Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido!]Acusando trojam direto..

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

jgarcia    1

jgarcia
Postado
Valeu jgarcia pela ajuda...

 

seria bom eu abrir outro poste ou poderia postar nesse mesmo ja aberto?

 

 

porque tenho mais log´s para postar!!

Pode continuar postando aqui. :thumbsup:

 

O log do Decinho está limpo.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

OBS: os procedimentos que faltavam da maquina de Armando lembra? eu ja fiz assim como você mandou e postei com o nome dele, fiz um cadastramento para ele no IMASTERS com o nome dele, daí se ainda estiver vestigios de virus você manda os procedimentos para ele, se por acaso ele não conseguir eu dou uma ajuda para ele... fiz o cadastro com o nome "Armando Leitão" rsrsrs..acredita? esse é nome dele....!!

 

 

Veja esse log por favor é de um pc da Prefeitura...

 

 

 

Maquina de seu Marcos

 

Logfile of HijackThis v1.99.1

Scan saved at 21:51:33, on 10/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\CCProxy\CCProxy.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX5900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIL.EXE /FU "C:\WINDOWS\TEMP\E_SAF.tmp" /EF "HKLM"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA00FA1-0D58-4F7E-9D12-3296AA8EC303}: NameServer = 192.168.1.1

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CCProxy - Unknown owner - C:\CCProxy\CCProxy.exe" -service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Maquina de Jairo (PREFEITURA)

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:57:36, on 12/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\Explorer.EXE

C:\SoftMaster\Firebird\bin\fbguard.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SYSTEM32\USRshutA.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\SoftMaster\Firebird\bin\fbserver.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sql_server] "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\scm.exe" -Action 1 -Silent 1 -Service MSSQLServer

O4 - HKLM\..\Run: [sQl_agent] "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\scm.exe" -Action 5 -Silent 1 -Service SQLServerAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3FC4B34-3D90-4DB3-AD91-4AD81533B685}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\SoftMaster\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\SoftMaster\Firebird\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InterBaseGuardian - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBaseServer - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Ao instalar um programa para gerenciar os computadores de uma lan-house, no final da instalação o Kaspersky Anti-Virus pegou um cavalo de troia, mais o arquivo que o anti pegou era responsavel para abrir a tela do programa da lan-house...então permiti que o arquivo fica-se e não excluir... então por via das duvidas vou postar esses três log´s para você dar uma olhada pra ver se tem algum vestigio de virus... beleza!!!!!!!!??

 

 

LAN Nº 1

 

Logfile of HijackThis v1.99.1

Scan saved at 18:23:36, on 21/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\CCProxy\CCProxy.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em START-GAME3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P46 "Auto EPSON Stylus CX4100 Series em START-GAME3" /O22 "\\START-GAME3\EPSONSty" /M "Stylus CX4100"

O4 - HKLM\..\Run: [\\Start-game3\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game3\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: CCProxy - Unknown owner - C:\CCProxy\CCProxy.exe" -service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

 

 

 

 

LAN Nº 2

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:40:17, on 21/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em START-GAME1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P46 "Auto EPSON Stylus CX4100 Series em START-GAME1" /O22 "\\START-GAME1\EPSONSty" /M "Stylus CX4100"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Decinho\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9C377DD8-8CE6-484C-975D-F4D03493EBBE} (DownloadManager Control) - http://www.imusica.com.br/Download.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE0410B-EEE1-466C-A374-D4430C31474D}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

 

 

 

LAN Nº 3

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:24:39, on 21/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis_v1.99.1.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\Epson\Ink Monitor\Inkmonitor.exe

O4 - HKLM\..\Run: [\\Start-game1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\Start-game1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F9BC61B-E1AC-47BA-A3A7-7AA2C5DC652C}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

 

 

 

Dona Helena

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:33:46, on 22/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\AntiVir\sched.exe

C:\Arquivos de programas\AntiVir\avguard.exe

C:\Arquivos de programas\AntiVir\avgnt.exe

C:\Arquivos de programas\AntiVir\update.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

PC de Sena.....

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:54:14, on 29/09/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINNT\System32\CTSvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\essspk.exe

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINNT\WebCam\M1000\M1000Mnt.exe

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibserver.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe

C:\WINNT\System32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbserver.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.02.3000.1001\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [Windows Update Firewall System] spack2.exe

O4 - HKLM\..\Run: [interBaseGuardian] C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe -a

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Firebird 1.5] C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe -a

O4 - HKLM\..\Run: [RemProtDeamon] C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe -a

O4 - HKLM\..\RunServices: [Windows Update Firewall System] spack2.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O20 - AppInit_DLLs:

O20 - Winlogon Notify: klogon - C:\WINNT\System32\klogon.dll

O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINNT\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InterbaseServer - Inprise Corporation - C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

 

 

 

 

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 29/09/2007 - 12:27

-------------------------------------------------------

Lista de Definição: 2007-09-22-1

=======================================================

 

Arquivo infectado detectado: C:\WINNT\svchost.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Edvan,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Continuidade do pc de Sena...

 

OBS: Cara rodei para passar o COMBOFIX nesse pc, fiz umas 8 tentativas nunca dava certo... com maior luta consegui, agora não sei se o relatorio veio corrompido... porque teve uma parte que ele não conseguiu acessar um arquivo não.. daí travou tive que reniciar.. mais quando ligou o pc ele apresentou o relatorio..

 

 

 

ComboFix 07-10-04.6 - Antonio 2007-10-05 21:31:06.3 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1046.18.63 [GMT -3:00]

Executando de: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\Arquivos comuns\{18FEA~1

C:\Arquivos de programas\Arquivos comuns\{38FEA~1

C:\Arquivos de programas\Arquivos comuns\{38FEA~1\Bar888.dll.lzma

C:\Arquivos de programas\Arquivos comuns\{38FEA~1\UnInstall.exe

C:\Arquivos de programas\Arquivos comuns\winctl.dll

C:\Arquivos de programas\Arquivos comuns\Yazzle1658OinUninstaller.exe

C:\Arquivos de programas\curity~1

C:\Arquivos de programas\curity~1\??curity\

C:\paging.sys

C:\WINNT\system32\{21D9DF55-B5F1-4D94-BB13-EF2E539060C2}.exe

C:\WINNT\system32\{ABEB4594-AAE1-46BA-90E4-1AFFC853C368}.exe

C:\WINNT\system32\8_exception.nls

C:\WINNT\system32\unsvchosts.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CLIENT_IP-IPX

-------\LEGACY_RUNTIME

-------\Client IP-IPX

-------\nm

-------\runtime

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-06 to 2007-10-06 ))))))))))))))))))))))))))))))))

.

 

2007-10-05 21:10 <DIR> d-------- C:\senapc1

2007-10-04 15:32 51,200 --a------ C:\WINNT\NirCmd.exe

2007-09-24 12:10 274,489 --a------ C:\WINNT\system32\ntwdblib.dll

2007-09-24 12:10 <DIR> d-------- C:\Arquivos de programas\FireBird

2007-09-22 12:41 85,776 --a--c--- C:\WINNT\system32\dllcache\e100bnt5.sys

2007-09-22 12:41 85,776 --a------ C:\WINNT\system32\drivers\e100bnt5.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

07-10-05 22:31 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

07-10-05 22:10 182304 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat

07-10-05 21:34 6246944 --ahs---- C:\WINNT\system32\drivers\fidbox.dat

07-10-05 21:11 87512 --ahs---- C:\WINNT\system32\drivers\fidbox.idx

07-10-05 21:11 20084 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx

07-10-02 09:10 --------- d-------- C:\Documents and Settings\Antonio\Dados de aplicativos\AdobeUM

07-09-28 12:04 --------- d-------- C:\Arquivos de programas\MSN Messenger

07-09-27 21:55 --------- d-------- C:\Documents and Settings\Antonio\Dados de aplicativos\Help

07-09-27 11:58 326144 --a------ C:\WINNT\RemProtLib.dll

07-09-26 14:42 --------- d-------- C:\Arquivos de programas\CNPJ2007

07-09-24 10:22 --------- d-------- C:\Documents and Settings\Antonio\Dados de aplicativos\Image Zone Express

07-09-03 14:49 82061 --a------ C:\WINNT\system32\drivers\klick.dat

07-09-03 14:49 81549 --a------ C:\WINNT\system32\drivers\klin.dat

07-08-26 18:56 --------- d-------- C:\Arquivos de programas\Webteh

07-08-26 17:26 --------- d-------- C:\Documents and Settings\Antonio\Dados de aplicativos\Lavasoft

07-08-26 17:26 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

07-08-26 17:24 --------- d-------- C:\Arquivos de programas\Lavasoft

07-08-26 17:24 --------- d-------- C:\Arquivos de programas\CCleaner

07-08-26 16:17 --------- d-------- C:\Arquivos de programas\Kaspersky Lab

07-08-26 16:03 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Network Associates

07-08-26 16:03 --------- d-------- C:\Arquivos de programas\Network Associates

07-08-26 16:03 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Network Associates

07-08-14 15:11 --------- d-------- C:\Arquivos de programas\CertCli

07-08-14 15:05 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

07-08-14 15:05 --------- d-------- C:\Arquivos de programas\EPSON

07-08-14 08:26 --------- d-------- C:\Arquivos de programas\Programas RFB

02-11-27 19:29 271 ---h----- C:\Arquivos de programas\desktop.ini

02-11-27 19:29 22040 ---h----- C:\Arquivos de programas\folder.htt

00-08-10 21:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys

--------- C:\Arquivos de programas\Fortes Informática

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 147,514 2003-10-07 11:48:56 C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\bak\TBMon.exe

 

----a-w 20,480 1999-11-18 08:01:00 C:\Arquivos de programas\Creative\Audio2K\Program\bak\CTMIX32.EXE

 

----a-w 39,936 2000-03-23 04:00:00 C:\Arquivos de programas\Creative\News\bak\NewsUpd.EXE

 

----a-w 189,952 1999-08-30 03:55:00 C:\Arquivos de programas\Creative\ShareDLL\bak\CtNotify.exe

 

----a-w 57,344 2002-04-15 08:12:56 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe

 

----a-w 45,056 2001-12-06 12:09:08 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe

 

----a-w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\bak\InkMonitor.exe

------w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

----a-w 36,975 2004-12-07 00:31:50 C:\Arquivos de programas\Java\jre1.5.0_01\bin\bak\jusched.exe

 

----a-w 86,016 2004-07-23 00:53:42 C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-pt\bak\msnappau.exe

 

----a-w 139,320 2004-08-06 05:50:00 C:\Arquivos de programas\Network Associates\Common Framework\bak\UpdaterUI.exe

 

----a-w 93,184 2007-02-28 13:18:20 C:\WINNT\system32\bak\mjygv.exe

 

----a-w 155,648 2002-09-11 20:01:08 C:\WINNT\system32\bak\NeroCheck.exe

 

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\bak\E_S10IC2.EXE

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

 

----a-w 188,416 2002-06-17 13:51:50 C:\WINNT\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [00-08-10 21:00 C:\WINNT\system32\mobsync.exe]

"EssSpkPhone"="essspk.exe" [01-10-19 07:49 C:\WINNT\essspk.exe]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [02-08-04 21:37 ]

"M1000Mnt"="M1000Rmv.exe" []

"EPSON Stylus CX3200"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [02-07-01 00:05 ]

"Windows Update Firewall System"="spack2.exe" []

"InterBaseGuardian"="C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe" [02-01-30 20:20 ]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [06-02-19 02:41 ]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [07-03-09 20:50 ]

"Firebird 1.5"="C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe" [07-09-24 12:10 ]

"RemProtDeamon"="C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [00-08-10 21:00 C:\WINNT\system32\internat.exe]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [07-09-04 23:40 ]

"iBest.baloon"="C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Windows Update Firewall System"=spack2.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"internat.exe"=internat.exe

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

Microsoft Office.lnk - D:\programas\Microsoft Office\Office\OSA9.EXE [2000-01-20 22:15:56]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2002-12-06 15:44:34]

Wireless Configuration Utility HW.51.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 09:41:28]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

Microsoft Office.lnk - D:\programas\Microsoft Office\Office\OSA9.EXE [2000-01-20 22:15:56]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2002-12-06 15:44:34]

Wireless Configuration Utility HW.51.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 09:41:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]

nwprovau.dll 02-07-19 07:34 140560 C:\WINNT\system32\NWPROVAU.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 nwprovau

 

R2 AcrylicController;Acrylic DNS Proxy Service;C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

R3 IP100;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINNT\System32\DRIVERS\ipfnd5.sys

R3 M1000Srv;Trek 320R Driver;C:\WINNT\System32\Drivers\M1000KNT.sys

R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\System32\DRIVERS\usbprint.sys

R3 W8335PCI;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINNT\System32\DRIVERS\Mrv8000c.sys

S3 InterbaseServer;InterbaseServer;C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe -s -g

S3 mga64;mga64;C:\WINNT\System32\DRIVERS\mga64m.sys

S3 N100;Compaq Ethernet ou Fast Ethernet NIC NT Driver;C:\WINNT\System32\DRIVERS\n100nt5.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-08-31 03:00:00 C:\WINNT\Tasks\At1.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 12:13:04 C:\WINNT\Tasks\At10.job"

"2007-10-05 13:00:00 C:\WINNT\Tasks\At11.job"

"2007-10-05 14:00:00 C:\WINNT\Tasks\At12.job"

"2007-10-05 15:00:00 C:\WINNT\Tasks\At13.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 16:00:46 C:\WINNT\Tasks\At14.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 17:00:00 C:\WINNT\Tasks\At15.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 18:00:00 C:\WINNT\Tasks\At16.job"

"2007-10-05 19:00:00 C:\WINNT\Tasks\At17.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 20:00:00 C:\WINNT\Tasks\At18.job"

"2007-10-04 21:00:00 C:\WINNT\Tasks\At19.job"

"2007-08-31 04:00:00 C:\WINNT\Tasks\At2.job"

- C:\WINNT\System32\winmds.exe

"2007-10-04 22:00:00 C:\WINNT\Tasks\At20.job"

- C:\WINNT\System32\winmds.exe

"2007-09-20 23:00:00 C:\WINNT\Tasks\At21.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 00:00:25 C:\WINNT\Tasks\At22.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 01:01:12 C:\WINNT\Tasks\At23.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 02:00:00 C:\WINNT\Tasks\At24.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 03:00:00 C:\WINNT\Tasks\At25.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 04:00:00 C:\WINNT\Tasks\At26.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 05:00:00 C:\WINNT\Tasks\At27.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 06:00:00 C:\WINNT\Tasks\At28.job"

"2007-08-31 07:00:00 C:\WINNT\Tasks\At29.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 05:00:00 C:\WINNT\Tasks\At3.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 08:00:00 C:\WINNT\Tasks\At30.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 09:00:00 C:\WINNT\Tasks\At31.job"

- C:\WINNT\System32\winmds.exe

"2007-09-24 10:00:00 C:\WINNT\Tasks\At32.job"

- C:\WINNT\System32\winmds.exe

"2007-10-01 11:00:00 C:\WINNT\Tasks\At33.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 12:25:18 C:\WINNT\Tasks\At34.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 13:00:00 C:\WINNT\Tasks\At35.job"

"2007-10-05 14:00:00 C:\WINNT\Tasks\At36.job"

"2007-10-05 15:00:00 C:\WINNT\Tasks\At37.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 16:00:53 C:\WINNT\Tasks\At38.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 17:00:00 C:\WINNT\Tasks\At39.job"

"2007-08-31 06:00:00 C:\WINNT\Tasks\At4.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 18:00:00 C:\WINNT\Tasks\At40.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 19:00:00 C:\WINNT\Tasks\At41.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 20:00:00 C:\WINNT\Tasks\At42.job"

"2007-10-04 21:00:00 C:\WINNT\Tasks\At43.job"

- C:\WINNT\System32\winmds.exe

"2007-10-04 22:00:00 C:\WINNT\Tasks\At44.job"

"2007-09-20 23:00:00 C:\WINNT\Tasks\At45.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 00:00:27 C:\WINNT\Tasks\At46.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 01:01:45 C:\WINNT\Tasks\At47.job"

- C:\WINNT\System32\winmds.exe

"2007-10-05 02:00:00 C:\WINNT\Tasks\At48.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 07:00:00 C:\WINNT\Tasks\At5.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 08:00:00 C:\WINNT\Tasks\At6.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 09:00:00 C:\WINNT\Tasks\At7.job"

- C:\WINNT\System32\winmds.exe

"2007-09-24 10:00:03 C:\WINNT\Tasks\At8.job"

- C:\WINNT\System32\winmds.exe

"2007-10-01 11:00:00 C:\WINNT\Tasks\At9.job"

- C:\WINNT\System32\winmds.exe

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-05 22:31:25

Windows 5.0.2195 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-05 22:34:04 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 07-10-05 22:33

.

--- E O F ---

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Edvan,

 

Vamos lá.

 

PC SENA

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINNT\Tasks\At1.job

C:\WINNT\Tasks\At2.job

C:\WINNT\Tasks\At3.job

C:\WINNT\Tasks\At4.job

C:\WINNT\Tasks\At5.job

C:\WINNT\Tasks\At6.job

C:\WINNT\Tasks\At7.job

C:\WINNT\Tasks\At8.job

C:\WINNT\Tasks\At9.job

C:\WINNT\Tasks\At10.job

C:\WINNT\Tasks\At11.job

C:\WINNT\Tasks\At12.job

C:\WINNT\Tasks\At13.job

C:\WINNT\Tasks\At14.job

C:\WINNT\Tasks\At15.job

C:\WINNT\Tasks\At16.job

C:\WINNT\Tasks\At17.job

C:\WINNT\Tasks\At18.job

C:\WINNT\Tasks\At19.job

C:\WINNT\Tasks\At20.job

C:\WINNT\Tasks\At21.job

C:\WINNT\Tasks\At22.job

C:\WINNT\Tasks\At23.job

C:\WINNT\Tasks\At24.job

C:\WINNT\Tasks\At25.job

C:\WINNT\Tasks\At26.job

C:\WINNT\Tasks\At27.job

C:\WINNT\Tasks\At28.job

C:\WINNT\Tasks\At29.job

C:\WINNT\Tasks\At30.job

C:\WINNT\Tasks\At31.job

C:\WINNT\Tasks\At32.job

C:\WINNT\Tasks\At33.job

C:\WINNT\Tasks\At34.job

C:\WINNT\Tasks\At35.job

C:\WINNT\Tasks\At36.job

C:\WINNT\Tasks\At37.job

C:\WINNT\Tasks\At38.job

C:\WINNT\Tasks\At39.job

C:\WINNT\Tasks\At40.job

C:\WINNT\Tasks\At41.job

C:\WINNT\Tasks\At42.job

C:\WINNT\Tasks\At43.job

C:\WINNT\Tasks\At44.job

C:\WINNT\Tasks\At45.job

C:\WINNT\Tasks\At46.job

C:\WINNT\Tasks\At47.job

C:\WINNT\Tasks\At48.job

C:\WINNT\system32\bak\mjygv.exe

C:\WINNT\system32\bak\NeroCheck.exe

C:\WINNT\System32\winmds.exe

C:\Arquivos de programas\desktop.ini

C:\Arquivos de programas\folder.htt

C:\WINNT\RemProtLib.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Localize o caminho dos seguintes arquivos:

 

M1000Rmv.exe

spack2.exe

 

Retorne com o resultado, bem como novos logs do ComboFix e HijackThis.

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Segue as instruções que você me pediu....

 

 

ComboFix 07-10-17.8@ - Antonio 18/10/2007 11:45:19.4 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1046.18.81 [GMT -3:00]

Executando de: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))))

.

 

2007-10-18 11:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_350.dat

2007-10-05 21:10 <DIR> d-------- C:\senapc1

2007-10-04 15:32 51,200 --a------ C:\WINNT\NirCmd.exe

2007-09-24 12:10 <DIR> d-------- C:\Arquivos de programas\FireBird

2007-09-24 12:10 274,489 --a------ C:\WINNT\system32\ntwdblib.dll

2007-09-22 12:41 85,776 --a------ C:\WINNT\system32\drivers\e100bnt5.sys

2007-09-22 12:41 85,776 --a--c--- C:\WINNT\system32\dllcache\e100bnt5.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-18 14:46 6,990,624 --sha-w C:\WINNT\system32\drivers\fidbox.dat

2007-10-18 14:46 216,864 --sha-w C:\WINNT\system32\drivers\fidbox2.dat

2007-10-18 14:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Trek320R

2007-10-18 13:58 --------- d-----w C:\Documents and Settings\Antonio\Dados de aplicativos\AdobeUM

2007-10-18 11:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-10-17 21:16 96,944 --sha-w C:\WINNT\system32\drivers\fidbox.idx

2007-10-17 21:16 23,156 --sha-w C:\WINNT\system32\drivers\fidbox2.idx

2007-10-17 16:11 --------- d-----w C:\Arquivos de programas\CNPJ2007

2007-10-15 13:46 --------- d-----w C:\Documents and Settings\Antonio\Dados de aplicativos\Image Zone Express

2007-09-28 15:04 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-09-27 14:58 326,144 ------w C:\WINNT\RemProtLib.dll

2007-09-24 15:31 --------- d-----w C:\Arquivos de programas\Fortes Informática

2007-09-03 17:49 82,061 ----a-w C:\WINNT\system32\drivers\klick.dat

2007-09-03 17:49 81,549 ----a-w C:\WINNT\system32\drivers\klin.dat

2007-08-26 21:56 --------- d-----w C:\Arquivos de programas\Webteh

2007-08-26 20:26 --------- d-----w C:\Documents and Settings\Antonio\Dados de aplicativos\Lavasoft

2007-08-26 20:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-08-26 20:24 --------- d-----w C:\Arquivos de programas\Lavasoft

2007-08-26 20:24 --------- d-----w C:\Arquivos de programas\CCleaner

2007-08-26 19:17 --------- d-----w C:\Arquivos de programas\Kaspersky Lab

2007-08-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Network Associates

2007-08-26 19:03 --------- d-----w C:\Arquivos de programas\Network Associates

2007-08-26 19:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Network Associates

2006-07-18 18:39 784 ----a-w C:\Documents and Settings\Antonio\Dados de aplicativos\mpauth.dat

2002-11-27 22:29 271 ------w C:\Arquivos de programas\desktop.ini

2002-11-27 22:29 22,040 ------w C:\Arquivos de programas\folder.htt

2000-08-11 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 147,514 2003-10-07 11:48:56 C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\bak\TBMon.exe

 

----a-w 20,480 1999-11-18 08:01:00 C:\Arquivos de programas\Creative\Audio2K\Program\bak\CTMIX32.EXE

 

----a-w 39,936 2000-03-23 04:00:00 C:\Arquivos de programas\Creative\News\bak\NewsUpd.EXE

 

----a-w 189,952 1999-08-30 03:55:00 C:\Arquivos de programas\Creative\ShareDLL\bak\CtNotify.exe

 

----a-w 57,344 2002-04-15 08:12:56 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe

 

----a-w 45,056 2001-12-06 12:09:08 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe

 

----a-w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\bak\InkMonitor.exe

------w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

----a-w 36,975 2004-12-07 00:31:50 C:\Arquivos de programas\Java\jre1.5.0_01\bin\bak\jusched.exe

 

----a-w 86,016 2004-07-23 00:53:42 C:\Arquivos de programas\MSN Apps\Updater\01.02.0002.1001\pt-pt\bak\msnappau.exe

 

----a-w 139,320 2004-08-06 05:50:00 C:\Arquivos de programas\Network Associates\Common Framework\bak\UpdaterUI.exe

 

------w 93,184 2007-02-28 13:18:20 C:\WINNT\system32\bak\mjygv.exe

 

------w 155,648 2002-09-11 20:01:08 C:\WINNT\system32\bak\NeroCheck.exe

 

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\bak\E_S10IC2.EXE

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

 

----a-w 188,416 2002-06-17 13:51:50 C:\WINNT\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [10/08/00 21:00 C:\WINNT\system32\mobsync.exe]

"EssSpkPhone"="essspk.exe" [19/10/01 07:49 C:\WINNT\essspk.exe]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [04/08/02 21:37 ]

"M1000Mnt"="M1000Rmv.exe" []

"EPSON Stylus CX3200"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/02 00:05 ]

"Windows Update Firewall System"="spack2.exe" []

"InterBaseGuardian"="C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe" [30/01/02 20:20 ]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [19/02/06 02:41 ]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [09/03/07 20:50 ]

"Firebird 1.5"="C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe" [24/09/07 12:10 ]

"RemProtDeamon"="C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [10/08/00 21:00 C:\WINNT\system32\internat.exe]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [04/09/07 23:40 ]

"iBest.baloon"="C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Windows Update Firewall System"=spack2.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"internat.exe"=internat.exe

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

Microsoft Office.lnk - D:\programas\Microsoft Office\Office\OSA9.EXE [2000-01-20 22:15:56]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2002-12-06 15:44:34]

Wireless Configuration Utility HW.51.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 09:41:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]

nwprovau.dll 19/07/02 07:34 140560 C:\WINNT\system32\NWPROVAU.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 nwprovau

 

R2 AcrylicController;Acrylic DNS Proxy Service;C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

R3 IP100;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINNT\System32\DRIVERS\ipfnd5.sys

R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\System32\DRIVERS\usbprint.sys

R3 W8335PCI;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINNT\System32\DRIVERS\Mrv8000c.sys

S3 InterbaseServer;InterbaseServer;C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe -s -g

S3 M1000Srv;Trek 320R Driver;C:\WINNT\System32\Drivers\M1000KNT.sys

S3 mga64;mga64;C:\WINNT\System32\DRIVERS\mga64m.sys

S3 N100;Compaq Ethernet ou Fast Ethernet NIC NT Driver;C:\WINNT\System32\DRIVERS\n100nt5.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-08-31 03:00:00 C:\WINNT\Tasks\At1.job"

- C:\WINNT\System32\winmds.exe

"2007-10-18 12:00:00 C:\WINNT\Tasks\At10.job"

"2007-10-18 13:00:00 C:\WINNT\Tasks\At11.job"

"2007-10-18 14:00:00 C:\WINNT\Tasks\At12.job"

"2007-10-17 15:00:00 C:\WINNT\Tasks\At13.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 16:00:00 C:\WINNT\Tasks\At14.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 17:00:00 C:\WINNT\Tasks\At15.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 18:00:00 C:\WINNT\Tasks\At16.job"

"2007-10-16 19:00:00 C:\WINNT\Tasks\At17.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 20:00:00 C:\WINNT\Tasks\At18.job"

"2007-10-17 21:00:00 C:\WINNT\Tasks\At19.job"

"2007-08-31 04:00:00 C:\WINNT\Tasks\At2.job"

- C:\WINNT\System32\winmds.exe

"2007-10-09 22:00:00 C:\WINNT\Tasks\At20.job"

- C:\WINNT\System32\winmds.exe

"2007-10-09 23:00:00 C:\WINNT\Tasks\At21.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 00:00:00 C:\WINNT\Tasks\At22.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 01:01:12 C:\WINNT\Tasks\At23.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 02:00:00 C:\WINNT\Tasks\At24.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 03:00:00 C:\WINNT\Tasks\At25.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 04:00:00 C:\WINNT\Tasks\At26.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 05:00:00 C:\WINNT\Tasks\At27.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 06:00:00 C:\WINNT\Tasks\At28.job"

"2007-08-31 07:00:00 C:\WINNT\Tasks\At29.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 05:00:00 C:\WINNT\Tasks\At3.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 08:00:00 C:\WINNT\Tasks\At30.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 09:00:00 C:\WINNT\Tasks\At31.job"

- C:\WINNT\System32\winmds.exe

"2007-10-15 10:00:00 C:\WINNT\Tasks\At32.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 11:00:00 C:\WINNT\Tasks\At33.job"

- C:\WINNT\System32\winmds.exe

"2007-10-18 12:00:00 C:\WINNT\Tasks\At34.job"

- C:\WINNT\System32\winmds.exe

"2007-10-18 13:00:00 C:\WINNT\Tasks\At35.job"

"2007-10-18 14:00:00 C:\WINNT\Tasks\At36.job"

"2007-10-17 15:00:00 C:\WINNT\Tasks\At37.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 16:00:00 C:\WINNT\Tasks\At38.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 17:00:00 C:\WINNT\Tasks\At39.job"

"2007-08-31 06:00:00 C:\WINNT\Tasks\At4.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 18:00:00 C:\WINNT\Tasks\At40.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 19:00:00 C:\WINNT\Tasks\At41.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 20:00:00 C:\WINNT\Tasks\At42.job"

"2007-10-17 21:00:00 C:\WINNT\Tasks\At43.job"

- C:\WINNT\System32\winmds.exe

"2007-10-09 22:00:00 C:\WINNT\Tasks\At44.job"

"2007-10-09 23:00:00 C:\WINNT\Tasks\At45.job"

- C:\WINNT\System32\winmds.exe

"2007-10-16 00:00:00 C:\WINNT\Tasks\At46.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 01:01:45 C:\WINNT\Tasks\At47.job"

- C:\WINNT\System32\winmds.exe

"2007-10-06 02:00:00 C:\WINNT\Tasks\At48.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 07:00:00 C:\WINNT\Tasks\At5.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 08:00:00 C:\WINNT\Tasks\At6.job"

- C:\WINNT\System32\winmds.exe

"2007-08-31 09:00:00 C:\WINNT\Tasks\At7.job"

- C:\WINNT\System32\winmds.exe

"2007-10-15 10:00:00 C:\WINNT\Tasks\At8.job"

- C:\WINNT\System32\winmds.exe

"2007-10-17 11:00:00 C:\WINNT\Tasks\At9.job"

- C:\WINNT\System32\winmds.exe

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-18 11:46:41

Windows 5.0.2195 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 18/10/2007 11:47:51

.

--- E O F ---

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:55:52, on 18/10/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINNT\System32\CTSvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\HPZipm12.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\essspk.exe

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe

C:\WINNT\System32\internat.exe

C:\WINNT\WebCam\M1000\M1000Mnt.exe

C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibserver.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbserver.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINNT\msagent\AgentSvr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE

C:\WINNT\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.02.3000.1001\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [Windows Update Firewall System] spack2.exe

O4 - HKLM\..\Run: [interBaseGuardian] C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe -a

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Firebird 1.5] C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe -a

O4 - HKLM\..\Run: [RemProtDeamon] C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe -a

O4 - HKLM\..\RunServices: [Windows Update Firewall System] spack2.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O20 - AppInit_DLLs:

O20 - Winlogon Notify: klogon - C:\WINNT\System32\klogon.dll

O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InterbaseServer - Inprise Corporation - C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

 

 

Valeu pela ajuda... :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Edvan,

 

Repita a operação, atentando para a localização dos arquivos citados na 2ª Etapa.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado
Localize o caminho dos seguintes arquivos:

 

M1000Rmv.exe

spack2.exe

 

Retorne com o resultado, bem como novos logs do ComboFix e HijackThis.

 

 

 

Olá Garcia ja localizei os arquivos, e ja deletei...

 

esses daí de baixo.. :

 

M1000Rmv.exe

spack2.exe

 

 

e ja postei um novo log do combofix e do HijackThis... no poste anterior..

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado
Localize o caminho dos seguintes arquivos:

 

M1000Rmv.exe

spack2.exe

 

Retorne com o resultado, bem como novos logs do ComboFix e HijackThis.

 

Olá Garcia ja localizei os arquivos, e ja deletei...

 

esses daí de baixo.. :

 

M1000Rmv.exe

spack2.exe

 

 

e ja postei um novo log do combofix e do HijackThis... no poste anterior..

Então, mas os logs postados estão com as mesmas entradas contidas no post de 06/10/2007, ou seja, aparentemente, os arquivos nocivos permanecem na máquina.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Vamos lá meu amigo jgarcia segui novamente os procedidimentos do post da semana de 06/10/2007, tomara que dê tudo certo agora..

 

segue os dois log´s novos para você...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:00:16, on 04/11/2007

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINNT\System32\CTSvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\HPZipm12.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\essspk.exe

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe

C:\WINNT\System32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe

C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibserver.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbserver.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINNT\explorer.exe

C:\WINNT\system32\notepad.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.02.3000.1001\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [Windows Update Firewall System] spack2.exe

O4 - HKLM\..\Run: [interBaseGuardian] C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe -a

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Firebird 1.5] C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe -a

O4 - HKLM\..\Run: [RemProtDeamon] C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe -a

O4 - HKLM\..\RunServices: [Windows Update Firewall System] spack2.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.141 85.255.112.232

O20 - AppInit_DLLs:

O20 - Winlogon Notify: klogon - C:\WINNT\System32\klogon.dll

O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll

O23 - Service: Acrylic DNS Proxy Service (AcrylicController) - Unknown owner - C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InterbaseServer - Inprise Corporation - C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

 

 

 

-----------------------x-----------------------------------

 

 

ComboFix 07-11-01.1** - Antonio 04/11/2007 19:56:48.5 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1046.18.67 [GMT -2:00]

Executando de: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))))

.

 

2007-11-04 19:56 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_348.dat

2007-10-05 22:10 <DIR> d-------- C:\senapc1

2007-10-04 16:32 51,200 --a------ C:\WINNT\NirCmd.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-04 21:58 263,456 --sha-w C:\WINNT\system32\drivers\fidbox2.dat

2007-11-04 21:57 8,153,632 --sha-w C:\WINNT\system32\drivers\fidbox.dat

2007-11-04 20:13 --------- d-----w C:\Arquivos de programas\Programas SRF

2007-11-04 19:38 --------- d-----w C:\Arquivos de programas\PJ2003

2007-11-04 19:35 --------- d-----w C:\Arquivos de programas\PJ2002

2007-11-04 18:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-04 18:57 27,476 --sha-w C:\WINNT\system32\drivers\fidbox2.idx

2007-11-04 18:57 112,424 --sha-w C:\WINNT\system32\drivers\fidbox.idx

2007-11-03 10:51 --------- d-----w C:\Arquivos de programas\CNPJ2007

2007-10-30 12:56 --------- d-----w C:\Documents and Settings\Antonio\Dados de aplicativos\AdobeUM

2007-10-18 14:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Trek320R

2007-10-15 13:46 --------- d-----w C:\Documents and Settings\Antonio\Dados de aplicativos\Image Zone Express

2007-09-28 15:04 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-09-24 15:31 --------- d-----w C:\Arquivos de programas\Fortes Informática

2007-09-24 15:10 274,489 ----a-w C:\WINNT\system32\ntwdblib.dll

2007-09-24 15:10 --------- d-----w C:\Arquivos de programas\FireBird

2006-07-18 18:39 784 ----a-w C:\Documents and Settings\Antonio\Dados de aplicativos\mpauth.dat

2000-08-11 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys

.

 

((((((((((((((((((((((((((((( snapshot@qui 18-10-2007_11.47.12,04 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-09-28 12:06:08 135,168 ----a-w C:\WINNT\catchme.exe

+ 2007-10-29 20:56:19 136,192 ----a-w C:\WINNT\catchme.exe

+ 2007-06-11 15:04:38 190,696 ----a-w C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe

- 2006-12-15 15:49:30 1,046,288 ----a-w C:\WINNT\system32\MSJet35.dll

+ 2004-11-23 13:44:00 1,046,288 ----a-w C:\WINNT\system32\MSJet35.dll

- 2006-12-15 15:49:32 123,664 ----a-w C:\WINNT\system32\MSJInt35.dll

+ 2004-11-23 13:44:02 123,664 ----a-w C:\WINNT\system32\MSJInt35.dll

- 2006-12-15 15:49:34 24,848 ----a-w C:\WINNT\system32\MSJtEr35.dll

+ 2004-11-23 13:44:04 24,848 ----a-w C:\WINNT\system32\MSJtEr35.dll

- 2006-12-15 15:49:34 252,176 ----a-w C:\WINNT\system32\MSRD2x35.dll

+ 2004-11-23 13:44:04 252,176 ----a-w C:\WINNT\system32\MSRD2x35.dll

- 2006-12-15 15:49:36 415,504 ----a-w C:\WINNT\system32\MsRepl35.dll

+ 2004-11-23 13:44:06 415,504 ----a-w C:\WINNT\system32\MsRepl35.dll

- 2006-12-15 15:49:40 1,386,496 ------w C:\WINNT\system32\msvbvm60.dll

+ 2004-11-23 13:44:08 1,386,496 ----a-w C:\WINNT\system32\msvbvm60.dll

- 2005-07-27 22:34:48 57,344 ----a-w C:\WINNT\system32\Signet32.dll

+ 2004-11-23 13:43:12 57,344 ----a-w C:\WINNT\system32\Signet32.dll

- 2007-04-02 17:21:27 139,776 ----a-w C:\WINNT\system32\swreg.exe

+ 2007-04-02 16:21:27 139,776 ----a-w C:\WINNT\system32\swreg.exe

- 2006-12-15 15:49:54 489,128 ----a-w C:\WINNT\system32\tdbgpp7.dll

+ 2004-11-23 13:44:26 489,128 ----a-w C:\WINNT\system32\tdbgpp7.dll

- 2006-12-15 15:50:02 527,024 ----a-w C:\WINNT\system32\tibase6.dll

+ 2004-11-23 13:44:36 527,024 ----a-w C:\WINNT\system32\tibase6.dll

- 2006-12-15 15:50:10 133,296 ----a-w C:\WINNT\system32\tishare6.dll

+ 2004-11-23 13:44:46 133,296 ----a-w C:\WINNT\system32\tishare6.dll

- 2006-12-15 15:50:16 249,856 ----a-w C:\WINNT\system32\Todgub7.dll

+ 2004-11-23 13:44:54 249,856 ----a-w C:\WINNT\system32\Todgub7.dll

- 2006-12-15 15:47:42 20,480 ----a-w C:\WINNT\system32\TransCripto.dll

+ 2004-11-23 13:43:14 20,480 ----a-w C:\WINNT\system32\TransCripto.dll

- 2006-12-15 15:50:18 89,360 ----a-w C:\WINNT\system32\VB5DB.dll

+ 2004-11-23 13:44:56 89,360 ----a-w C:\WINNT\system32\VB5DB.dll

- 2006-12-15 15:50:22 27,136 ----a-w C:\WINNT\system32\WiseDLL.dll

+ 2004-11-23 13:45:00 27,136 ----a-w C:\WINNT\system32\WiseDLL.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 147,514 2003-10-07 11:48:56 C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\bak\TBMon.exe

 

----a-w 20,480 1999-11-18 08:01:00 C:\Arquivos de programas\Creative\Audio2K\Program\bak\CTMIX32.EXE

 

----a-w 39,936 2000-03-23 04:00:00 C:\Arquivos de programas\Creative\News\bak\NewsUpd.EXE

 

----a-w 189,952 1999-08-30 03:55:00 C:\Arquivos de programas\Creative\ShareDLL\bak\CtNotify.exe

 

----a-w 57,344 2002-04-15 08:12:56 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe

 

----a-w 45,056 2001-12-06 12:09:08 C:\Arquivos de programas\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe

 

----a-w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\bak\InkMonitor.exe

------w 258,116 2002-08-05 00:37:14 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

----a-w 36,975 2004-12-07 00:31:50 C:\Arquivos de programas\Java\jre1.5.0_01\bin\bak\jusched.exe

 

----a-w 86,016 2004-07-23 00:53:42 C:\Arquivos de programas\MSN Apps\Updater\01.02.0002.1001\pt-pt\bak\msnappau.exe

 

----a-w 139,320 2004-08-06 05:50:00 C:\Arquivos de programas\Network Associates\Common Framework\bak\UpdaterUI.exe

 

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\bak\E_S10IC2.EXE

----a-w 74,752 2002-07-01 03:05:00 C:\WINNT\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

 

----a-w 188,416 2002-06-17 13:51:50 C:\WINNT\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [10/08/00 22:00 C:\WINNT\system32\mobsync.exe]

"EssSpkPhone"="essspk.exe" [19/10/01 08:49 C:\WINNT\essspk.exe]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [04/08/02 22:37 ]

"M1000Mnt"="M1000Rmv.exe" []

"EPSON Stylus CX3200"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/02 01:05 ]

"Windows Update Firewall System"="spack2.exe" []

"InterBaseGuardian"="C:\Arquivos de programas\CAIXA\SEFIP\IB6\bin\ibguard.exe" [30/01/02 21:20 ]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [19/02/06 03:41 ]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [09/03/07 21:50 ]

"Firebird 1.5"="C:\Arquivos de programas\FireBird\FireBird_1_5\bin\fbguard.exe" [24/09/07 13:10 ]

"RemProtDeamon"="C:\Arquivos de programas\Fortes Informática\RemProtDeamon.exe" [27/09/07 12:58 ]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [10/08/00 22:00 C:\WINNT\system32\internat.exe]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [05/09/07 00:40 ]

"iBest.baloon"="C:\Arquivos de programas\Yahoo! Acesso Grátis\baloon.exe" [14/03/05 22:14 ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Windows Update Firewall System"=spack2.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"internat.exe"=internat.exe

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]

Microsoft Office.lnk - D:\programas\Microsoft Office\Office\OSA9.EXE [2000-01-20 23:15:56]

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE [2002-12-06 16:44:34]

Wireless Configuration Utility HW.51.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 10:41:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]

nwprovau.dll 19/07/02 08:34 140560 C:\WINNT\system32\NWPROVAU.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 nwprovau

 

R2 AcrylicController;Acrylic DNS Proxy Service;C:\Arquivos de programas\Acrylic DNS Proxy\AcrylicService.exe

R3 IP100;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINNT\System32\DRIVERS\ipfnd5.sys

R3 M1000Srv;Trek 320R Driver;C:\WINNT\System32\Drivers\M1000KNT.sys

R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\System32\DRIVERS\usbprint.sys

R3 W8335PCI;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINNT\System32\DRIVERS\Mrv8000c.sys

S3 InterbaseServer;InterbaseServer;C:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe -s -g

S3 mga64;mga64;C:\WINNT\System32\DRIVERS\mga64m.sys

S3 N100;Compaq Ethernet ou Fast Ethernet NIC NT Driver;C:\WINNT\System32\DRIVERS\n100nt5.sys

 

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-04 19:58:11

Windows 5.0.2195 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 04/11/2007 19:59:20

.

--- E O F ---

 

 

 

Se tiver limpo esse log do pc de sena você pode fechar esse topico.... e desde ja lhe agradeço pela ajuda que você presta com tanta safistação a todos nós... você é um excelente profissional.. era para você trabalhar numa grande empresa ganhando muito bem, pois você merece e é um excente analista de log´s... boa sorte.. quem me dera ter um conhecimento que você tem... rsrs mais quem sabe né!!!. ha! tempo para tudo debaixo dos céus!!! :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Edvan,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão 01bt_scan_pt.gif;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Pode fechar o topico meu amigo valeu pela sua atenção,,....

 

 

 

O cara desse pc teve que formatar a maquina "então problema resolvido..."".

 

 

Fuiiiii"!!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito