Boa srs.
Tenho uma rede hibrida, windows xp e vista (30 maquinas).
Um servidor de aplicação e banco de dados 1 é win 2000 SP4 e 1 Win 2003 SP2.
Estava desde 2009 sem atualizar o antivirus. Estou administrando esta rede há dois meses, sendo assim tenho instalado nestes servidores o kaspersky mais atual.
Após instalação do antivirus, começaram a "pipocar" os vírus.
Nem o atualizacao do windows funciona mais.
Pessoal, por favor, preciso muito de ajuda.
O Katspersky pegou os seguintes virus:
* backdoor.win32.poison.hvm
* adware.win32.admoke.cbt
* virus type_win32
* multipacked.multi.generic
Já deixei rolando a noite toda o boot scan da kaspersky mas os virus voltaram a aparecer.
Segue abaixo o resumo do meu hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:41, on 02/05/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tssdis.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\ctfmon.exe
f:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
F:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
F:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Documents and Settings\Acesys\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftp.aceweb.com.br/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Acesys\CONFIG~1\Temp\1\herss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://pop.acesys.com.br
O15 - ESC Trusted Zone: http://www.acesys.com.br
O15 - ESC Trusted Zone: http://get.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://wwwimages.adobe.com
O15 - ESC Trusted Zone: http://rmd.atdmt.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.avast.com
O15 - ESC Trusted Zone: http://www.bing.com
O15 - ESC Trusted Zone: http://www.bpsolutions.com.br
O15 - ESC Trusted Zone: http://www.cis.com.br
O15 - ESC Trusted Zone: http://support.dell.com
O15 - ESC Trusted Zone: http://www.dlink.com.tw
O15 - ESC Trusted Zone: http://www.docx-converter.com
O15 - ESC Trusted Zone: http://fls.doubleclick.net
O15 - ESC Trusted Zone: http://www.downloadatoz.com
O15 - ESC Trusted Zone: http://w13.easy-share.com
O15 - ESC Trusted Zone: http://w14.easy-share.com
O15 - ESC Trusted Zone: http://www.easy-share.com
O15 - ESC Trusted Zone: http://www.firebird-conference.com
O15 - ESC Trusted Zone: http://www.golddiamondinfo.com.br
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://images.google.com.br
O15 - ESC Trusted Zone: http://maps.google.com.br
O15 - ESC Trusted Zone: http://translate.google.com.br
O15 - ESC Trusted Zone: http://www.google.com.br
O15 - ESC Trusted Zone: http://ajax.googleapis.com
O15 - ESC Trusted Zone: http://www-gm-opensocial.googleusercontent.com
O15 - ESC Trusted Zone: http://pop.grupohidromar.com.br
O15 - ESC Trusted Zone: http://webmail.grupohidromar.com.br
O15 - ESC Trusted Zone: http://www.grupohidromar.com.br
O15 - ESC Trusted Zone: http://*.grupohidromar.com.br
O15 - ESC Trusted Zone: http://www.hidromar.com.br
O15 - ESC Trusted Zone: http://h20000.www2.hp.com
O15 - ESC Trusted Zone: http://www.hxph.com.br
O15 - ESC Trusted Zone: http://www.ieaddons.com
O15 - ESC Trusted Zone: http://searchportal.information.com
O15 - ESC Trusted Zone: http://brazil.kaspersky.com
O15 - ESC Trusted Zone: http://www.kaspersky.com.br
O15 - ESC Trusted Zone: http://locamail.locaweb.com.br
O15 - ESC Trusted Zone: http://painel.locaweb.com.br
O15 - ESC Trusted Zone: http://www.locaweb.com.br
O15 - ESC Trusted Zone: http://www.megaupload.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.online.com.br
O15 - ESC Trusted Zone: http://www.onlinebrasil.com.br
O15 - ESC Trusted Zone: http://rs99.rapidshare.com
O15 - ESC Trusted Zone: http://www.scopus.com.br
O15 - ESC Trusted Zone: http://www.soft32.com
O15 - ESC Trusted Zone: http://www.tj.sp.gov.br
O15 - ESC Trusted Zone: http://br.sun.com
O15 - ESC Trusted Zone: http://www.superdownload.us
O15 - ESC Trusted Zone: http://searchg.symantec.com
O15 - ESC Trusted Zone: http://www.symantec.com
O15 - ESC Trusted Zone: http://shell.windows.com
O15 - ESC Trusted Zone: http://www.ziggi.com.br
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.80
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252691346015
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDE9EB8-27D2-42CF-B7EE-4502A93F2D21}: NameServer = 200.204.0.10,200.204.0.138,189.38.95.96,72.233.55.28
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
--
End of file - 10678 bytes
Grato desde já.
luciano vene...
Novo Membro
Registrado
5 Mensagens
0 Curtidas