Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Caros Amigos do Imasters, estou a recovervos em última estancia devido ao Spyware/Virtumonde e ao Vundo, já tentei utilizar uma série de técnicas discutidas neste forúm mas sem sucesso,
Anexo LOG do Panda Active Scan e do Hijack 2
Log do Panda Active Scan
;****************************************************************************************************************************************************************
*******************
ANALYSIS: 2008-07-02 04:15:01
PROTECTIONS: 0
MALWARE: 10
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\pedro\Cookies\pedro@doubleclick[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\pedro\Cookies\pedro@findwhat[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\pedro\Cookies\pedro@ad.yieldmanager[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Catarina\Application Data\Mozilla\Firefox\Profiles\ezniyhl7.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Catarina\Application Data\Mozilla\Firefox\Profiles\ezniyhl7.default\cookies.txt[.weborama.fr/]
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\pedro\Cookies\pedro@uol.com[1].txt
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039668.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP138\A0038370.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039674.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039678.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039673.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039672.dll
03117353 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039671.dll
03162636 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\JHYXYKQK.DLL
03162759 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039669.dll
03162759 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039675.dll
03162761 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP141\A0039670.dll
03162762 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{087DC17E-FF1E-41FB-8201-2D21C0A6CAC2}\RP138\A0039511.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\WINDOWS\SYSTEM32\ZARKXT.DLL
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
133387 MEDIUM MS06-065
;===============================================================================
=================================================================================
===================
Log do Hijack
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:38:59, on 02-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ACS.exe
C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\TOSHIBA\PadTouch\PadExe.exe
C:\Programas\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\TOSHIBA\Power Management\CePMTray.exe
C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
C:\Programas\EzButton\EzButton.EXE
C:\Programas\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programas\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programas\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programas\Apache Software Foundation\Apache2.2\mysql\bin\mysqld.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programas\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT&source=iglk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: {d3294194-a539-a60a-b664-022c2f78fd01} - {10df87f2-c220-466b-a06a-935a4914923d} - C:\WINDOWS\system32\zarkxt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programas\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programas\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programas\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programas\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [smoothView] C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHEI~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [bM9f3b5939] Rundll32.exe "C:\WINDOWS\system32\jhyxykqk.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ApacheMonitor.lnk = C:\Programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkkLdbca - jkkLdbca.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programas\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programas\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Programas\Apache.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9761 bytes
Carregando comentários...
