Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
sareston

Trojan-Proxy.Win32.Agent.kj

Recommended Posts

sareston    0

Trojan-Proxy.Win32.Agent.kj

Amigos, como faço para resolver esse problema?

Aqui estão log HijackThis e relatório Kaspersky

Logfile of HijackThis v1.99.1

Scan saved at 22:04:19, on 3/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\keyhook.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\windows\system32\upnp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\csrss.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.podomatic.com/podcast

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [upConfgVer] "C:\Arquivos de programas\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.05.07

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [np] c:\windows\system32\upnp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\Sptisrv.exe

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, January 03, 2007 11:37:27 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 4/01/2007

Kaspersky Anti-Virus database records: 241508

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

Scan Target - Critical Areas:

C:\WINDOWS

C:\DOCUME~1\User\CONFIG~1\Temp\

Scan Statistics:

Total number of scanned objects: 22931

Number of viruses found: 3

Number of infected objects: 48 / 0

Number of suspicious objects: 0

Duration of the scan process: 00:14:33

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\csrss.exe Infected: Trojan-Proxy.Win32.Agent.kj skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\exefld\11089312.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\1236906.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\14936703.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\14940500.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\14950156.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\14950250.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\14995546.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\15003718.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\25635515.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\259750.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\259843.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\275468.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\275484.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\287078.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\288750.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\29670218.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\29670296.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\29684859.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\29726796.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\321062.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\356656.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\381312.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\381375.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\392484.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\393828.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\404015.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\44230406.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\44308453.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\44345250.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\44393203.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\450015.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\464468.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\466953.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\479890.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\481796.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\497437.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\505671.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\515390.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\538937.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\58846671.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\58867125.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\624390.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\657171.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\755625.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\755734.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\exefld\786046.exe Infected: Email-Worm.Win32.Bagle.gy skipped

C:\WINDOWS\exefld\815875.exe Infected: Email-Worm.Win32.Bagle.fy skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Obrigado!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

primeiramente você usa algum antivirus???

se não usar recomendo o avast e tb o spybot para retirar cookies e outras porcarias ok.

Compartilhar este post


Link para o post
Compartilhar em outros sites
sareston    0
  • Autor do tópico
  • Obrigado Caio,

    eu uso o AVG eo Spybot, mas os vírus desabiliataram tudo...

    Já reinstalei-os em modo de segurança, o AVG reconheceu várias infecções mas não conseguiu resolver nada. O Spybot retirou algumas coisas e ao reiniciar o windows no modo normal, ambos foram desabilitados.

    Na último teste do AVG 7.5, ele acusou as seguintes ocorrências:

    "Backdoor.Shbot.d"

    ""Backdoor.Shbot.c Familia"

    "Downloader.Nurech.h"

    "Logger.Bzub.nbh"

    "Trojan Proxy.JMB"

    I-Worm/Bagle

    Adwaregeneric.BYT

    Acho que eles não param de aumentar, preciso de ajuda por favor!!

    Muito Obrigado, estou realmente desesperado...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    JoseMelo    64

    - Faça o download do Killbox e execute-o:

    • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

    C:\windows\system32\upnp.exe

    C:\WINDOWS\csrss.exe

    C:\WINDOWS\winlogon.exe

    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
    • Clique no killbox.png e responda Não à pergunta.

    - Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

    O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

    O4 - HKLM\..\Run: [np] c:\windows\system32\upnp.exe

    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - Reinicie em modo normal, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    sareston    0
  • Autor do tópico
  • José Muito Obrigado!!

    Aqui vai o novo log, acho que alguns processos continuam aí, pois eu não consigo reiniciar o computador em modo de segurança. Eu aperto F8 e escolho Modo Seguro, mas ele não reinicia... Eu só consigo num modo de segurança intermediário que eu acho que não é suficiente...

    O único item do HijackThis que eu consegui dar um fix foi O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab

    os outros 3 O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

    O4 - HKLM\..\Run: [np] c:\windows\system32\upnp.exe

    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe

    Não apareceream no log qundo eu reiniciei no modo de segurança que eu te disse... Aí vai o log:

    Logfile of HijackThis v1.99.1

    Scan saved at 17:00:15, on 4/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\sm56hlpr.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

    C:\WINDOWS\system32\CTsvcCDA.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\mysql\bin\mysqld-nt.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.podomatic.com/podcast

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [upConfgVer] "C:\Arquivos de programas\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.05.07

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R

    O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\Sptisrv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    JoseMelo    64

    - Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

    - Apague a pasta C:\WINDOWS\exefld

    - Faça um novo scan online e poste o resultado aqui.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    sareston    0
  • Autor do tópico
  • José eu não consigo reiniciar em Modo Seguro!! Eu aperto F8, aí temos a tela preta que diz:

    Modo Seguro

    Modo Seguro (com web)

    Modo Seguro (DOS)

    Nenhum desse 3 reinicia, ele dá um reset no computador e começa tudo de novo, eu volto para a tela preta apertando F8, etc...

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    sareston    0
  • Autor do tópico
  • Aqui vai o online scan e o último log do HiJack This

    KASPERSKY ONLINE SCANNER REPORT

    Thursday, January 04, 2007 9:00:25 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 4/01/2007

    Kaspersky Anti-Virus database records: 241756

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: standard

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    A:\

    C:\

    D:\

    E:\

    Scan Statistics:

    Total number of scanned objects: 62932

    Number of viruses found: 6

    Number of infected objects: 67 / 0

    Number of suspicious objects: 0

    Duration of the scan process: 00:40:12

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\User\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\User\Configurações locais\Histórico\History.IE5\MSHist012007010420070105\index.dat Object is locked skipped

    C:\Documents and Settings\User\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

    C:\mysql\data\mysql.err Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000002.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000005.exe Infected: Trojan-Proxy.Win32.Agent.kj skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000021.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000039.exe Infected: Trojan-Proxy.Win32.Agent.kj skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000040.exe Infected: Trojan-Downloader.Win32.Bagle.be skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000051.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0000180.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001178.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001197.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001206.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001218.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001219.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001220.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001221.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001222.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001223.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001224.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001225.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001226.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001227.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001228.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001229.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001230.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001231.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001232.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001233.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001234.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001235.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001236.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001237.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001238.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001239.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001240.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001241.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001242.exe Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001243.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001244.exe Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001245.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001246.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001247.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001248.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001249.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001250.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001251.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001252.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001253.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001254.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001255.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001256.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001257.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001258.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001259.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001260.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001261.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001262.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001263.exe Infected: Trojan-Downloader.Win32.Bagle.bg skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001264.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001265.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001266.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001267.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001268.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001269.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001270.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001271.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001272.exe Infected: Email-Worm.Win32.Bagle.gy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001273.exe Infected: Email-Worm.Win32.Bagle.fy skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\A0001304.sys Infected: Email-Worm.Win32.Bagle.gz skipped

    C:\System Volume Information\_restore{66604190-DED5-4B7F-9A4F-AC62A9A180D5}\RP1\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    Scan process completed.

    Logfile of HijackThis v1.99.1

    Scan saved at 19:21:56, on 4/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\CTsvcCDA.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\mysql\bin\mysqld-nt.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\system32\WgaTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Winamp\winampa.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\sm56hlpr.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\SpacialAudio\SAM2\SAM2.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.podomatic.com/podcast

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

    O4 - HKLM\..\Run: [upConfgVer] "C:\Arquivos de programas\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.05.07

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R

    O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\Sptisrv.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    sareston    0
  • Autor do tópico
  • Amigos,

    obrigado pela ajuda de todos, mas infelizmente terei que formatar o computador... Sei que os procedimentos aqui são ótimos e eficientes, mas devido ao tempo de resposta (que é assim em qualquer forum) e a urgência que eu tenho, resolvi formatar. Parabéns pelo trabalho, vou ficar ligado por aqui para evitar que novos problemas aconteçam, e se acontecerem, rapidamente postarei minhas dúvidas contando com a ajuda dos senhores....

    Grande Abraço , Ricardo

    obs: estou enviando esse aviso para que meu tópico seja apagado, evitando dificultar para quem estiver procurando alguma informação...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    sareston    0
  • Autor do tópico
  • Estou respondendo só para que os moderadores vejam o post e apaguem o tópico...

    Obrigado!

    Estou respondendo só para que os moderadores vejam o post e apaguem o tópico...

    Obrigado!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×