Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

VandreBorges

[Resolvido] &nbspLog para Analise / Computador do Trabalho

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

VandreBorges    0

VandreBorges
Postado

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:21:57 AM, on 11/27/2012

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\csrss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\WINDOWS.0\system32\msdtc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\WINDOWS.0\system32\HPSIsvc.exe

C:\WINDOWS.0\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe

C:\WINDOWS.0\RTHDCPL.EXE

C:\WINDOWS.0\System32\svchost.exe

C:\Program Files\Winco\Winco DDNS\ddns_updater.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe

C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\alg.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS.0\system32\wbem\wmiprvse.exe

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS.0\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator.0D22F2543C4A4DD\My Documents\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Wmbrowser.Wmbrowsers - {EF949D99-C1DD-4D53-AA7E-C1286EFB93E1} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [shutdownEventCheck] %systemroot%\system32\dumprep 0 -s

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O15 - Trusted Zone: http://www.itau.com.br

O15 - ESC Trusted Zone: http://get.adobe.com

O15 - ESC Trusted Zone: http://www.adobe.com

O15 - ESC Trusted Zone: http://wwwimages.adobe.com

O15 - ESC Trusted Zone: http://clients1.google.com.br

O15 - ESC Trusted Zone: http://www.google.com.br

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://forum.muonline.com.br

O15 - ESC Trusted Zone: http://www.muonline.com.br

O15 - ESC Trusted Zone: http://www.speedtest.com

O15 - ESC Trusted Zone: http://cdn.speedtest.net

O15 - ESC Trusted Zone: http://www.speedtest.net

O15 - ESC Trusted Zone: http://www.speedytest.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com

O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4281577F-CF76-4C6F-B41F-AFA84DC86E59}: NameServer = 192.168.1.1,200.204.0.10

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS.0\system32\HPSIsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Agente de atualização de IP do Winco DDNS (WincoDDNS) - Unknown owner - C:\Program Files\Winco\Winco DDNS\ddns_updater.exe

 

--

End of file - 9375 bytes

 

-----------------------------------------------------------LOG ESETNOD32

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7b6487d7d19b74eb16aea16e9fafa98

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-26 09:31:35

# local_time=2012-11-26 07:31:35 (-0300, E. South America Daylight Time)

# country="United States"

# lang=1033

# osver=5.2.3790 NT Service Pack 2

# compatibility_mode=crash

# scanned=342582

# found=10

# cleaned=10

# scan_time=15966

C:\Arquivos de programas\MU Online Server BETA\findhack.exe a variant of Win32/Packed.MoleboxSVS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrator.0D22F2543C4A4DD\Application Data\Sun\Java\Deployment\cache\6.0\45\56ce92d-2903a91b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\AppData\Local\Temp\Update_0632.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\AppData\Local\Temp\Update_5bea.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\AppData\Local\Temp\Update_a733.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\AppData\Local\Temp\Update_e91a.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\Desktop\cuteftp.pro.8.3.4.0007-patch.exe a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\DALARAN\Downloads\cuteftppro.rar a variant of Win32/HackTool.Patcher.T application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\cuteftp.pro.8.3.4.0007-patch.exe a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS.0\Wmbrowser.dll a variant of Win32/VB.QBG trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá! O que ocorre?

 

|- A Empresa não possui departamento que dê suporte? Já que aqui,somente computadores domésticos são atendidos.

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

VandreBorges    0

VandreBorges
Postado

Olá! O que ocorre?

 

|- A Empresa não possui departamento que dê suporte? Já que aqui,somente computadores domésticos são atendidos.

 

Abs!

É que na verdade somente eu uso este computador que no caso é o "servidor", mas nao existe mais estações aqui. Loja pequena, somente 15m² de Loja. Mas entendo a posição de voces. Abraço

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito