Jump to content



Foto

Análise de log (''nao é um aplicativo win32 valido'')




Existem 10 respostas neste tópico

#11 ..AMCN..    

..AMCN..
  • Participante
  • 6 mensagens

Publicado 17 May 2008 - 03:25 PM

BitDefender Online Scanner Scan report generated at: Sat, May 17, 2008 - 14:44:08 Scan path: A:\;C:\;D:\;E:\;F:\; Statistics Time 01:42:19 Files 198473 Folders 6754 Boot Sectors 2 Archives 2182 Packed Files 10090 Results Identified Viruses 4 Infected Files 7 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 7 Engines Info Virus Definitions 1194985 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 16 Archive plugins 42 Unpack plugins 7 E-mail plugins 6 System plugins 5 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File

Status

C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Detected with: Application.Irc.Flood.Tool.E C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Disinfection failed C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Deleted C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o) Update failed C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o)=>zlib_nsis0009 Infected with: Backdoor.Mircbased.X C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o)=>zlib_nsis0009 Deleted C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o) Update failed C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar=>Installer-Crack-Keygen.exe Infected with: Worm.P2P.Agent.N C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar=>Installer-Crack-Keygen.exe Deleted C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0005 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0006 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0006 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0007 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0007 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0009 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0009 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failedHijackThis atual (n sei se pode ser util para algo, mas ta aí) =]Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:21:49, on 17/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Media Player\wmplayer.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Guitar Pro 5\GP5.exeC:\Documents and Settings\user\Desktop\teste.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{96A2116B-A4A4-4DE2-B82F-C693487154E6}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE--End of file - 4659 bytesHijackThis atualizado:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:21:49, on 17/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Media Player\wmplayer.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Guitar Pro 5\GP5.exeC:\Documents and Settings\user\Desktop\teste.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{96A2116B-A4A4-4DE2-B82F-C693487154E6}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE--End of file - 4659 bytes