Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

sr.silva

[Resolvido!]Problemas com vírus. Vários!

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

sr.silva    1

sr.silva
Postado

Se puderem analisar o log agradeço.

 

Logfile of HijackThis v1.99.1Scan saved at 20:19:14, on 18/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\ArchestrA\aaLogger.exeC:\arquivos de programas\Realteck\realteck.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\Arquivos de programas\csrss.exeC:\Arquivos de programas\Seekmo\bin\10.0.427.0\OEAddOn.exeC:\Arquivos de programas\Seekmo\bin\10.0.427.0\SeekmoSA.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\explorer.exeC:\arquivos de programas\Realteck\pRee1.exeC:\Arquivos de programas\Arquivos comuns\ArchestrA\NTServApp.exeC:\arquivos de programas\Realteck\pRee2.exeC:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exeC:\WINDOWS\system32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\eMule\emule.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Nova pasta\HijackThis.exeC:\WINDOWS\System32\WScript.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com.br/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Seekmo /fleok=1D8A83A5C2ED127E9DAF6D2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Arquivos de programas\Seekmo\bin\10.0.427.0\HostIE.dllO2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Arquivos de programas\Seekmo\bin\10.0.427.0\HostIE.dllO4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realteck\realteck.exeO4 - HKLM\..\Run: [csrss] C:\Arquivos de programas\csrss.exeO4 - HKLM\..\Run: [SeekmoOE] C:\Arquivos de programas\Seekmo\bin\10.0.427.0\OEAddOn.exeO4 - HKLM\..\Run: [SeekmoSA] "C:\Arquivos de programas\Seekmo\bin\10.0.427.0\SeekmoSA.exe"O4 - HKCU\..\Run: [explorer] C:\arquivos de programas\Realteck\pplgn.exeO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cabO16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\ArchestrA\aaLogger.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: FS Service Control - Wonderware Corporation - C:\Arquivos de programas\Arquivos comuns\ArchestrA\NTServApp.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exeO23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\ArchestrA\wwnetdde.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! sr.silva

 

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

sr.silva    1

sr.silva
Postado

opa amigo!

 

combofix.txt

ComboFix 08-07-18.5 - srsilva 2008-07-19 12:08:33.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.59 [GMT -3:00]Executando de: C:\Documents and Settings\srsilva\Desktop\ComboFix.exe[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].

 

Ele reiniciou o computador, quando estava sendo executado.

 

 

 

hjt.txt => atualizado

 

Logfile of HijackThis v1.99.1Scan saved at 12:18, on 2008-07-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\taskmgr.exeC:\Nova pasta\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realteck\realteck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cabO16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)O23 - Service: ArchestrA Logger (aaLogger) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\aaLogger.exe (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: FS Service Control - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\NTServApp.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Wonderware SuiteLink (slssvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exe (file missing)O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\wwnetdde.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! sr.silva

 

Ele reiniciou o computador, quando estava sendo executado.

<@> Não foi gerado relatório! Execute o ComboFix.exe,em Modo de Segurança. <--

-----------------------------

<@> Poste: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

sr.silva    1

sr.silva
Postado

combofix.txt

 

ComboFix 08-07-19.1 - Administrador 2008-07-20  9:40:19.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.90 [GMT -3:00]Executando de: C:\ComboFix.exe[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\srsilva\Configurações locais\Temporary Internet Files\MF4998ED.gifC:\winx.log.(((((((((((((((((((((((   Ficheiros criados de 2008-06-20 to 2008-07-20  )))))))))))))))))))))))))))))))).2008-07-20 09:34 . 2008-07-20 09:34	2,654,535	--a------	C:\ComboFix.exe2008-07-20 09:27 . 2008-03-09 00:08	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Modelos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--------	C:\Documents and Settings\Administrador\Meus documentos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	dr-------	C:\Documents and Settings\Administrador\Menu Iniciar2008-07-20 09:27 . 2008-07-20 09:28	<DIR>	d--------	C:\Documents and Settings\Administrador\Favoritos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	dr-h-----	C:\Documents and Settings\Administrador\Dados de aplicativos2008-07-20 09:27 . 2008-07-20 09:42	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Configurações locais2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Ambiente de rede2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Ambiente de impressão2008-07-20 09:27 . 2008-07-20 09:27	<DIR>	d--------	C:\Documents and Settings\Administrador2008-07-20 03:03 . 2008-07-20 03:03	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared2008-07-19 13:06 . 2008-07-19 13:06	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-07-18 20:32 . 2008-07-18 20:32	<DIR>	d--------	C:\Arquivos de programas\Enigma Software Group2008-07-18 20:22 . 2008-07-18 20:24	<DIR>	d--------	C:\LinhaDefensiva2008-07-18 20:17 . 2008-07-19 12:18	<DIR>	d--------	C:\Nova pasta2008-07-07 02:03 . 2008-07-07 02:03	244,152	--a------	C:\WINDOWS\system32\systenini.exe2008-07-07 02:02 . 2008-07-07 02:02	1,343	--a------	C:\sys.bat2008-07-07 02:02 . 2008-07-07 02:02	342	---------	C:\WINDOWS\system32\ajeojaoieja.RRI2008-07-04 17:07 . 2008-07-04 18:00	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-06-25 17:23 . 2008-06-25 17:23	<DIR>	d--------	C:\Arquivos de programas\MP3 Player Utilities 4.152008-06-20 18:28 . 2001-08-17 21:56	7,552	--a------	C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-20 18:28 . 2001-08-17 21:56	7,552	--a--c---	C:\WINDOWS\system32\dllcache\sonypvu1.sys.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-20 06:43	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\Adobe2008-07-19 00:34	---------	d-----w	C:\Arquivos de programas\eMule2008-07-19 00:28	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\ArchestrA2008-07-18 23:31	---------	d-----w	C:\Documents and Settings\srsilva\Dados de aplicativos\Notepad++2008-07-18 23:16	---------	d-----w	C:\Arquivos de programas\GbPlugin2008-07-16 02:57	---------	d-----w	C:\Documents and Settings\srsilva\Dados de aplicativos\AVG72008-07-15 16:52	---------	d-----w	C:\Documents and Settings\srsilva\Dados de aplicativos\AdobeUM2008-07-07 09:11	---------	d--h--w	C:\Arquivos de programas\Scpad2008-06-24 03:36	18,217	--sh--r	C:\WINDOWS\system32\.vbe2008-06-20 17:41	247,808	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-18 02:11	---------	d-----w	C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller2008-06-18 02:08	---------	d-----w	C:\Arquivos de programas\Windows Live2008-06-14 17:59	272,384	------w	C:\WINDOWS\system32\drivers\bthport.sys2008-06-09 05:24	---------	d-----w	C:\Documents and Settings\srsilva\Dados de aplicativos\FileZilla2008-06-08 23:37	---------	d-----w	C:\Arquivos de programas\Acro Software2008-06-08 01:16	---------	d-----w	C:\Arquivos de programas\Megacubo2008-06-03 09:25	---------	d-----w	C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin2008-06-02 01:23	---------	d-----w	C:\Arquivos de programas\SopCast2008-05-25 06:05	---------	d-----w	C:\Documents and Settings\srsilva\Dados de aplicativos\Star-Tools2008-05-07 05:15	1,292,288	----a-w	C:\WINDOWS\system32\quartz.dll2008-04-30 21:08	87,352	----a-w	C:\WINDOWS\system32\LMIinit.dll2008-04-30 21:08	83,288	----a-w	C:\WINDOWS\system32\LMIRfsClientNP.dll2008-04-30 21:08	24,608	----a-w	C:\WINDOWS\system32\LMIport.dll2008-04-30 21:08	23,736	----a-w	C:\WINDOWS\system32\lmimirr.dll2008-04-30 21:08	10,040	----a-w	C:\WINDOWS\system32\lmimirr2.dll2008-04-21 07:02	661,504	----a-w	C:\WINDOWS\system32\wininet.dll.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* entradas vazias & legítimas por defeito não são mostradas.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-24 22:19 219136][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"DFGJ-C101394F6B"=".vbe" [2008-06-24 00:36 18217 C:\WINDOWS\system32\.vbe][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2008-06-02 21:30 369064][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]2008-06-02 21:30 369064 C:\ARQUIV~1\GbPlugin\gbiehabn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnkbackup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnkbackup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]C:\WINDOWS\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]--a------ 2008-03-24 22:19 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-05-11 23:12 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wampmysqld"=3 (0x3)"wampapache"=3 (0x3)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Arquivos de programas\\Wonderware\\InTouch\\wm.exe"="C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\dllhost.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\FileZilla FTP Client\\filezilla.exe"="C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"445:TCP"= 445:TCP:@xpsp2res.dll,-22005"102:TCP"= 102:TCP:DAS SI 102"135:TCP"= 135:TCP:DCOM 135"502:TCP"= 502:TCP:Modicon 502"1434:UDP"= 1434:UDP:SQL Server Browser 1434"1433:TCP"= 1433:TCP:SQL TCP 1433"2221:TCP"= 2221:TCP:DAS ABTCP 2221"2222:TCP"= 2222:TCP:DAS ABTCP 2222"2223:TCP"= 2223:TCP:DAS ABTCP 2223"5413:TCP"= 5413:TCP:Port 5413"80:TCP"= 80:TCP:SuiteVoyager 80"143:TCP"= 143:TCP:SuiteVoyager 143"9001:TCP"= 9001:TCP:vista 9001"9002:TCP"= 9002:TCP:EnvMngr 9002"9003:TCP"= 9003:TCP:MsgMngr 9003"9004:TCP"= 9004:TCP:SecMngr 9004"9006:TCP"= 9006:TCP:RedMngr 9006"9007:TCP"= 9007:TCP:UnilinkMngr 9007"9008:TCP"= 9008:TCP:BatchMngr 9008"9011:TCP"= 9011:TCP:LogMngr 9011"9012:TCP"= 9012:TCP:InfoMngr 9012"9013:UDP"= 9013:UDP:RedMngrX 9013"9014:UDP"= 9014:UDP:RedMngrX2 9014"9015:TCP"= 9015:TCP:HistQMngrvista 9015"9016:TCP"= 9016:TCP:HistQReader 9016"44818:TCP"= 44818:TCP:Logix 44818S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]S2 slssvc;Wonderware SuiteLink;C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exe []*Newly Created Service* - CATCHME.Conteúdo da pasta 'Tarefas Agendadas'"2008-07-06 01:41:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1210037887.job"- C:\Arquivos de programas\HP\Digital Imaging\Bin\hpqfrucl.exe4-I .- - - - ORPHANS REMOVED - - - -HKLM-Run-krn - C:\arquivos de programas\Realteck\realteck.exeSharedTaskScheduler-{A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllSSODL-CompIBBrd-{A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dllMSConfigStartUp-LogMeIn GUI - C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exeMSConfigStartUp-Cmaudio - cmicnfg.cpl**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-20 09:43:24Windows 5.1.2600 Service Pack 2 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros ocultos ...Varredura completada com sucessoFicheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-07-20  9:45:53ComboFix-quarantined-files.txt  2008-07-20 12:45:49Pre-Run: 8,400,023,552 bytes disponíveisPost-Run: 9,535,660,032 bytes disponíveis186	--- E O F ---	2008-07-09 04:58:09

 

=========

 

hjt.exe

Logfile of HijackThis v1.99.1Scan saved at 09:52, on 20/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cscript.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Nova pasta\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cabO16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dllO23 - Service: ArchestrA Logger (aaLogger) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\aaLogger.exe (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: FS Service Control - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\NTServApp.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Wonderware SuiteLink (slssvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exe (file missing)O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\wwnetdde.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! sr.silva

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\systenini.exe

C:\sys.bat

C:\WINDOWS\system32\ajeojaoieja.RRI

C:\WINDOWS\system32\.vbe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"DFGJ-C101394F6B"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

35j0br8.gif

 

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

sr.silva    1

sr.silva
Postado

combofix.txt

 

ComboFix 08-07-19.1 - Administrador 2008-07-20 17:49:06.4 - NTFSx86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.91 [GMT -3:00]Executando de: C:\ComboFix.exeCommand switches used :: C:\CFScript.txt[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]FILE ::C:\sys.batC:\WINDOWS\system32\.vbeC:\WINDOWS\system32\ajeojaoieja.RRIC:\WINDOWS\system32\systenini.exe.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\sys.batC:\WINDOWS\system32\.vbeC:\WINDOWS\system32\ajeojaoieja.RRIC:\WINDOWS\system32\systenini.exe.(((((((((((((((((((((((   Ficheiros criados de 2008-06-20 to 2008-07-20  )))))))))))))))))))))))))))))))).2008-07-20 09:34 . 2008-07-20 09:34	2,654,535	--a------	C:\ComboFix.exe2008-07-20 09:27 . 2008-03-09 00:08	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Modelos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--------	C:\Documents and Settings\Administrador\Meus documentos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	dr-------	C:\Documents and Settings\Administrador\Menu Iniciar2008-07-20 09:27 . 2008-07-20 09:28	<DIR>	d--------	C:\Documents and Settings\Administrador\Favoritos2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	dr-h-----	C:\Documents and Settings\Administrador\Dados de aplicativos2008-07-20 09:27 . 2008-07-20 17:50	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Configurações locais2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Ambiente de rede2008-07-20 09:27 . 2008-03-08 21:03	<DIR>	d--h-----	C:\Documents and Settings\Administrador\Ambiente de impressão2008-07-20 09:27 . 2008-07-20 09:27	<DIR>	d--------	C:\Documents and Settings\Administrador2008-07-20 03:03 . 2008-07-20 03:03	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared2008-07-19 13:06 . 2008-07-19 13:06	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-07-18 20:32 . 2008-07-18 20:32	<DIR>	d--------	C:\Arquivos de programas\Enigma Software Group2008-07-18 20:17 . 2008-07-20 09:51	<DIR>	d--------	C:\hjt2008-07-04 17:07 . 2008-07-04 18:00	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-06-25 17:23 . 2008-06-25 17:23	<DIR>	d--------	C:\Arquivos de programas\MP3 Player Utilities 4.152008-06-20 18:28 . 2001-08-17 21:56	7,552	--a------	C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-20 18:28 . 2001-08-17 21:56	7,552	--a--c---	C:\WINDOWS\system32\dllcache\sonypvu1.sys.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-20 18:22	---------	d-----w	C:\Arquivos de programas\PhotoBrush2008-07-20 06:43	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\Adobe2008-07-19 00:34	---------	d-----w	C:\Arquivos de programas\eMule2008-07-19 00:28	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\ArchestrA2008-07-18 23:31	---------	d-----w	C:\Documents and Settings\Cristiano\Dados de aplicativos\Notepad++2008-07-18 23:16	---------	d-----w	C:\Arquivos de programas\GbPlugin2008-07-16 02:57	---------	d-----w	C:\Documents and Settings\Cristiano\Dados de aplicativos\AVG72008-07-15 16:52	---------	d-----w	C:\Documents and Settings\Cristiano\Dados de aplicativos\AdobeUM2008-07-07 09:11	---------	d--h--w	C:\Arquivos de programas\Scpad2008-06-20 17:41	247,808	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-18 02:11	---------	d-----w	C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller2008-06-18 02:08	---------	d-----w	C:\Arquivos de programas\Windows Live2008-06-14 17:59	272,384	------w	C:\WINDOWS\system32\drivers\bthport.sys2008-06-09 05:24	---------	d-----w	C:\Documents and Settings\Cristiano\Dados de aplicativos\FileZilla2008-06-08 23:37	---------	d-----w	C:\Arquivos de programas\Acro Software2008-06-08 01:16	---------	d-----w	C:\Arquivos de programas\Megacubo2008-06-03 09:25	---------	d-----w	C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin2008-06-02 01:23	---------	d-----w	C:\Arquivos de programas\SopCast2008-05-25 06:05	---------	d-----w	C:\Documents and Settings\Cristiano\Dados de aplicativos\Star-Tools2008-05-07 05:15	1,292,288	----a-w	C:\WINDOWS\system32\quartz.dll2008-04-30 21:08	87,352	----a-w	C:\WINDOWS\system32\LMIinit.dll2008-04-30 21:08	83,288	----a-w	C:\WINDOWS\system32\LMIRfsClientNP.dll2008-04-30 21:08	24,608	----a-w	C:\WINDOWS\system32\LMIport.dll2008-04-30 21:08	23,736	----a-w	C:\WINDOWS\system32\lmimirr.dll2008-04-30 21:08	10,040	----a-w	C:\WINDOWS\system32\lmimirr2.dll2008-04-21 07:02	661,504	----a-w	C:\WINDOWS\system32\wininet.dll.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* entradas vazias & legítimas por defeito não são mostradas.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-24 22:19 219136][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2008-06-02 21:30 369064][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]2008-06-02 21:30 369064 C:\ARQUIV~1\GbPlugin\gbiehabn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnkbackup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnkbackup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]C:\WINDOWS\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]--a------ 2008-03-24 22:19 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-05-11 23:12 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wampmysqld"=3 (0x3)"wampapache"=3 (0x3)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Arquivos de programas\\Wonderware\\InTouch\\wm.exe"="C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\dllhost.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\FileZilla FTP Client\\filezilla.exe"="C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"445:TCP"= 445:TCP:@xpsp2res.dll,-22005"102:TCP"= 102:TCP:DAS SI 102"135:TCP"= 135:TCP:DCOM 135"502:TCP"= 502:TCP:Modicon 502"1434:UDP"= 1434:UDP:SQL Server Browser 1434"1433:TCP"= 1433:TCP:SQL TCP 1433"2221:TCP"= 2221:TCP:DAS ABTCP 2221"2222:TCP"= 2222:TCP:DAS ABTCP 2222"2223:TCP"= 2223:TCP:DAS ABTCP 2223"5413:TCP"= 5413:TCP:Port 5413"80:TCP"= 80:TCP:SuiteVoyager 80"143:TCP"= 143:TCP:SuiteVoyager 143"9001:TCP"= 9001:TCP:vista 9001"9002:TCP"= 9002:TCP:EnvMngr 9002"9003:TCP"= 9003:TCP:MsgMngr 9003"9004:TCP"= 9004:TCP:SecMngr 9004"9006:TCP"= 9006:TCP:RedMngr 9006"9007:TCP"= 9007:TCP:UnilinkMngr 9007"9008:TCP"= 9008:TCP:BatchMngr 9008"9011:TCP"= 9011:TCP:LogMngr 9011"9012:TCP"= 9012:TCP:InfoMngr 9012"9013:UDP"= 9013:UDP:RedMngrX 9013"9014:UDP"= 9014:UDP:RedMngrX2 9014"9015:TCP"= 9015:TCP:HistQMngrvista 9015"9016:TCP"= 9016:TCP:HistQReader 9016"44818:TCP"= 44818:TCP:Logix 44818S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]S2 slssvc;Wonderware SuiteLink;C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exe [].Conteúdo da pasta 'Tarefas Agendadas'"2008-07-06 01:41:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1210037887.job"- C:\Arquivos de programas\HP\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-20 17:51:16Windows 5.1.2600 Service Pack 2 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros ocultos ...Varredura completada com sucessoFicheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-07-20 17:53:19ComboFix-quarantined-files.txt  2008-07-20 20:53:15Pre-Run: 7 pasta(s) 10,283,565,056 bytes disponíveisPost-Run: 11 pasta(s) 10,283,073,536 bytes disponíveis181	--- E O F ---	2008-07-09 04:58:09

 

=====================

 

hjt.txt

Logfile of HijackThis v1.99.1Scan saved at 17:57, on 2008-07-20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeC:\ARQUIV~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\hjt\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cabO16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dllO20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dllO23 - Service: ArchestrA Logger (aaLogger) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\aaLogger.exe (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exeO23 - Service: FS Service Control - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\NTServApp.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Wonderware SuiteLink (slssvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\slssvc.exe (file missing)O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArchestrA\wwnetdde.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! sr.silva

 

Os logs apresentam-se limpos! :grin:

-----------------------------

<!> Abra o IE e,caso queira,faça um scan em Kaspersky <-- Somente roda no IE!

-----------------------------

>@< Faça um scan,on line,em: < Kaspersky >

 

<!> Acesse o site, clique em: < kasperdx9.jpg >

 

>@< Na próxima página,clique em: I Accept

>@< Isto,para que se instale o controle activeX e,em seguida,atualize o banco de dados.

>@< Na próxima página,clique em: My Computer e faça o scan.

>@< Tenha paciência! Aguarde a atualização da base de dados,e o próprio exame que é demorado.

>@< Terminando,salve e poste o relatório.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

sr.silva    1

sr.silva
Postado

Opa!

 

Agradeço sua ajuda e atenção prestada.

Infelizmente não consigo realizar o "scan"...

 

Esse computador e comunitário aqui em casa.

4 pessoa utilizando. Toda vez que começo, alguém vai lá e tira.

 

Mais uma vez..obrigado pela sua ajuda.

 

[]´s

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Opa!

 

Agradeço sua ajuda e atenção prestada.

Infelizmente não consigo realizar o "scan"...

 

Esse computador e comunitário aqui em casa.

4 pessoa utilizando. Toda vez que começo, alguém vai lá e tira.

 

Mais uma vez..obrigado pela sua ajuda.

 

[]´s

------------------------

Opa! sr.silva

Boa Noite!

 

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Salve-o em Arquivos de Programa.

<@> Atualize o Malwarebytes!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

 

<!> Para maiores detalhes,leia o Tutorial: < Link >

 

<@> Terminando,procure enviar os ficheiros detectados para a quarentena.

-----------------------

<@> Poste,os relatórios:

 

<!> mbam.(..).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

sr.silva    1

sr.silva
Postado

opa amigo,

 

como já havia comentado, cheguei em casa hoje e o computador foi formatado.

 

agradeço toda a atenção prestada nesse caso.

 

assunto resolvido!

 

[]s

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito