Jump to content


Photo

Vírus: Diskinfo

Started By JADSON CYBER, 19/09/2009, 10:32

  • This topic is locked This topic is locked
2 replies to this topic

#1 JADSON CYBER

JADSON CYBER

    Normal

  • Usuários
  • 65 posts
  • Sexo:Masculino

Posted 19/09/2009, 10:32

Olá pessoas! Com a experiência que adquirir neste fórum, tenho sanado as broquinhas qua surge por aqui, por isso venho mais uma vez recorer aos colegas. Bem de uns dias pra cá percebe que no PC tem um virus em forma de pasta de trabalho, descrito: "DiskInfo", todos Pen-Drive que é colocado no PC automaticamente ele se instala no mesmo.

Já rodei o Combofix e ele continua se instalado nos pen-drive, segue abaixo o relatório do Combofix e Hijackthis, como também imagem do Vírus.


A maquina infectada é um Servidor, gostaria de vê a possilibidade de fazer o quê me pedirem durante suas atividades, assim que me respoderem.

ComboFix 09-09-17.04 - Jardson 19/09/2009 7:29.4.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.277 [GMT -3:00]
Executando de: c:\documents and settings\Jardson\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-19 to 2009-09-19 ))))))))))))))))))))))))))))
.

2009-09-18 00:44 . 2009-03-05 12:37 384512 ----a-w- c:\windows\system32\winsgx.exe
2009-09-18 00:07 . 2009-09-18 00:07 -------- d-----w- C:\Jose Antonio
2009-09-17 13:57 . 2009-09-17 21:37 -------- d-----w- c:\arquivos de programas\VDOWNLOADER
2009-09-10 12:54 . 2009-09-10 12:54 -------- d--h--w- c:\documents and settings\Jardson\~Antenna
2009-09-10 12:48 . 2009-09-10 12:48 -------- d-----w- c:\documents and settings\Jardson\Dados de aplicativos\Stormdance
2009-09-10 12:48 . 2009-09-10 12:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Stormdance
2009-09-09 11:19 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 19:24 . 2009-09-05 19:25 -------- d-----w- c:\arquivos de programas\mobile PhoneTools
2009-09-04 19:11 . 2009-09-06 14:42 -------- d-----w- C:\Contratos
2009-08-29 13:29 . 2009-09-08 01:25 -------- d-----w- c:\arquivos de programas\Softland
2009-08-27 12:59 . 2009-08-27 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2009-08-23 06:07 . 2009-08-23 06:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 06:07 . 2009-08-23 06:07 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-08-23 06:06 . 2009-08-23 06:07 -------- d-----w- C:0f3514b1329095029
2009-08-23 06:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-23 06:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-23 06:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-23 06:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-23 06:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-23 06:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-23 06:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 15:51 . 2009-08-27 14:18 -------- d-----w- C:\Nossas_FotosDiversas_2

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 10:09 . 2009-05-28 16:54 -------- d-----w- c:\arquivos de programas\ESET
2009-09-18 14:07 . 2009-06-02 22:08 -------- d-----w- c:\documents and settings\Jardson\Dados de aplicativos\Image Zone Express
2009-09-10 10:47 . 2009-06-02 18:32 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-09-10 01:35 . 2009-05-28 15:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-09-05 19:24 . 2009-06-29 23:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software
2009-09-05 19:24 . 2009-05-28 15:32 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-31 01:28 . 2009-05-28 21:07 -------- d-----w- c:\arquivos de programas\FirebirdClient
2009-08-27 12:59 . 2009-06-29 16:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero
2009-08-27 12:59 . 2009-05-28 17:29 -------- d-----w- c:\arquivos de programas\Nero
2009-08-25 17:46 . 2009-05-28 20:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-08-23 06:11 . 2001-10-28 18:07 79980 ----a-w- c:\windows\system32\perfc016.dat
2009-08-23 06:11 . 2001-10-28 18:07 471022 ----a-w- c:\windows\system32\perfh016.dat
2009-08-23 06:07 . 2009-05-28 15:51 -------- d-----w- c:\arquivos de programas\MSBuild
2009-08-10 23:47 . 2009-08-10 23:47 -------- d-----w- c:\documents and settings\Jardson\Dados de aplicativos\LGSync
2009-08-05 09:00 . 2002-09-09 16:07 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 23:26 . 2009-06-08 01:02 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center
2009-07-17 19:03 . 2002-09-09 16:07 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2009-05-28 14:08 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-09 00:35 . 2009-07-09 00:35 5936 ----a-w- c:\documents and settings\Jardson\mqdmwhnt.sys
2009-07-09 00:35 . 2009-07-09 00:35 92064 ----a-w- c:\documents and settings\Jardson\mqdmmdm.sys
2009-07-09 00:35 . 2009-07-09 00:35 79328 ----a-w- c:\documents and settings\Jardson\mqdmserd.sys
2009-07-09 00:35 . 2009-07-09 00:35 9232 ----a-w- c:\documents and settings\Jardson\mqdmmdfl.sys
2009-07-09 00:35 . 2009-07-09 00:35 6208 ----a-w- c:\documents and settings\Jardson\mqdmcmnt.sys
2009-07-09 00:35 . 2009-07-09 00:35 4048 ----a-w- c:\documents and settings\Jardson\mqdmcr.sys
2009-07-09 00:35 . 2009-07-09 00:35 66656 ----a-w- c:\documents and settings\Jardson\mqdmbus.sys
2009-07-09 00:35 . 2009-06-29 23:36 25600 ----a-w- c:\documents and settings\Jardson\usbsermptxp.sys
2009-07-09 00:35 . 2009-06-29 23:36 22768 ----a-w- c:\documents and settings\Jardson\usbsermpt.sys
2009-07-03 16:59 . 2002-09-09 16:08 915456 ------w- c:\windows\system32\wininet.dll
2009-06-29 23:36 . 2009-06-29 23:36 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2009-06-25 08:27 . 2002-09-09 16:08 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2002-09-09 16:08 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2002-09-09 16:07 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2002-09-09 16:07 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2001-10-28 18:07 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2002-09-09 16:07 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2001-10-28 18:06 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-29 01:09 . 2009-05-29 01:09 0 --sh--w- c:\windows\S8E575DEE.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-09-08_01.38.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 15:53 . 2009-09-10 01:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2001-10-28 18:06 . 2009-03-08 07:33 726528 c:\windows\system32\jscript.dll
+ 2001-10-28 18:06 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
- 2009-03-08 07:33 . 2009-03-08 07:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 07:33 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-05-28 15:53 . 2009-09-10 01:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-10 01:34 . 2008-07-08 12:58 395128 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 01:34 . 2008-07-08 12:58 233336 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 01:34 . 2009-03-08 07:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2002-09-09 16:08 . 2009-05-20 07:56 2458112 c:\windows\system32\WMVCore.dll
- 2002-09-09 16:08 . 2008-06-18 08:03 2458112 c:\windows\system32\WMVCore.dll
+ 2009-05-28 14:31 . 2009-05-20 07:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2009-05-28 14:31 . 2008-06-18 08:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-18 15:56 . 2009-08-18 15:56 5020672 c:\windows\Installer\3178b35.msp
- 2009-05-28 15:53 . 2009-08-12 06:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-28 15:53 . 2009-09-10 01:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-05-28 15:53 . 2009-08-12 06:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-05-28 18:12 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-10 01:35 . 2009-09-10 01:35 15709696 c:\windows\Installer\3178b3d.msp
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-05-28 185896]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"tppoll"="c:\program files\Topro\tppoll.exe" [BU]
"WatchDog"="c:\arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"WinsGx"="c:\windows\system32\winsgx.exe" [2009-03-05 384512]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\ViteSoft\\Admin\\VSCyberAdmin.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1155:TCP"= 1155:TCP:VSCyber
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"3050:TCP"= 3050:TCP:Firebird

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [28/5/2009 12:32 11264]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [22/6/2009 19:45 197512]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [28/5/2009 12:35 654848]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-09-19 c:\windows\Tasks\User_Feed_Synchronization-{82117265-D978-4FFA-9805-807F9F1EFB06}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {384AC28A-8938-4110-8690-78217D167800} = 192.168.1.100
TCP: {BFDA89F2-12C5-411C-86A2-2BEA50392284} = 192.168.1.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 07:34
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
.
Tempo para conclusão: 2009-09-19 7:37
ComboFix-quarantined-files.txt 2009-09-19 10:37
ComboFix2.txt 2009-09-19 10:25
ComboFix3.txt 2009-09-08 01:40
ComboFix4.txt 2009-07-04 02:23

Pré-execução: 26 pasta(s) 86.056.271.872 bytes disponíveis
Pós execução: 27 pasta(s) 86.017.404.928 bytes disponíveis

218 --- E O F --- 2009-09-10 01:37




HijackThis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:37, on 19/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\winsgx.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\ViteSoft\Admin\VSCyberAdmin.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Jardson\Meus documentos\Meus arquivos recebidos\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [WinsGx] C:\WINDOWS\system32\winsgx.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{384AC28A-8938-4110-8690-78217D167800}: NameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFDA89F2-12C5-411C-86A2-2BEA50392284}: NameServer = 192.168.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{384AC28A-8938-4110-8690-78217D167800}: NameServer = 192.168.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{384AC28A-8938-4110-8690-78217D167800}: NameServer = 192.168.1.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7642 bytes

Attached Files


#2 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 24/09/2009, 10:04

[N] - O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
[?] - O4 - HKLM\..\Run: [WinsGx] C:\WINDOWS\system32\winsgx.exe

Selecione as entradas acima e clique em Fix checked.

Faça o download do BankerFix:
http://www.linhadefe...rg/dl/bankerfix

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Faça também um novo log do HijackThis para colocar na sua resposta.


#3 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 06/10/2009, 21:17

Tópico Fechado!

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..


Voltar para Casos Arquivados


1 user(s) are reading this topic

0 membro(s), 1 visitante(s) e 0 membros anônimo(s)

  1. Fórum WMO
  2. Troubleshooting - resolvendo problemas
  3. Segurança
  4. Remoção de Pragas Virtuais
  5. Casos Arquivados
  6. Privacy Policy
  7. Regras ·
IPB Skin By Virteq