Logo Hardware.com.br
deodato4
deodato4 Novo Membro Registrado
55 Mensagens 0 Curtidas

Programa estranho abrindo na inicialização

#1 Por deodato4 24/06/2010 - 18:05
Desde semana passada, um programa chamado Javahl.exe se executa automaticamente na inicialização do pc, em um prompt do DOS, e rapidamente fecha. Segue log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:26, on 24/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MicroPower Software\Delta Translator\DWinTrsl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\DAEMON Tools Lite\dtlite.exe
C:\CommonFiles\javahr.exe
C:\CommonFiles\javahr2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsTranslator] C:\Program Files\MicroPower Software\Delta Translator\DWinTrsl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [javahr] c:\CommonFiles\javahr.exe
O4 - HKCU\..\Run: [javahr2] c:\CommonFiles\javahr2.exe
O4 - HKCU\..\Run: [javahl] c:\CommonFiles\javahl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...i_4.1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9364 bytes
Pão Man
Pão Man General de Pijama Registrado
3.3K Mensagens 178 Curtidas
#2 Por Pão Man
24/06/2010 - 18:23
Amigo faça os seguintes procedimentos:

- Baixe o MalwareBytes Anti-malware e salve-o no desktop
- Instale o programa
- Faça as atualizações dele
- Depois abra ele e na parte verificação, selecione a opçãoverificação completa
- Clique em verificar e selecione as partições
- Quando terminar o scan, poderá ser interrogado se deseja remover objetos da memória. Clique em sim, depois ok e mostrar resultados
- Clique em remover selecionados
- Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
- Copie ele e Cole na sua próxima mensagem
#Linux-User: 535210
[Indicação] Cursos de info Clique aqui: Curso 24H com diploma em casa.
Canal Youtube - https://www.youtube.com/jlucasengenharia
Robô e Kinect - https://www.youtube.com/watch?v=jcoaCoyohiQ
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#3 Por brando lee
24/06/2010 - 18:27
Pão Man disse:


Se no caso "Malwarebytes" não detectar os vírus para remover.
Faça esses procedimento abaixo.

*************************************

1) Copia Todo os comandos abaixo no Código.
MD C:\Quarentena

Reg Delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v javahr
Reg Delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v javahr2
Reg Delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v javahl

Attrib -s -h c:\CommonFiles\javahr.exe
Attrib -s -h c:\CommonFiles\javahr2.exe
Attrib -s -h c:\CommonFiles\javahl.exe

Move c:\CommonFiles\javahr.exe C:\Quarentena
Move c:\CommonFiles\javahr2.exe C:\Quarentena
Move c:\CommonFiles\javahl.exe C:\Quarentena
Shutdown -r -t 00
2) Abra seu bloco de notas cole o conteudo no bloco e Salve no Desktop com este nome--> DelFix.bat

E executa o Aquivo DelFix.bat.

O PC será reiniciado.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


deodato4
deodato4 Novo Membro Registrado
55 Mensagens 0 Curtidas
#7 Por deodato4
28/06/2010 - 00:57
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4247

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28/06/2010 00:56:47
mbam-log-2010-06-28 (00-56-47).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 307524
Tempo decorrido: 2 hora(s), 8 minuto(s), 46 segundo(s)

Processos de Memória Infectados: 2
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 3
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 1
Arquivos Infectados: 9

Processos de Memória Infectados:
C:\CommonFiles\javahr.exe (Trojan.Banker) -> Unloaded process successfully.
C:\CommonFiles\javahr2.exe (Trojan.Banker) -> Unloaded process successfully.

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_CURRENT_USER\rhavaj (Malware.Trace) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\javahr (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\javahr2 (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\javahl (Trojan.Banker) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Arquivos Infectados:
C:\CommonFiles\javahr.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\CommonFiles\javahr2.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\CommonFiles\javahn.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\CommonFiles\javahu.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Maria Celene\Desktop\cel\Coisas do Desktop\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Maria Celene\Desktop\cel\Coisas do Desktop\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\CommonFiles\javahl.exe (Trojan.Banker) -> Quarantined and deleted successfully.
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#8 Por brando lee
30/06/2010 - 18:10
Abra o Malwarebytes, e clique na aba (Quarentena) e depois clique em (Remover todo).

************************

1) Baixe a Ferramenta ((USBScanlist)) no link abaixo.
http://download.mandeibem.com.br/storage2/20100307-232033-2830/Programas/usbscanlist.exe

2) Extraia o Arquivo em Zip para o seu Desktop.

3) Conecte seu Pendriver ou MP3 na entrada USB.
* E Dublo clique no arquivo (USBScanlist.exe)
* Tecla (X) -> (Enter) Para Windows XP
* Tecla (1) -> (Enter) Iniciar o Scan.

*Aguarde o scan, quando termina abrirá um relatório automatico, copia ele todo e cole aqui.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal