Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Cursos Online iMasters
Foto:

[Resolvido!]Pc infectado

  • Por favor, faça o login para responder
18 respostas neste tópico

#1 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 14 dezembro 2007 - 18:27

OLA MODERADORES PRECISO DA AJUDA DE VOCES......


Logfile of HijackThis v1.99.1
Scan saved at 19:22:50, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AntiVir\avguard.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\bfsa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AntiVir\sched.exe
C:\WINDOWS\system32\snss.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\AntiVir\avgnt.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min
O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P66 "Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3" /O22 "\\START-GAME3\AutoEPSO" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAME4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STARTGAME4" /O21 "\\STARTGAME4\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\Startgame4\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Startgame4\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#2 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 14 dezembro 2007 - 19:46

Boa Noite Decinho Game!

>@< Vá em Iniciar >> Executar >> Digite: msconfig >> Ok.
>@< Abrir-se-á o: Utilitário de configuração do sistema.
>@< Clique na aba Serviços!
>@< Desmarque a caixa referente à êste Serviço: snss.
>@< Clique em Aplicar >> Ok.
________________________

>@< Faça o download do KillBox.
>@< Salve-o no Desktop!
>@< Abra o KillBox e marque Delete on reboot.
>@< Copie o ficheiro,logo abaixo,para a área de transferência ( Full path of file to delete ).
>@< Selecione e clique em Copiar!Ou seja,estando desconectado e com estas instruções salvas,voçê copiará o ficheiro para o Bloco de Notas e,dêste,para a área de transferência no KillBox.

C:\WINDOWS\system32\snss.exe

>@< Volte ao KillBox e clique em File >> Past from clipboard >> All files.
>@< Clique no botão X e,na pergunta sobre o Reboot,diga Não!
>@< Reinicie o computador e entre em Modo de Segurança.
>@< Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e,no Menu que surgir escolha:Modo Seguro ou de Segurança.
________________________

>@< Abra o HijackThis,clique em: Open the misc tools section.
>@< Clique em: Delete an NT Service.
>@< Coloque o nome do Serviço: snss,na caixa.
>@< Clique em Ok.
>@< Reinicie,normalmente,o computador!
>@< Faça e poste um novo Log,do HijackThis,na sua resposta.

Abraços!
  • 0

#3 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 14 dezembro 2007 - 21:52

Opa DigRam, está aí, ja passei as instruções que você me mandou... esse é o novo log que você pediu...


OBS: Depois posso colocar mais outros dois log´s do HijackThis de outras maquinas?


Logfile of HijackThis v1.99.1
Scan saved at 22:58:57, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AntiVir\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\bfsa.exe
C:\Arquivos de programas\AntiVir\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\Arquivos de programas\AntiVir\sched.exe
C:\WINDOWS\system32\snss.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min
O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P66 "Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3" /O22 "\\START-GAME3\AutoEPSO" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAME4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STARTGAME4" /O21 "\\STARTGAME4\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\Startgame4\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Startgame4\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#4 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 14 dezembro 2007 - 23:57

Bom Dia Decinho Game!

>@< Vá em Iniciar >> Executar >> Digite: cmd >> Clique em Ok.
>@< Na janela do prompt do Dos,que abrir,digite:

SC STOP "snss" >> Aperte Enter.
SC DELETE "snss" >> Aperte Enter.
exit >> Aperte Enter.


>@< Reinicie o computador em Modo de Segurança.
>@< Cole,todo o conteúdo que está abaixo da palavra quote,para o Bloco de Notas.

@echo off
DEL /Q /S C:\WINDOWS\system32\snss.exe
@pause

>@< Salve-o,no Desktop,como "Del.bat"
>@< É importante que o nome fique,entre aspas.
>@< Dê um duplo clique em "Del.bat",para executá-lo.
>@< Ps:Execute-o apenas uma vez!
>@< Reinicie em Modo Normal!
________________________

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

Abraços!
  • 0

#5 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 16 dezembro 2007 - 17:37

Fiz exatamente o que você me pediu:

OBS: Executei o arquivo em modo de segurança..

@echo off
DEL /Q /S C:\WINDOWS\system32\snss.exe
@pause

>@< Salve-o,no Desktop,como "Del.bat"
>@< É importante que o nome fique,entre aspas.
>@< Dê um duplo clique em "Del.bat",para executá-lo.



Apareceu essa imagem oha só:

Imagem postada




Logfile of HijackThis v1.99.1
Scan saved at 18:37:28, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AntiVir\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\bfsa.exe
C:\Arquivos de programas\AntiVir\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AntiVir\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min
O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P66 "Auto Auto EPSON Stylus CX4100 Series em START-GAME1 em START-GAME3" /O22 "\\START-GAME3\AutoEPSO" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAME4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STARTGAME4" /O21 "\\STARTGAME4\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\Startgame4\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Startgame4\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#6 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 22 dezembro 2007 - 14:08

Boa Tarde Decinho Game!

>@< O arquivo malware e seu serviço,não encontram-se mais no computador!
_____________________

>@< Para a limpeza de cookies e temporários,baixe e utilize o CCleaner 2.03.532.
_____________________

>@< O Log está Limpo!

Abraços!
  • 0

#7 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 23 dezembro 2007 - 17:13

Ja passei o CCleaner, valeu pela ajuda..


você pode analisar esse log da Maquina 3 ..


Logfile of HijackThis v1.99.1
Scan saved at 18:13:01, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\bfsa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\ARQUIV~1\MICROS~3\wcescomm.exe
C:\ARQUIV~1\MICROS~3\rapimgr.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em START-GAME1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P46 "Auto EPSON Stylus CX4100 Series em START-GAME1" /O22 "\\START-GAME1\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAME4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STARTGAME4" /O21 "\\STARTGAME4\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\Startgame4\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Startgame4\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAMES-1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P47 "Auto EPSON Stylus CX4100 Series em STARTGAMES-1" /O25 "\\STARTGAMES-1\Impressora" /M "Stylus CX4100"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~3\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://www.imusica.com.br/Download.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE0410B-EEE1-466C-A374-D4430C31474D}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Arquivos de programas\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#8 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 23 dezembro 2007 - 22:26

Boa Noite Decinho Game!

Máquina 3

>@< Faça um escaneamento OnLine,pelo Panda.
>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.
>@< Digite o seu E-Mail.
>@< Marque o botão:Não desejo receber informações...
>@< Clique em: Pesquise agora,sem custos.Aguarde!
>@< Permita a instalação do Active X.
>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!
>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.
>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!
>@< Terminando e,em: Selecione um dispositivo para analisar...
>@< Escolha: O Meu Computador.
>@< Aguarde!Pois vai demorar um pouco para concluir o scan.
>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

Abraços!
  • 0

#9 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 27 dezembro 2007 - 16:11

Deu um pau na net ele parou depois continuou denovo, não sei se gerou todo... mais ta aí:


Incidência Estado Localização

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[2].txt
Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Decinho\Cookies\decinho@uol.com[1].txt


Máquina 3



Logfile of HijackThis v1.99.1
Scan saved at 17:09:58, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\bfsa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\ARQUIV~1\MICROS~3\wcescomm.exe
C:\ARQUIV~1\MICROS~3\rapimgr.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em START-GAME1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P46 "Auto EPSON Stylus CX4100 Series em START-GAME1" /O22 "\\START-GAME1\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAME4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STARTGAME4" /O21 "\\STARTGAME4\EPSONSty" /M "Stylus CX4100"
O4 - HKLM\..\Run: [\\Startgame4\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Startgame4\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STARTGAMES-1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P47 "Auto EPSON Stylus CX4100 Series em STARTGAMES-1" /O25 "\\STARTGAMES-1\Impressora" /M "Stylus CX4100"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ARQUIV~1\MICROS~3\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://www.imusica.com.br/Download.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE0410B-EEE1-466C-A374-D4430C31474D}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Arquivos de programas\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#10 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 29 dezembro 2007 - 15:20

Boa Tarde Decinho Game!

>@< O relatório do Panda,não acusou malware.
>@< Algum problema,com a Máquina 3 ?
____________________

>@< Log Limpo!

Abraços!
  • 0

#11 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 31 dezembro 2007 - 16:22

Nenhum problema com a maquina 3.... valeu...



Agora veja a Maquina 04 por favor...


Pc de Fabinho



Logfile of HijackThis v1.99.1
Scan saved at 18:05:42, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\GdkServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SysGdk.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\HijackThis.exe

F3 - REG:win.ini: run=C:\WINDOWS\GdkServ.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GdkServ] C:\WINDOWS\system32\GdkServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#12 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 31 dezembro 2007 - 19:34

Boa Noite Decinho Game!

Máquina 04

>@< Faça o download do BankerFix.
>@< Baixe-o para o Desktop!
>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.
>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.
>@< Dê um duplo clique no Bankerfix.exe,depois Enter.
>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.
______________________

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt
>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

Abraços!
  • 0

#13 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 12 janeiro 2008 - 15:33

Maquina 04

BankerFix 2.5b - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
Data: 12/1/2008 - 16:30
-------------------------------------------------------
Lista de Definição: 2008-01-08-2
=======================================================


Killando arquivos em Help
-----------------------------------

Killing '*'

Removendo Arquivos em Help
-----------------------------------



----- Fim -------------------------




Logfile of HijackThis v1.99.1
Scan saved at 16:33:00, on 12/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\GdkServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SysGdk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

F3 - REG:win.ini: run=C:\WINDOWS\GdkServ.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GdkServ] C:\WINDOWS\system32\GdkServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1967BD2-028A-4E46-8364-56E94D19B3F7}: NameServer = 201.73.96.134,201.73.96.136
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#14 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 12 janeiro 2008 - 16:42

Boa Tarde Decinho Game!

>@< Faça o download do Avenger.
>@< Descompacte-o e crie uma pasta para o programa!
>@< Coloque esta pasta no Disco Local-C ou Desktop!
>@< Rode o programa e marque Input script manually.
>@< Clique no ícone da lupa!

Files to delete:
C:\WINDOWS\system32\GdkServ.exe
C:\WINDOWS\GdkServ.exe

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!
>@< Clique em Done.
>@< Clique no ícone do semáforo!
>@< Clique em Ok.
>@< O computador irá reiniciar!
________________________

>@< Aproveite este reboot,e entre em Modo de Segurança.
>@< Abra o HijackThis e clique em Do a system only.
>@< Marque as entradas,logo abaixo,e clique em Fix checked.

F3 - REG:win.ini: run=C:\WINDOWS\GdkServ.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [GdkServ] C:\WINDOWS\system32\GdkServ.exe

>@< Reinicie em Modo Normal.
________________________

>@< Poste na sua resposta: Avenger.txt + HJT,atualizado.

Abraços!
  • 0

#15 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 21 janeiro 2008 - 10:52

Valeu desculpe a demora...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ttvfbhvi

*******************

Script file located at: \??\C:\WINDOWS\system32\k^jdyerg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\GdkServ.exe deleted successfully.
File C:\WINDOWS\GdkServ.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




Logfile of HijackThis v1.99.1
Scan saved at 11:48:57, on 21/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\vsnpstd3.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Hamachi\hamachi.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1967BD2-028A-4E46-8364-56E94D19B3F7}: NameServer = 201.73.96.134,201.73.96.136
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Arquivos de programas\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#16 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 21 janeiro 2008 - 16:12

Boa Tarde Decinho Game!

>@< Nesta Máquina4,o log está Limpo.
_______________________

OBS: Tenho,por norma,a análise de apenas 4 Máquinas....por usuário.Caso possua outros computadores,para análise,sugiro que abra outro Tópico,relatando seus problemas.
_______________________

Sem Mais!
DigRam
  • 0

#17 Edvan

Edvan

    Equipe - Imasters

  • Moderadores
  • 3.748 posts

Postado 22 janeiro 2008 - 16:58

Bom trabalho vocês Moderadores estão fazendo estão de parabens... :clap: :clap:


Continue sempre assim... :thumbsup:
  • 0

#18 Decinho Game

Decinho Game
  • Membros
  • 84 posts

Postado 22 janeiro 2008 - 17:06

Realmente Edvan o DigRam e todos os moderadores estão de parabens pelo trabalho dispensado para conosco..


Problema resolvido pode fechar o topico...

Muito obrigado..
  • 0

#19 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.137 posts

Postado 22 janeiro 2008 - 18:35

PROBLEMA RESOLVIDO!

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.
  • 0




Publicidade

/ins>