Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jvilela14

[Resolvido] Analise de LOG...

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

jvilela14    0

jvilela14
Postado

O PC apaga a tela sozinho!!!

Por Favor analisem esse log...

Abraçaum!!!!

Agradeço desde Ja!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:33:22, on 16/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\csrcs.exe

C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

E:\Tira Virus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palmas.to.gov.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

jvilela14    0

jvilela14
Postado

TAh AE...

 

 

MSNFix 1.724

 

C:\Documents and Settings\saude\Desktop\MSNFix

Fix lançado dia qua 18/06/2008 - 15:21:08,21 By saude

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\WINDOWS\system32\csrcs.exe

... C:\Documents and Settings\saude\??????.exe

... C:\Documents and Settings\saude\????????.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\WINDOWS\system32\csrcs.exe

.. OK ... C:\Documents and Settings\saude\??????.exe

.. OK ... C:\Documents and Settings\saude\????????.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

************************ Apagando os arquivos

 

.. OK ... C:\autorun.inf

.. OK ... C:\Autorun.inf

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\RevelationV2.zip] DD9F826249323E13CFD6B8213302594C

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\saude\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo qua 18062008_15274051.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:30:24, on 18/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\csrcs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\Tira Virus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palmas.to.gov.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.17.252:2007

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.9;<local>

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis , e poste junto o Relatorio.txt.

 

Aguardo o Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

jvilela14    0

jvilela14
Postado
Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis , e poste junto o Relatorio.txt.

 

Aguardo o Retorno

 

Não estah dando certo aki...

assim q executo o bankerfix.exe abre a tela e fecha imediatamente....

e naum axo o relatorio.txt...

estou usando um endereço de proxy para fazer a conexão com a internet será q eh por isso??

abraço!!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

jvilela14    0

jvilela14
Postado

Logfile of HijackThis v1.99.1

Scan saved at 15:11:45, on 23/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\r_server.exe

C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

E:\OPA\Programas\Tira Virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palmas.to.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.17.252:2007

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.9;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{6FDE5E41-CAE3-4E16-9A00-B159B8D35A24}: NameServer = 192.168.17.1,192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

 

 

 

 

 

 

 

 

rComboFix 08-06-20.4 - saude 2008-06-23 14:52:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.13 [GMT -3:00]

Executando de: C:\Documents and Settings\saude\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\csrcs.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))

.

 

2008-06-24 17:23 . 2006-08-16 20:56 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico

2008-06-24 17:22 . 2008-06-24 17:22 <DIR> d-------- C:\TEMP\SCX-4200

2008-06-24 17:22 . 2008-01-24 19:25 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS

2008-06-22 14:53 . 2008-06-22 14:53 0 -rahs---- C:\hk

2008-06-22 14:49 . 2001-12-31 23:09 741,291 --a------ C:\WINDOWS\system32\csrcs.MSNFix

2008-06-21 14:09 . 2008-06-21 14:09 268 --a------ C:\sqmdata00.sqm

2008-06-21 14:09 . 2008-06-21 14:09 244 --a------ C:\sqmnoopt00.sqm

2008-06-19 16:28 . 2008-06-19 16:28 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-19 15:21 . 2008-06-19 16:05 <DIR> d-------- C:\LinhaDefensiva

2008-06-18 15:23 . 2008-05-27 07:51 109,550 -r-hs---- C:\qa8sywva.cmd

2008-06-16 14:34 . 2008-06-16 14:34 <DIR> d-------- C:\Arquivos de programas\SnadBoy's Revelation v2

2008-06-16 14:34 . 2008-06-16 10:00 217,666 --a------ C:\RevelationV2.zip

2008-06-16 14:34 . 2008-06-16 09:59 64,324 --a------ C:\Pega_Senha.rar

2008-06-13 14:10 . 2008-06-13 14:10 268 --a------ C:\sqmdata01.sqm

2008-06-13 14:10 . 2008-06-13 14:10 244 --a------ C:\sqmnoopt01.sqm

2008-06-13 08:36 . 2008-06-13 08:36 <DIR> d-------- C:\WINDOWS\system32\drivers\SAMSUNG

2008-06-13 08:36 . 2008-06-13 08:36 <DIR> d-------- C:\Arquivos de programas\SAMSUNG

2008-06-06 16:44 . 2008-06-22 07:55 <DIR> d-------- C:\Documents and Settings\saude\Contacts

2008-06-06 16:40 . 2008-06-06 16:40 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-06 16:38 . 2008-06-06 16:39 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-06-02 15:49 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-06-02 15:49 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-06-02 15:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-06-02 15:49 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-06-02 14:11 . 2008-06-02 14:11 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-06-02 14:11 . 2005-06-13 10:05 96,224 --a------ C:\WINDOWS\system32\drivers\w800mdm.sys

2008-06-02 14:11 . 2005-06-13 10:06 87,792 --a------ C:\WINDOWS\system32\drivers\w800mgmt.sys

2008-06-02 14:11 . 2005-06-13 10:08 85,664 --a------ C:\WINDOWS\system32\drivers\w800obex.sys

2008-06-02 14:11 . 2005-06-13 10:03 60,768 --a------ C:\WINDOWS\system32\drivers\w800bus.sys

2008-06-02 14:11 . 2005-06-13 10:05 9,264 --a------ C:\WINDOWS\system32\drivers\w800mdfl.sys

2008-06-02 14:11 . 2005-06-13 10:08 6,144 --a------ C:\WINDOWS\system32\drivers\w800cmnt.sys

2008-06-02 14:11 . 2005-06-13 10:08 6,144 --a------ C:\WINDOWS\system32\drivers\w800cm.sys

2008-06-02 14:11 . 2005-06-13 10:03 5,744 --a------ C:\WINDOWS\system32\drivers\w800whnt.sys

2008-06-02 14:11 . 2005-06-13 10:03 5,744 --a------ C:\WINDOWS\system32\drivers\w800wh.sys

2008-05-29 10:13 . 2004-08-04 00:45 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-05-29 10:13 . 2004-08-04 00:45 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax

2008-05-29 10:13 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-05-29 10:13 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2008-05-28 14:20 . 2008-06-22 17:27 <DIR> d-------- C:\Documents and Settings\Super Nitendo\games

2008-05-28 14:20 . 2008-05-28 14:20 <DIR> d-------- C:\Documents and Settings\Super Nitendo

2008-05-28 14:20 . 2001-09-17 20:36 909,312 --a------ C:\Documents and Settings\Super Nitendo\Snes9XW.exe

2008-05-28 14:20 . 2001-09-12 09:03 874,496 --a------ C:\Documents and Settings\Super Nitendo\Snes9XW.dll

2008-05-28 14:20 . 2001-04-29 20:07 114,688 --a------ C:\Documents and Settings\Super Nitendo\fmod.dll

2008-05-28 14:20 . 2003-07-02 16:28 6,645 --a------ C:\Documents and Settings\Super Nitendo\irunin.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-23 17:55 4,049,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-23 14:30 --------- d-----w C:\Documents and Settings\saude\Dados de aplicativos\BrOffice.org2

2008-06-23 10:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-06-23 10:51 253,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-06-20 20:53 54,356 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-06-20 20:53 34,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-30 20:03 --------- d-----w C:\Documents and Settings\saude\Dados de aplicativos\Skype

2008-04-29 18:20 --------- d-----w C:\Arquivos de programas\everest

2008-04-25 13:04 --------- d-----w C:\Documents and Settings\saude\Dados de aplicativos\AdobeUM

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 20:31 36975]

"ANIWZCS2Service"="C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 15:59 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"csrcs"= C:\WINDOWS\system32\csrcs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 00:05]

R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" /service []

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 12:11]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 00:05]

S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a680009-ae6b-11dc-8311-0040a7075fdc}]

\Shell\AutoRun\command - fooool.exe

\Shell\explore\Command - fooool.exe

\Shell\open\Command - fooool.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20270414-1c23-11dd-83ab-00195bd245fa}]

\Shell\AutoRun\command - E:\fooool.exe

\Shell\explore\Command - E:\fooool.exe

\Shell\open\Command - E:\fooool.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a4c738-2b14-11dd-83b5-00195bd245fa}]

\Shell\AutoRun\command - d.cmd

\Shell\explore\Command - d.cmd

\Shell\open\Command - d.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e844d6f4-3099-11dd-83c7-00195bd245fa}]

\Shell\AutoRun\command - F:\qa8sywva.cmd

\Shell\explore\Command - F:\qa8sywva.cmd

\Shell\open\Command - F:\qa8sywva.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7667e2c-e456-11dc-8360-00195bd245fa}]

\Shell\AutoRun\command - E:\fooool.exe

\Shell\explore\Command - E:\fooool.exe

\Shell\open\Command - E:\fooool.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-23 14:55:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-06-23 14:57:17

ComboFix-quarantined-files.txt 2008-06-23 17:57:14

 

Pre-Run: 34,043,265,024 bytes disponíveis

Post-Run: 34,637,426,688 bytes disponíveis

 

134

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito