Ir para conteúdo
Fórum Script Brasil
  • 0

Acho que estou com o pc infectado, por favor me ajudem!


mateusesteves

Pergunta

Olá,

Após fazer uma pesquisa nos tópicos já criados encontrei um que falava a respeito do internet explore abrir sozinho com "protejaseudrive".

Travou pesquisas no Google, mas depois voltou a pesquisar porém alguns forums foram travados como os do clube do hardware. Mesmo após passar o antivirus o problema continuou, só depois de um tempo voltou tudo ao normal. Não sei se estou se minha máquina está infectada. Estou com medo deste problema voltar e travar sites que eu uso para fazer meu tfg da faculdade.

Se puderem me ajudar agradeço desde já.

Segue o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:24:46, on 26/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - C:\Windows\system32\ddcDsrpp.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AE41186C-A4DA-4359-B4E5-F1487454E520} - C:\Windows\system32\awtttUMd.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program

Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253

\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcDsrpp.dll,#1

O4 - HKLM\..\Run: [bM39863c45] Rundll32.exe "C:\Windows\system32\sejcdesr.dll",s

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User

'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User

'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe

O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12

\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick

Launch Buttons\Com4Qlb.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel

Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio

MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32

\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. -

C:\Windows\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. -

C:\Windows\system32\lktsrv.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program

Files\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National

Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 13050 bytes

Link para o comentário
Compartilhar em outros sites

9 respostass a esta questão

Posts Recomendados

  • 0

Baixe o ComboFix e salve no desktop.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Link para o comentário
Compartilhar em outros sites

  • 0

Delete o log ComboFix.txt localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do CODE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::
C:\Windows\_MSRSTRT.EXE
C:\Windows\system32\awtttUMd.dll
F:\setup.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B43A54BB-073B-48D5-A6C9-5395148C8811}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18f55b4b-1bf9-11dd-b0e2-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f6e2fb-fb57-11dc-b4c6-001e3773fd3d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f6e3a9-fb57-11dc-b4c6-001e3773fd3d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4bd539d-2209-11dd-899b-005056c00008}]
RenV::
C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste o novo Log ComboFix.txt à sua resposta.

Poste também um novo Log do Hijackthis.

Link para o comentário
Compartilhar em outros sites

  • 0

Olá,

Quando eu arrasto o arquivo CFScript.txt para o ComboFix, abre uma janela dizendo "falha na instalação", na janela azul, diz que "o sistema não pode encontrar o texto correspondente a mensagem de número 0x8 no arquivo de mensagens para system". Além de gerar um arquivo "Bug.txt".

O que devo fazer?

segue o que tem no arquivo Bug.txt:

pushd "C:\327882R2FWJFW\"

=============================================

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Mateus\AppData\Roaming

cfldr=327882R2FWJFW

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=MATEUS-NOTE

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Mateus

kmd=CF7199.exe

KMP_DUPLICATE_LIB_OK=TRUE

LOCALAPPDATA=C:\Users\Mateus\AppData\Local

LOGONSERVER=\\MATEUS-NOTE

MKL_SERIAL=YES

NUMBER_OF_PROCESSORS=2

OnlineServices=Servi‡os online

OS=Windows_NT

Path=C:\327882R2FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Bioscrypt\VeriSoft\bin;C:\MATLAB7\bin\win32;C:\Program Files\QuickTime\QTSystem

PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PCBRAND=Pavilion

PLATFORM=MCD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f0d

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SESSIONNAME=Console

sfxname=C:\Users\Mateus\Desktop\ComboFix.exe

system=C:\Windows\system32

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Mateus\AppData\Local\Temp

TMP=C:\Users\Mateus\AppData\Local\Temp

USERDOMAIN=Mateus-Note

USERNAME=Mateus

USERPART=E:

USERPROFILE=C:\Users\Mateus

VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

windir=C:\Windows

=============================================

if not defined sfxname goto END

Nircmd win close ititle "ComboFix"

If [C:\Users\Mateus\Desktop\CFScript.txt] == [] Set "SfxCmd="

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

if exist "C:\Users\Mateus\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\Users\Mateus\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log"

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

Ownerchange for "C:\Windows\system32\cmd.exe" to Administrators group was successful

copy /y "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF7199.exe"

1 arquivo(s) copiado(s).

if not exist "C:\Windows\system32\CF7199.exe" catchme -l nul -c "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF7199.exe"

For /F "tokens=*" %g in ("C:\Users\Mateus\Desktop\ComboFix.exe") do @(

set "FileName=%~ng"

set "FilePath=%~dpg"

)

Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || (

nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""

goto END

)

DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00

FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

If exist dirname0? del /Q dirname0?

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (

rd /s/q "\ComboFix"

If exist "\ComboFix" (

PV -kf findstr.exe *.cfexe

rd /s/q "\ComboFix"

)

If exist "\ComboFix" (

handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00

for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h

del /q temp00

rd /s/q "\ComboFix"

)

)

If exist "\ComboFix" rd /s/q "\ComboFix"

If exist "\ComboFix" goto :eof

VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||

CD ..

Set "comspec=C:\Windows\system32\CF7199.exe"

(

echo.md "\ComboFix"

echo.Move /y "\327882R2FWJFW\*" "\ComboFix"

echo.RD /S/Q "\327882R2FWJFW"

echo.Start "." /d"C:\ComboFix" "C:\Windows\system32\CF7199.exe" /k c.bat

echo.pv -kf cmd.exe

) 1>Start_.cmd

NirCmd exec hide "C:\Windows\system32\CF7199.exe" /f:off /d /c call Start_.cmd

NirCmd execmd del "\327882R2FWJFW\prep.cmd"

EXIT

Link para o comentário
Compartilhar em outros sites

  • 0

Oi,

Já conferir o arquivo CFScript. Quando eu coloco o comando ComboFix.exe /u, aparece a mesma mensagem quando eu arrasto o arquivo.

É necessário outro log do sistema para uma análise melhor?

Obrigado.

Ahhh.. outra coisa, eu uso o antivirus McaFee, ele interfere em alguma coisa do processo?

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.


  • Estatísticas dos Fóruns

    • Tópicos
      152k
    • Posts
      651,7k
×
×
  • Criar Novo...