Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido!]Computador não desliga de jeito nenhum

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Edvan    30

Edvan
Postado

Ola pessoal estou com um problema que vocês irão me ajudar, é o seguinte estou com um pc aqui que não quer desligar de jeito nenhum, clico em iniciar, desligar computador e depois em desativar, bom a luz vermelha do CPU fica piscando parece ate que vai desligar mais não acontece nada.

 

o que pode ser?

 

Logfile of HijackThis v1.99.1

Scan saved at 14:29:43, on 2/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\bios.exe

C:\WINDOWS\system\sms.exe

C:\WINDOWS\system32\ntokrnl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\cybermgr\CMGuard.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\bios.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.80.0.1:808

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [\\Star-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Star-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - HKLM\..\Run: [bios] C:\WINDOWS\system32\bios.exe

O4 - HKLM\..\Run: [shell] C:\WINDOWS\system\sms.exe

O4 - HKLM\..\Run: [ntokrnl] C:\WINDOWS\system32\ntokrnl.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - Global Startup: bios.exe

O4 - Global Startup: Cyber Manager CM-Guard.lnk = C:\cybermgr\CMGuard.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

Aguardo respostas :thumbsup: :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Edvan!

 

<!> Faça o download do BankerFix.

<!> Baixe-o para o Desktop!

<!> Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares!!

<!> Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<!> Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

<!> Poste,também,um nôvo Log do HijackThis ( Feito em Modo Normal ),na sua resposta.

 

Sem Mais!

DigRam

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Opa! DigRam

 

Antes de postar o relatorio.txt do BankerFix.

 

Ja no final do scam olha só o que apareceu nessa imagem:

 

http://img523.imageshack.us/my.php?image=bankerfixba0.jpg

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 4/6/2007 - 11:49

-------------------------------------------------------

Lista de Definição: 2007-06-03-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system\sms.exe

Arquivo infectado removido com sucesso!

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:00:32, on 4/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.80.0.1:808

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [\\Star-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Star-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - Global Startup: Cyber Manager CM-Guard.lnk = C:\cybermgr\CMGuard.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Edvan!

 

Ola pessoal estou com um problema que vocês irão me ajudar, é o seguinte estou com um pc aqui que não quer desligar de jeito nenhum, clico em iniciar, desligar computador e depois em desativar, bom a luz vermelha do CPU fica piscando parece ate que vai desligar mais não acontece nada.

>@< Esse problema ainda lhe ocorre?

>@< Já o erro de scripts,não impediu o BankerFix de remover os Trojans.

>@< O Log está Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Valeu meu caro DigRam o computador está tudo beleza!!

 

Pc ja desliga bem direitinho...

 

Que trojam foi esse que barrou o arquivo de desligamento do pc?

 

 

Cara não sei como o BankerFix rodou nesse pc, acredita que é a 1ª vez q o BankerFix da certo!!!!

 

 

Valeu mesmo!!! :thumbsup: :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Edvan!

 

Que trojam foi esse que barrou o arquivo de desligamento do pc?

>@< Maiores detalhes: < Win32/Deathat.A Trojan >.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Ola DigRam beleza?

 

Cara rodei o bankerfix num pc aqui na Prefeitura que trabalho olha só o resultado:

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 05/06/2007 - 16:29

-------------------------------------------------------

Lista de Definição: 2007-06-03-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\imglog.scr

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\klpp.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\orgut.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\pork.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\klpp.exe

Arquivo infectado removido com sucesso!

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

 

 

 

 

Olhe por favor se ainda tem alguma entrada anormal de virus...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:51:25, on 06/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\SoftMaster\Firebird\bin\fbguard.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\SYSTEM32\USRshutA.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\SoftMaster\Firebird\bin\fbserver.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.245:9877

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sql_server] "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\scm.exe" -Action 1 -Silent 1 -Service MSSQLServer

O4 - HKLM\..\Run: [sQl_agent] "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\scm.exe" -Action 5 -Silent 1 -Service SQLServerAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3FC4B34-3D90-4DB3-AD91-4AD81533B685}: NameServer = 192.168.1.245

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\SoftMaster\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\SoftMaster\Firebird\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InterBaseGuardian - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBaseServer - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Edvan!

 

>@< Tudo Ok com êsse PC,também!

>@< Os Bankers foram removidos,e o Log está Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Veja esse outro agora por favor!!!!

 

Olá Digman, cara você vai ter q ter paciência comigo, pois aqui na Pref.... tem um ninho de Malware, trojans, vírus tão grande, eu acho que quase todos os computadores estão infectados..

 

Quero aproveitar esse tópico para não abrir outro....

 

Vou postando para você, daí você vai olhando se algum pc precisar de procedimentos adicionais é só você mandar para mim... que eu tento tirar os maliciosos...

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 6/6/2007 - 13:44

-------------------------------------------------------

Lista de Definição: 2007-06-03-1

=======================================================

 

Arquivo infectado detectado: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\pork.exe

Arquivo infectado removido com sucesso!

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

.......................x...................................

 

Logfile of HijackThis v1.99.1

Scan saved at 15:49:40, on 6/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE

C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppdirector.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\hppapml0.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{8B4AD124-0C1B-4AA2-94E2-1852452BCDE0}\sidebar.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.245:9877

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [blaero Start Orb] C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"

O4 - HKCU\..\Run: [Longhorn SideBar] C:\WINDOWS\SideBar\SideBar.exe

O4 - Global Startup: HP LaserJet Director.lnk = C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppdirector.exe

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite Edvan!

 

Olá Digman, cara você vai ter q ter paciência comigo, pois aqui na Pref.... tem um ninho de Malware, trojans, vírus tão grande, eu acho que quase todos os computadores estão infectados..

Quero aproveitar esse tópico para não abrir outro....

>@< Não sei se terei permissão para isso!Creio que terás que abrir,para cada computador,um Tópico.

>@< Envie uma MP para o José Garcia e,se êle der sinal verde....

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

>@< Já nêste outro computador,passe o CCleaner.

>@< Elimine com o KillBox,este ficheiro: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{8B4AD124-0C1B-4AA2-94E2-1852452BCDE0}\sidebar.exe

>@< Na pergunta,sobre o reboot,confirme!

 

Sem Mais!

DigRam

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Olá cara muito obrigado pela atenção...

 

o CCleaner ja passei...

 

O KillBox ja rodei no pc e tirei a C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{8B4AD124-0C1B-4AA2-94E2-1852452BCDE0}\sidebar.exe

 

Falta só o log para você ver:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:06:54, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppdirector.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\hppapml0.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.245:9877

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [blaero Start Orb] C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"

O4 - Global Startup: HP LaserJet Director.lnk = C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppdirector.exe

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E9C9240-ACAF-4B44-B294-AFFA3AAC4041}: NameServer = 100.100.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Edvan!

 

>@< Esta é a máquina 3.

>@< O Log desta máquina,também,está Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Máquina 4.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:02:47, on 10/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jucheck.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CoolSMS\CoolSMS.exe

C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [RemProtDeamon] C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe -a

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CoolSMS] "C:\Arquivos de programas\CoolSMS\CoolSMS.exe" /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

 

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 10/6/2007 - 13:1

-------------------------------------------------------

Lista de Definição: 2007-06-07-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Edvan!

 

>@< O Log desta máquina,também,está Limpo!.

>@< Voçê está fazendo um bom trabalho,nos computadores da Prefeitura!Pois,a maioria,apresenta poucos problemas.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado 

>@< Voçê está fazendo um bom trabalho,nos computadores da Prefeitura!Pois,a maioria,apresenta poucos problemas.

 

vindo de você DigRam é um grande elogio, eu tento fazer minha parte aqui na Prefeitura e de muitas outras pessoas também, que quando navega na Net, sai clicando onde não deve, e dando trabalho para vocês.... ok vamos lá!!!

 

Máquina 5. izabel

 

Logfile of HijackThis v1.99.1

Scan saved at 19:51:25, on 11/06/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\hporclnr.exe

C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bol.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.245:9800

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [EPSON Stylus C67 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P33 "EPSON Stylus C67 Series (cópia 1)" /O6 "USB002" /M "Stylus C67"

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em LU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P34 "Auto EPSON Stylus C67 Series em LU" /O16 "\\LU\Impressora7" /M "Stylus C67"

O4 - HKLM\..\Run: [HP SchedIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

O4 - HKLM\..\Run: [HP AutoIndexer] C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Arquivos de programas\Hewlett-Packard\HP UT\"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

O4 - Global Startup: HP LaserJet Director.lnk = C:\Arquivos de programas\Hewlett-Packard\LaserJet 33xx\hppdirector.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{22E64E7A-FDF6-4D5F-89CD-D9D6091EDC4C}: NameServer = 192.168.10.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA85699B-92A6-4411-8AF1-1EF3F49FB8BA}: NameServer = 192.168.10.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 07/06/2007 - 14:1

-------------------------------------------------------

Lista de Definição: 2007-06-07-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

Máquina 6 servidor

 

Logfile of HijackThis v1.99.1

Scan saved at 21:05:17, on 11/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Gilat\StarControl\StarCtrl.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\CCProxy\CCProxy.exe

C:\Arquivos de programas\Gilat\QMS\QMS.exe

C:\Arquivos de programas\Gilat\GSU\GSU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Gilat\IBQoS\ibqossvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\GILAT\Internet Page Accelerator\RPAService.exe

C:\ARQUIV~1\GILAT\INTERN~1\AS_Agent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Flash Networks\NettGain2000\Bst\Srvany.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Flash Networks\NettGain2000\Bst\WgwMngr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Gilat\NetAgent.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Arquivos de programas\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe

O4 - HKLM\..\Run: [starControl] C:\Arquivos de programas\Gilat\StarControl\StarCtrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\RunServices: [NettGain2000] C:\Arquivos de programas\Flash Networks\NettGain2000\Bst\WgwMngr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ping - Terra.lnk = C:\Documents and Settings\Administrador\Desktop\terra.bat

O4 - Startup: Simple DNS Plus.lnk = C:\Arquivos de programas\Simple DNS Plus\sdnsplus.exe

O4 - Global Startup: Free SMTP Server (2).lnk = C:\Arquivos de programas\Free SMTP Server\localsrv.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CCProxy - Unknown owner - C:\CCProxy\CCProxy.exe" -service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Gilat Quality Measurement Service (Gilat QMS) - Gilat Satellite Networks Ltd. - C:\Arquivos de programas\Gilat\QMS\QMS.exe

O23 - Service: Gilat host software update service (GilatHSU) - Gilat Satellite Networks Ltd. - C:\Arquivos de programas\Gilat\GSU\GSU.exe

O23 - Service: Gilat Network Agent Service (GilatNetAgent) - Gilat Satellite Networks Ltd. - C:\Arquivos de programas\Gilat\NetAgent.exe

O23 - Service: Gilat IBQoS Agent (ibqossvc) - Gilat Satellite Networks Ltd. - C:\Arquivos de programas\Gilat\IBQoS\ibqossvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RPAService - Unknown owner - C:\Arquivos de programas\GILAT\Internet Page Accelerator\RPAService.exe

O23 - Service: WgwService - Unknown owner - C:\Arquivos de programas\Flash Networks\NettGain2000\Bst\Srvany.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 11/6/2007 - 21:5

-------------------------------------------------------

Lista de Definição: 2007-06-07-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

 

Máquina 7 marcos

 

Logfile of HijackThis v1.99.1

Scan saved at 21:10:59, on 11/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jucheck.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.1:9877

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A557E013-5F56-4BE5-B6D1-217674AF611F}: NameServer = 192.168.100.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 11/6/2007 - 21:11

-------------------------------------------------------

Lista de Definição: 2007-06-07-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

Eu acho que é só isso por enquanto!!! valeu meu amigo.... :thumbsup: :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Edvan!

 

Máquina 5:

 

>@< Apenas êste componente < hporclnr.exe >,que pertence à impressora.

 

C:\WINDOWS\hporclnr.exe << KillBox

 

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) << Fix

O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe << Fix

 

>@< Mas,se está tudo Ok com a impressora,fica à seu critério eliminar o ficheiro!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

>@< Já as máquinas 6 e 7,estão,pelo Log,Limpas!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

ola DigRam desculpe a demora pois eu estava viajando... e não tive como entrar na net...

 

A impressora não está ok não, dar problemas quando tempo instala-la no pc, desse ser essa entrada viu!!!!

 

bom eu posso excluir o C:\WINDOWS\hporclnr.exe usando o KillBox daí o pc vai reniciar não é?

 

depois eu abro o HijackThis e deleto essas entrdas

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) << Fix

O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe << Fix

 

 

é isso ou falta mais alguma coisa?

 

 

vou fazer isso depois posto para você ta bom.......?

 

 

veja outro log de outro pc...

 

maquina 8 é isso?

 

Logfile of HijackThis v1.99.1

Scan saved at 01:34:03, on 26/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7291C5C-9A4F-481D-BACF-031C725D936E}: NameServer = 200.223.0.84 200.222.0.35

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 26/6/2007 - 1:32

-------------------------------------------------------

Lista de Definição: 2007-06-25-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Edvan!

 

Máquina 8.

 

>@< Não apresenta entradas ruins!

>@< Portanto,Log Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Maquina 09 decinho

 

Logfile of HijackThis v1.99.1

Scan saved at Decinho 20:09:09, on 29/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\cybermgr\cmserver.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hand-Crafted Software\FreeProxy\FreeProxy.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [\\Start-game2\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game2\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Video Driver] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

O4 - HKLM\..\Run: [Windows LSSS Service] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NetMeter] C:\Arquivos de programas\HooTech\NetMeter\HooNetMeter.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Cyber Manager CM-Server.lnk = C:\cybermgr\cmserver.exe

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_30.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA92E749-0888-4446-B623-50F38BD3D4C5}: NameServer = 10.80.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Free Proxy Service (FreeProxy) - Unknown owner - C:\Arquivos de programas\Hand-Crafted Software\FreeProxy\FreeProxy.exe

 

 

Maquina 10 decinho

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:21:18, on 29/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\CCProxy\CCProxy.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.80.0.1:808;gopher=10.80.0.1:808;http=10.80.0.1:808;https=10.80.0.1:808;so

ks=10.80.0.1:1080

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [\\Decinho-ee16852\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P44 "\\Decinho-ee16852\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (de DECINHO-EE16852)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P47 "EPSON Stylus CX4100 Series (de DECINHO-EE16852)" /O5 "TS001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em DECINHO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P42 "Auto EPSON Stylus CX4100 Series em DECINHO" /O21 "\\DECINHO\Impressora2" /M "Stylus CX4100"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em START-GAME2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P46 "Auto EPSON Stylus CX4100 Series em START-GAME2" /O25 "\\START-GAME2\Impressora2" /M "Stylus CX4100"

O4 - HKLM\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em STAR-GAME1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P45 "Auto EPSON Stylus CX4100 Series em STAR-GAME1" /O21 "\\STAR-GAME1\EPSONSty" /M "Stylus CX4100"

O4 - HKLM\..\Run: [\\Star-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Star-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cyber Manager CM-Guard.lnk = C:\cybermgr\CMGuard.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BCEDEA5-CA90-40A8-A55E-9E13FDA14794}: NameServer = 10.1.0.80,10.1.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{91ED0FCC-B16F-470C-90C5-5DF0CCC7218B}: NameServer = 10.1.0.80,10.1.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{DD2AB07F-B626-4A24-8BC0-8F4E4C4D3DB8}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F581BE83-B2A8-4127-9246-91D002382990}: NameServer = 10.1.0.80,10.1.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

Maquina 11 decinho

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:23:01, on 29/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\NewSoft\Smart Start UP\PnPDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.80.0.1:808;gopher=10.80.0.1:808;http=10.80.0.1:808;https=10.80.0.1:808

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [\\Star-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P39 "\\Star-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [smart Start UP] C:\Arquivos de programas\NewSoft\Smart Start UP\PnPDetect.exe /Automation

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cmguard] "C:\cybermgr\CMGuard.exe"

O4 - Global Startup: Cyber Manager CM-Guard.lnk = C:\cybermgr\CMGuard.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{8978CECF-C019-49C2-9A7D-0E16F973A984}: NameServer = 192.168.0.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

 

Obrigado pela ajuda cara, tenha uma boa noite!!! :closedeyes:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Edvan!

 

Máquina 9.

 

<!> Faça o download do KillBox.

<!> Salve-o no Disco Local-C,em uma pasta própria! < C:\Killbox.exe >

<!> Abra o KillBox e marque Delete on reboot.

<!> Insira ou digite na caixa Full path of file to delete,a seguinte linha:

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

 

<!> Clique no botão X e,na pergunta sobre o reboot,confirme!

<!> O computador vai reiniciar!

<!> Abra o HijackThis e clique em Do a system scan only.

<!> Marque as entradas,listadas,logo abaixo!

 

O4 - HKLM\..\Run: [Video Driver] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

O4 - HKLM\..\Run: [Windows LSSS Service] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DAO\STAR-GAME1\svchost.exe

<!> E,com tôdas as janelas fechadas,finalize-as clicando em Fix checked!

<!> Faça e poste um novo Log,do HijackThis,na sua resposta.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Máquina 10.

 

< R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.80.0.1:808;gopher=10.80.0.1:808;http=10.80.0.1:808;https=10.80.0.1:808;so

ks=10.80.0.1:1080 >

>@< Este Proxy é da sua região?

 

Máquina 11.

 

>@< Pelo Log,Limpo!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito