katia-boop Postado Setembro 26, 2007 Denunciar Share Postado Setembro 26, 2007 Olá.. Há alguns dias estou com esse tróia Killfiles no notebook. Baixei e executei o HijackThis e aqui está o log. Aguardo notícias. Obrigada!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:50, on 26/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\VM303_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe--End of file - 6011 bytes Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Setembro 26, 2007 Denunciar Share Postado Setembro 26, 2007 Faça o download do ComboFixÉ importante que o salve no seu desktop (ambiente de trabalho)Feche todas as janelas e programas.Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.É um pouco demorado, por favor seja paciente.Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.Faça também um novo log do HijackThis para colocar na sua resposta.Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare. Link para o comentário Compartilhar em outros sites More sharing options...
0 katia-boop Postado Setembro 27, 2007 Autor Denunciar Share Postado Setembro 27, 2007 Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Setembro 28, 2007 Denunciar Share Postado Setembro 28, 2007 Ok...Acesse este site: http://virusscan.jotti.org/Em File to upload coloque: C:\Arquivos de programas\hyplay.exe Em seguida clique em SubmitCopie e poste o resultado deste exame. Link para o comentário Compartilhar em outros sites More sharing options...
0 katia-boop Postado Setembro 29, 2007 Autor Denunciar Share Postado Setembro 29, 2007 Aí vai o escaneamento solicitado..Valeu!KátiaService load: 0% 100% File: hyplay.exe_ Status: OK MD5: ee1a816b32121e328aae9ae7f5529086 Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 29 Sep 2007 14:18:51 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Statistics Last file scanned at least one scanner reported something about: stub.shark (MD5: 4a98f2165e1a942be062d8493d65d8bb, size: 286720 bytes), detected by:Scanner Malware name A-Squared X AntiVir X ArcaVir Trojan.Vb.Bax Avast Win32:VB-FED AVG Antivirus X BitDefender Backdoor.VB.BJP ClamAV Trojan.Karsh-1 CPsecure BackDoor.W32.VB.bax Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 probably a variant of Win32/VB.BCO Norman Virus Control X Panda Antivirus X Rising Antivirus X Sophos Antivirus Troj/Baxor-Gen VirusBuster X VBA32 X Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Setembro 29, 2007 Denunciar Share Postado Setembro 29, 2007 Faça um Online Scan em kaspersky VirusscannerClique em Quando questionando para instalar o componente ActiveX, clique em Aguarde a instalação e a actualização e depois clique em Clique agora em Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail BasesClique Clique em My Computer para que seja feito um Scan completo no seu Sistema.Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e poste na sua próxima resposta.Gere e cole também um novo log do HijackThis. Link para o comentário Compartilhar em outros sites More sharing options...
0 katia-boop Postado Setembro 29, 2007 Autor Denunciar Share Postado Setembro 29, 2007 Aí vão os dois escaneamentos, Renato..Obrigda,K.------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, September 29, 2007 6:00:02 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 29/09/2007 Kaspersky Anti-Virus database records: 425210-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\Scan Statistics: Total number of scanned objects: 125004 Number of viruses found: 3 Number of infected objects: 40 Number of suspicious objects: 0 Duration of the scan process: 02:14:41Infected Object Name / Virus Name / Last ActionC:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skippedC:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skippedC:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skippedC:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skippedC:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skippedC:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skippedC:\Arquivos de programas\eMule\Temp03.part Object is locked skippedC:\Arquivos de programas\eMule\Temp04.part Object is locked skippedC:\Arquivos de programas\eMule\Temp05.part Object is locked skippedC:\Arquivos de programas\eMule\Temp09.part Object is locked skippedC:\Arquivos de programas\eMule\Temp12.part Object is locked skippedC:\Arquivos de programas\eMule\Temp38.part Object is locked skippedC:\Arquivos de programas\eMule\Temp50.part Object is locked skippedC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe Infected: Trojan-Downloader.Win32.Banload.aqo skippedC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe Infected: Trojan-PSW.Win32.Delf.que skippedC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Infected: Trojan-Downloader.Win32.Banload.aqo skippedC:\Documents and Settings\Ka\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Ka\NtUser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Lu\Configurações locais\Histórico\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Lu\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Lu\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Lu\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Lu\NtUser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\qoobox\Quarantine\C\136907.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skippedC:\qoobox\Quarantine\C\210504.exe.vir Infected: Trojan-PSW.Win32.Delf.que skippedC:\qoobox\Quarantine\C\979623.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004655.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004682.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004704.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004729.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004739.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004860.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004878.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004890.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004900.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004911.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004926.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005928.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005958.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005975.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP104\A0006010.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP105\A0006048.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP106\A0006072.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006104.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006114.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007116.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007136.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007158.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP108\A0007189.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007229.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007260.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007270.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008272.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008289.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008298.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008387.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008388.exe Infected: Trojan-PSW.Win32.Delf.que skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008389.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP112\change.log Object is locked skippedC:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP99\A0004613.exe Infected: Trojan-Spy.Win32.Banker.ark skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\Antivirus.Evt Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\default Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\Internet.evt Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\software Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\system Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedC:\WINDOWS\Temp\Perflib_Perfdata_444.dat Object is locked skippedC:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedScan process complet!--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:07:09, on 29/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\VM303_STI.EXEC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Arquivos de programas\MSN Messenger\usnsvc.exeC:\Arquivos de programas\eMule\emule.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXEO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-776561741-162531612-1417001333-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ka')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe--End of file - 6241 bytes Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Setembro 29, 2007 Denunciar Share Postado Setembro 29, 2007 Ok...Baixe o Pocket KillBoxSalve em uma pasta em C:\Abra o Bloco de Notas, copie estas linhas e salve.C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exeC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exeC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exeC:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exeC:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão . Depois clique em Não.Apague a pasta Qoobox que está em C:\QooboxDesative e reative a Restauração do SistemaPoste no próximo log o conteúdo do arquivo C:\!KillBox\Logs\kb.txt Link para o comentário Compartilhar em outros sites More sharing options...
0 katia-boop Postado Outubro 1, 2007 Autor Denunciar Share Postado Outubro 1, 2007 Olá, Renato..Após desativar e ativar a restauração do sistema, reiniciei o pc. Logo em seguida, veio aviso de um killfiles. Selecionei excluir.Aí vai o resultado do log do pocket killboxKatiaPocket Killbox version Running on Windows XP as Administrador(Administrator)was started @ segunda-feira, outubro 01, 2007, 10:35 AM Killbox Closed(Exit) @ 10:43:05 AM__________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator)was started @ segunda-feira, outubro 01, 2007, 10:43 AM Killbox Closed(Exit) @ 10:43:39 AM__________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator)was started @ segunda-feira, outubro 01, 2007, 10:43 AM # 1 [Delete on Reboot]Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe # 2 [Delete on Reboot]Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe # 3 [Delete on Reboot]Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe # 4 [Delete on Reboot]Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe # 5 [Delete on Reboot]Path = C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Killbox Closed(Exit) @ 11:03:54 AM__________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator)was started @ segunda-feira, outubro 01, 2007, 11:23 AM Killbox Closed(Exit) @ 11:23:44 AM__________________________________________________ Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Outubro 3, 2007 Denunciar Share Postado Outubro 3, 2007 Desativou e reativou a restauração do sistema conforme foi pedido? Link para o comentário Compartilhar em outros sites More sharing options...
0 katia-boop Postado Outubro 3, 2007 Autor Denunciar Share Postado Outubro 3, 2007 Sim..fiz tudo conforme foi pedido.. e o vírus ainda continua aqui.Aguardo instruções.ObrigadaKátia Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Outubro 4, 2007 Denunciar Share Postado Outubro 4, 2007 Faça um novo scan online no kaspersky. Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
katia-boop
Olá.. Há alguns dias estou com esse tróia Killfiles no notebook. Baixei e executei o HijackThis e aqui está o log. Aguardo notícias. Obrigada!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:50, on 26/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6011 bytes
Link para o comentário
Compartilhar em outros sites
11 respostass a esta questão
Posts Recomendados