWS \ system32 \ tp4mon.exe]
"NWTRAY" = "NWTRAY.EXE" [2002/03/12 C: \ WINDOWS \ system32 \ nwtray.exe]
"TpShocks" = "TpShocks.exe" [2007/03/29 C: \ WINDOWS \ system32 \ TpShocks.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Communicator" = "C: \ Program Files \ Microsoft Office Communicator \ Communicator.exe" [2005-05-12 4167376]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"CompatibleRUPSecurity" = 1 (0x1)
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ act rentversion \ Policies \ Explorer]
"StartMenuLogOff" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ tpfnf2]
2006-09-06 13:37 34344 C: \ Program Files \ Lenovo \ HotKey \ notifyf2.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ tphotkey]
2006-12-14 08:06 28672 C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ lsa]
Authentication Packages REG_MULTI_SZ MSV1_0 nwv1_0
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
R0 Shockprf; Shockprf; C: \ WINDOWS \ system32 \ DRIVERS \ Apsx 86.sys [2007/03/02 100656]
R0 TPDIGIMN; TPDIGIMN; C: \ WINDOWS \ system32 \ DRIVERS \ ApsH M86.sys [2007-03-02 19760]
R2 smefs; SMEFileSystem; C: \ WINDOWS \ system32 \ drivers \ sm efs.sys [2006-02-08 20508]
R3 CdProbe; CdProbe; C: \ WINDOWS \ system32 \ DRIVERS \ cdprob e.sys [2008-09-21 8416]
R3 smedrv; SMEDriver; C: \ WINDOWS \ system32 \ drivers \ smedr v.sys [2006/02/08 9516]
S2 AppMgSvc; Application Management Service; C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MsInfo.msi [2008-09-20 430816]
S2 yraebbgi; yraebbgi; C: \ WINDOWS \ system32 \ drivers \ bynp ea.sys []
S2 yrtxzgwh; yrtxzgwh; C: \ WINDOWS \ system32 \ drivers \ rrja ck.sys []
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
wrtxzg REG_MULTI_SZ wrtxzg
nraebb REG_MULTI_SZ nraebb
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 22:16:04
5/1/2600 Windows Service Pack 2 NTFS
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...

C: \ WINDOWS \ system32 \ calc.exe
varredura foi concluída com êxito
ficheiros ocultos: 1
************************************************** ************************
[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ A ppMgSvc]
"ImagePath" = "C: \ Program Files \ Common Files \ Microsoft Shared \ Msinfo \ MsInfo.msi"
.
--------------------- DLLs Loaded Sob Running Processes ---------------------
PROCESS: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ Program Files \ Lenovo \ HotKey \ tphklock.dll
.
------------------------ Other Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ CENTENN.IAL \ AUDITORIA \ CAgent32.exe
C: \ CENTENN.IAL \ AUDITORIA \ xferwan.exe
C: \ Program Files \ Cisco VPN Client \ cvpnd.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ Lenovo \ tvt_reg_monitor_svc.exe
C: \ WINDOWS \ system32 \ TPHDEXLG.exe
C: \ Program Files \ Common Files \ Lenovo \ Scheduler \ tvtsched.exe
C: \ _integra \ bin \ ccmagent.exe
C: \ Program Files \ Lenovo \ System Update \ SUService.exe
C: \ _integra \ bin \ shstart.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ Lenovo \ HotKey \ TPONSCR.exe
C: \ Program Files \ Lenovo \ zoom \ TpScrex.exe
C: \ Program Files \ Symantec AntiVirus \ DoScan.exe
C: \ Program Files \ Yahoo! \ Messenger \ Ymsgr_tray.exe
C: \ ComboFix \ pv.cfexe
.
************************************************** ************************
.
Conclusão time: 2008-09-21 22:17:28 - máquina foi reinicializada
ComboFix-quarantined-files.txt 2008-09-22 05:17:23
ComboFix2.txt 2008-09-22 02:36:59
Pré-Run: 64509464576 bytes livres
Post-Run: 64505421824 bytes livres
181
  #10  
Old 21. Set 2008, 22:26
Moderador Grupo
  
Default IEXPLORER.EXE vírus pls revisão hijack log

Baixar OTMoveIt2 por OldTimere guardá-la para o seu Desktop.

Nota: Se você estiver executando em Vista, clique com o botão direito sobre OTMoveIt2.exe e escolha Executar como administrador.

1. Dê um clique duplo OTMoveIt2.exe para executá-lo.
2. Copie as linhas no codebox abaixo.

Código:
[matar explorer] C: \ WINDOWS \ system32 \ calc.exe HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ AppMgSvc EmptyTemp [start explorer]
3. Retornar para OTMoveIt2, clique direito no Colar lista de arquivos / pastas a Mover janela (sob a barra amarela) e escolha Colar
4. Clique no vermelho Moveit! botão.
5. Copie tudo na janela de resultados (sob a barra verde) e colá-lo na sua próxima resposta.
6. Fechar OTMoveIt2

Nota: Se um arquivo ou pasta não podem ser transferidas imediatamente você poderá ser solicitado a reiniciar o computador, a fim de finalizar a jogada processo. Se você for solicitado para reiniciar, escolha Sim. Se não, reinicie anyway.
__________________
Reply
Página 1 de 2 1 2

Register

Marcadores

Similar Threads
Fio Thread Starter Fórum Respostas Última postagem
Removendo vírus iexplore.exe / log hijack xalice15x Vírus, spyware e Segurança 16 12. De novembro de 2008 19:43
Iexplorer.exe vírus - por favor, me ajude! Giant Panda Vírus, spyware e Segurança 2 6. De outubro de 2008 14:55
Estou recebendo a bone.exe vírus para o meu iexplorer damandg Vírus, spyware e Segurança 12 14. De julho de 2008 14:31
Iexplorer.exe vírus iuboy2006 Vírus, spyware e Segurança 9 26. De março de 2008 08:12
Avssytemcare popup vírus e similares - (inclui hijack this) shifty Vírus, spyware e Segurança 23 2007 Sep 4. 16:15
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Contato -- Privacidade -- Mapa do Site -- Topo

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. SEO por vBSEO © 2009, rastreamento, Inc.