2 replies to this topic

[Inu]

Olá, gostaria de solicitar a análise do log do Hijack This do PC de uma amiga:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:16:43, on 14/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\SnAgOS.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Eset\nod32krn.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\SnMgrSvc.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SnLiveUp.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\SnEngine.EXEC:\Arquivos de programas\Eset\nod32kui.exeC:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exeC:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXEC:\Arquivos de programas\Turbo\Manager\desp2k.exeC:\Arquivos de programas\Winamp\winampa.exeC:\Arquivos de programas\DAEMON Tools\daemon.exeC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\Arquivos de programas\WinZip\WZQKPICK.EXEC:\Arquivos de programas\iPod\bin\iPodService.exeC:\ARQUIV~1\EASYPH~1\Apache\apache.exeC:\ARQUIV~1\EASYPH~1\Apache\apache.exeC:\ARQUIV~1\EASYPH~1\MySql\bin\mysqld.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\MSN Messenger\usnsvc.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url="http://search.bearshare.com/sidebar.html?src=ssb"]http://search.bearshare.com/sidebar.html?src=ssb[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://search.bearshare.com/sidebar.html?src=ssb"]http://search.bearshare.com/sidebar.html?src=ssb[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://search.bearshare.com/sidebar.html?src=ssb"]http://search.bearshare.com/sidebar.html?src=ssb[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.compartilhando.org/"]http://www.compartilhando.org/[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://search.bearshare.com/sidebar.html?src=ssb"]http://search.bearshare.com/sidebar.html?src=ssb[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dllO4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [VTTrayp] VTtrayp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Turbo\Manager\desp2k.exeO4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /rO4 - HKCU\..\Run: [LightDialer] C:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXEO4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: EasyPHP.lnk = C:\Arquivos de programas\EasyPHP1-8\EasyPHP.exeO4 - Global Startup: Event Reminder.lnk = C:\Arquivos de programas\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[/url]O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab[/url]O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - [url="https://ww8.banrisul.com.br/bto/link/msie/SecureControl2k.cab"]https://ww8.banrisul.com.br/bto/link/msie/S...reControl2k.cab[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204306515203"]http://www.update.microsoft.com/windowsupd...b?1204306515203[/url]O16 - DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} (InternetIDX5 Class) - [url="https://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB"]https://ww7.banrisul.com.br/bsd/link/BSDSI6...erPluginCOM.CAB[/url]O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[/url]O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - [url="http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab"]http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab[/url]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url="http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab"]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - [url="http://messenger.zone.msn.com/binary/Chess.cab31267.cab"]http://messenger.zone.msn.com/binary/Chess.cab31267.cab[/url]O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9F6311-7362-47B5-BEF9-77074070E9CF}: NameServer = 201.10.1.2 201.10.120.3O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F38E12-E574-46B0-A7A9-BE33E93D845E}: NameServer = 201.10.1.2,201.10.120.3O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Arquivos de programas\Eset\nod32krn.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe--End of file - 10387 bytes

Obrigado,

[Mr. Xerife]

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas
Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[Allex Severino]

Tópico Fechado!

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..