Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

José Luiz Almeida

Meu anti virus acusou os seguintes virus!!!!

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

José Luiz Almeida    0

José Luiz Almeida
Postado

Boa tarde.

Meu anti virus acusou os seguintes virus:

 

trojan zonebac

My_love

Como faço para remover????

Alguma dica de como aprender a analisar o logo do HijackThis????

Manual, agina na net ou ?????

aGRADEÇO

 

Logfile of HijackThis v1.99.1

Scan saved at 12:53:03, on 13/4/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\Documents and Settings\Administrador\WINDOWS\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\termsrv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\llssrv.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\System32\lserver.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\wuauclt.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntupd.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\internat.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\Mixer.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\rdpclip.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\Arquivos de programas\Corel\Graphics10\Programs\coreldrw.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.curso-g9.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [Winlogon] C:\Windows

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [XPIcons] C:\Arquivos de programas\XPIcons.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - Startup: Registration-Pinnacle Systems DV500.lnk = C:\Arquivos de programas\Pinnacle\DV500\ERegister\RegTool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrador\windows\system32\rnr20.dll' missing

O12 - Plugin for .mid: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://servidor:4343/officescan/console/Cl...ll/WinNTChk.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - https://servidor:4343/officescan/console/Cl...ll/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - https://servidor:4343/officescan/console/Cl...stall/setup.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://servidor:4343/officescan/console/html/AtxEnc.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - https://servidor:4343/officescan/console/Cl.../RemoveCtrl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://servidor:4343/officescan/console/html/AtxPie.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://servidor:4343/SMB/console/html/root/AtxConsole.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O23 - Service: Alerta (Alerter) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Gerenciamento de aplicativo (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)

O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe

O23 - Service: Serviço de transferência inteligente de segundo plano (BITS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Localizador de computadores (Browser) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Área de armazenamento (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\clipsrv.exe (file missing)

O23 - Service: Sistema de arquivos distribuídos (Dfs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Dfssvc.exe (file missing)

O23 - Service: Cliente DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Gerenciador de discos lógicos (dmserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Cliente DNS (Dnscache) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Log de eventos (Eventlog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Serviço de fax (Fax) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\faxsvc.exe (file missing)

O23 - Service: Servidor (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Estação de trabalho (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço de registro de licenças (LicenseService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\llssrv.exe (file missing)

O23 - Service: Serviço auxiliar NetBIOS TCP/IP (LmHosts) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: DDE de rede (NetDDE) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: DSDM de DDE de rede (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: Logon de rede (Netlogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Conexões de rede (Netman) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Duplicação de arquivo (NtFrs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\ntfrs.exe (file missing)

O23 - Service: Fornecedor de suporte de segurança NT LM (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento removível (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Agente de diretiva IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento protegido (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto automático (RasAuto) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto (RasMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviço de registro remoto (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\regsvc.exe (file missing)

O23 - Service: Alocador Remote Procedure Call (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\locator.exe (file missing)

O23 - Service: Chama de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)

O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\rsvp.exe (file missing)

O23 - Service: Gerenciador de contas de segurança (SamSs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Ajuda do cartão inteligente (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Cartão inteligente (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Agendador de tarefas (Schedule) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\MSTask.exe (file missing)

O23 - Service: Serviço RunAs (seclogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Notificação de eventos de sistema (SENS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Compartilhamento de conexões à Internet (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços TCP/IP simples (SimpTcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\tcpsvcs.exe (file missing)

O23 - Service: Serviço SNMP (SNMP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmp.exe (file missing)

O23 - Service: Serviço de traps SNMP (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: Spooler de impressão (Spooler) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: Logs e alertas de desempenho (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\smlogsvc.exe (file missing)

O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços de terminal (TermService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\termsrv.exe (file missing)

O23 - Service: Licenciamento de serviços de terminal (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lserver.exe (file missing)

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\tlntsvr.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Servidor de rastreamento de link distribuído (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Cliente de rastreamento de link distribuído (TrkWks) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Sistema de alimentação ininterrupta (UPS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\ups.exe (file missing)

O23 - Service: Gerenciador de utilitários (UtilMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\UtilMan.exe (file missing)

O23 - Service: Horário do Windows (W32Time) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Testador de instrumentação de gerenciamento do Windows (WinMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)

O23 - Service: serviço de cadastramento na Internet do Windows (WINS) (WINS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\wins.exe (file missing)

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Extensões de driver de instrum. gerenc. do Windows (Wmi) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Services.exe (file missing)

O23 - Service: Atualizações automáticas (wuauserv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

José Luiz Almeida    0

José Luiz Almeida
Postado

Cara eu nao to conseguindo rodar o panda mas rodei o norton e deu isso ai:c:\Windows esta infectado com Trojan.Zonebacc:\bak\Windows\wint32.exe esta infectado com Infostealer.Bancos!genc:\aerquivos de programas\My_love.exe esta infectado com Infostealer.Bancosc:\arquivos de programas\QuickTime\qttask.exe esta infectado com Trojan.Zonebacc:\arquivos de programas\Java\jre 1.5.0_06\bin\jusched.exe esta infectado com Trojan.Zonebacc:\arquivos de programas\Ciberlink DVD Solution\Power DVD\PdvdServ.exe esta infectado com Trojan.Zonebac

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa José Luiz Almeida,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

José Luiz Almeida    0

José Luiz Almeida
Postado

OK Jgarcia!!!!!!!!!

Kara ta estranho, meu server da tranqüilo de repente o uso da CPU vai pras alturas e fica impossível de usar os terminais, e 30 crianças ficam "o tiu travo, o tiu travo" cara isso ta me deixando louco!!!

Valeu

O log do Banker fix foi esse:

 

 

BankerFix 2.2 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 19/4/2007 - 8:48

=======================================================

Arquivo infectado detectado: C:\start.bat

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\Administrador\WINDOWS\svchost.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Arquivos de programas\My_Love.exe

Arquivo infectado removido com sucesso!

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

Rodei o HijackThis e o resultado foi esse:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:58:32, on 19/4/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\Documents and Settings\Administrador\WINDOWS\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\termsrv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\llssrv.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\System32\lserver.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\rdpclip.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntupd.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINNT\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.curso-g9.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINNT\Downloaded Program Files\gbiehCef.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [XPIcons] C:\Arquivos de programas\XPIcons.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - Startup: Registration-Pinnacle Systems DV500.lnk = C:\Arquivos de programas\Pinnacle\DV500\ERegister\RegTool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrador\windows\system32\rnr20.dll' missing

O12 - Plugin for .mid: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://servidor:4343/officescan/console/Cl...ll/WinNTChk.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://servidor:4343/officescan/console/Cl...stall/setup.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://servidor:4343/officescan/console/Cl.../RemoveCtrl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://servidor:4343/SMB/console/html/root/AtxEnc.cab

O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Security Server Management Console) - https://servidor:4343/SMB/console/html/root/AtxConsole.cab

O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://servidor:4343/officescan/console/html/AtxPie.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O23 - Service: Alerta (Alerter) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Gerenciamento de aplicativo (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)

O23 - Service: Serviço de transferência inteligente de segundo plano (BITS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Localizador de computadores (Browser) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Área de armazenamento (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\clipsrv.exe (file missing)

O23 - Service: Sistema de arquivos distribuídos (Dfs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Dfssvc.exe (file missing)

O23 - Service: Cliente DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Gerenciador de discos lógicos (dmserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Cliente DNS (Dnscache) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Log de eventos (Eventlog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Serviço de fax (Fax) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\faxsvc.exe (file missing)

O23 - Service: Servidor (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Estação de trabalho (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço de registro de licenças (LicenseService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\llssrv.exe (file missing)

O23 - Service: Serviço auxiliar NetBIOS TCP/IP (LmHosts) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: DDE de rede (NetDDE) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: DSDM de DDE de rede (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: Logon de rede (Netlogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Conexões de rede (Netman) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Duplicação de arquivo (NtFrs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\ntfrs.exe (file missing)

O23 - Service: Fornecedor de suporte de segurança NT LM (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento removível (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Agente de diretiva IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento protegido (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto automático (RasAuto) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto (RasMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviço de registro remoto (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\regsvc.exe (file missing)

O23 - Service: Alocador Remote Procedure Call (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\locator.exe (file missing)

O23 - Service: Chama de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)

O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\rsvp.exe (file missing)

O23 - Service: Gerenciador de contas de segurança (SamSs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Ajuda do cartão inteligente (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Cartão inteligente (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Agendador de tarefas (Schedule) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\MSTask.exe (file missing)

O23 - Service: Serviço RunAs (seclogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Notificação de eventos de sistema (SENS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Compartilhamento de conexões à Internet (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços TCP/IP simples (SimpTcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\tcpsvcs.exe (file missing)

O23 - Service: Serviço SNMP (SNMP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmp.exe (file missing)

O23 - Service: Serviço de traps SNMP (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: Spooler de impressão (Spooler) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: Logs e alertas de desempenho (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\smlogsvc.exe (file missing)

O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços de terminal (TermService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\termsrv.exe (file missing)

O23 - Service: Licenciamento de serviços de terminal (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lserver.exe (file missing)

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\tlntsvr.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Servidor de rastreamento de link distribuído (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Cliente de rastreamento de link distribuído (TrkWks) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Sistema de alimentação ininterrupta (UPS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\ups.exe (file missing)

O23 - Service: Gerenciador de utilitários (UtilMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\UtilMan.exe (file missing)

O23 - Service: Horário do Windows (W32Time) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Testador de instrumentação de gerenciamento do Windows (WinMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)

O23 - Service: serviço de cadastramento na Internet do Windows (WINS) (WINS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\wins.exe (file missing)

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Extensões de driver de instrum. gerenc. do Windows (Wmi) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Services.exe (file missing)

O23 - Service: Atualizações automáticas (wuauserv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa José Luiz Almeida,

 

Atualize o banco de dados de seu anti-vírus.

 

Reinicie em Modo Seguro.

 

Execute uma verificação completa com o seu anti-vírus.

 

Retorne com o resultado e um novo log do HijackThis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

José Luiz Almeida    0

José Luiz Almeida
Postado

Meu anti virus da Trend deu isso ai:

 

c:\ arquivos de programas\java\jre1.5.0 06\bin\jusched.exe Troj agent.lyp

c:\ arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe Troj agent.lyp

c:\ bak\Windows\wint32.exe Troj Generic

c:\ windows Troj agent.lyp

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:40:44, on 20/4/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\Documents and Settings\Administrador\WINDOWS\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\termsrv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\llssrv.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\System32\lserver.exe

C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\TEMP\OIA6D3.EXE

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\Mixer.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Pop3Trap.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINNT\system32\notepad.exe

C:\WINNT\system32\taskmgr.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINNT\Downloaded Program Files\gbiehCef.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [XPIcons] C:\Arquivos de programas\XPIcons.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - Startup: Registration-Pinnacle Systems DV500.lnk = C:\Arquivos de programas\Pinnacle\DV500\ERegister\RegTool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrador\WINDOWS\system32\shdocvw.dll (file missing)

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrador\windows\system32\rnr20.dll' missing

O12 - Plugin for .mid: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://servidor:4343/officescan/console/Cl...ll/WinNTChk.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://servidor:4343/officescan/console/Cl...stall/setup.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://servidor:4343/officescan/console/Cl.../RemoveCtrl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://servidor:4343/SMB/console/html/root/AtxEnc.cab

O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Security Server Management Console) - https://servidor:4343/SMB/console/html/root/AtxConsole.cab

O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://servidor:4343/officescan/console/html/AtxPie.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{561E14EC-5B57-4473-B44F-ADB017151FFB}: NameServer = 200.251.161.20,200.251.161.2

O23 - Service: Alerta (Alerter) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Gerenciamento de aplicativo (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)

O23 - Service: Serviço de transferência inteligente de segundo plano (BITS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Localizador de computadores (Browser) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Área de armazenamento (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\clipsrv.exe (file missing)

O23 - Service: Sistema de arquivos distribuídos (Dfs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Dfssvc.exe (file missing)

O23 - Service: Cliente DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Gerenciador de discos lógicos (dmserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Cliente DNS (Dnscache) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Log de eventos (Eventlog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Serviço de fax (Fax) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\faxsvc.exe (file missing)

O23 - Service: Servidor (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Estação de trabalho (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Serviço de registro de licenças (LicenseService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\llssrv.exe (file missing)

O23 - Service: Serviço auxiliar NetBIOS TCP/IP (LmHosts) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: DDE de rede (NetDDE) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: DSDM de DDE de rede (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\netdde.exe (file missing)

O23 - Service: Logon de rede (Netlogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Conexões de rede (Netman) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Duplicação de arquivo (NtFrs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\ntfrs.exe (file missing)

O23 - Service: Fornecedor de suporte de segurança NT LM (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento removível (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Agente de diretiva IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Armazenamento protegido (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto automático (RasAuto) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Gerenciador de conexão de acesso remoto (RasMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviço de registro remoto (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\regsvc.exe (file missing)

O23 - Service: Alocador Remote Procedure Call (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\locator.exe (file missing)

O23 - Service: Chama de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)

O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\rsvp.exe (file missing)

O23 - Service: Gerenciador de contas de segurança (SamSs) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Ajuda do cartão inteligente (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Cartão inteligente (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\SCardSvr.exe (file missing)

O23 - Service: Agendador de tarefas (Schedule) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\MSTask.exe (file missing)

O23 - Service: Serviço RunAs (seclogon) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Notificação de eventos de sistema (SENS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Compartilhamento de conexões à Internet (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços TCP/IP simples (SimpTcp) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\tcpsvcs.exe (file missing)

O23 - Service: Serviço SNMP (SNMP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmp.exe (file missing)

O23 - Service: Serviço de traps SNMP (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: Spooler de impressão (Spooler) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: Logs e alertas de desempenho (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\smlogsvc.exe (file missing)

O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Serviços de terminal (TermService) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\termsrv.exe (file missing)

O23 - Service: Licenciamento de serviços de terminal (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\lserver.exe (file missing)

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\tlntsvr.exe (file missing)

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Servidor de rastreamento de link distribuído (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Cliente de rastreamento de link distribuído (TrkWks) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\services.exe (file missing)

O23 - Service: Sistema de alimentação ininterrupta (UPS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\ups.exe (file missing)

O23 - Service: Gerenciador de utilitários (UtilMan) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\UtilMan.exe (file missing)

O23 - Service: Horário do Windows (W32Time) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\services.exe (file missing)

O23 - Service: Testador de instrumentação de gerenciamento do Windows (WinMgmt) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)

O23 - Service: serviço de cadastramento na Internet do Windows (WINS) (WINS) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\wins.exe (file missing)

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Extensões de driver de instrum. gerenc. do Windows (Wmi) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\Services.exe (file missing)

O23 - Service: Atualizações automáticas (wuauserv) - Unknown owner - C:\Documents and Settings\Administrador\WINDOWS\system32\svchost.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa José Luiz Almeida,

 

Há uma enormidade de serviços (linha O23) rodando na máquina, mas acredito que os mesmos tenham sido configurados pelo Administrador da rede. Você confirma o meu entendimento?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Shine    0

Shine
Postado

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito