Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Desculpe, mas somente mais tarde vi a regra do Fórum para naõ postar mais de uma mensagem. Vou evitar a repetição de posts e ser conciso. Obrigado.
O trojan-Downloader.Win32.Banload.bfn foi executado a partir de abertura de um e-mail acusando dívida e nome sujo no SPC.
O antivírus AVS detectou imediatamente :
File: C:\Documents and Settings\Configurações locais\Temporary Internet Files\Content.IE5\KZHZ2AF9\static[1].scr/YodaProt
Como eliminar as ameaças? Segue logfile Hijack. Obrigado
Logfile of HijackThis v1.99.1
Scan saved at 16:39:47, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\regedit.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab
O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab
O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)
1)Apliquei o bankerfix segue log.
2)Logo abaixo, novo logfile do hijack.
3)Segue relatório do Bit defender. (módo report, para não apagar arquivos errados)
Por favor analise. Ainda acho que há ameaças.
BankerFix 2.3 - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
Data: 9/7/2007 - 12:30
-------------------------------------------------------
Lista de Definição: 2007-07-08-1
=======================================================
Log do FoxFix
=======================================================
Iniciando Log do PV
-----------------------------------
Killing '*'
Arquivos a remover
-----------------------------------
Arquivos ruins restantes
-----------------------------------
Reg Importado
-----------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Logfile of HijackThis v1.99.1
Scan saved at 12:39:13, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab
O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab
O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)
3)
BitDefender Online Scanner
Scan report generated at: Mon, Jul 09, 2007 - 13:23:22
Scan path: A:\;C:\;D:\;
Statistics
Time
00:22:26
Files
56597
Folders
3186
Boot Sectors
2
Archives
380
Packed Files
211
Results
Identified Viruses
1
Infected Files
2
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
483833
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
2
Archive plugins
10
Unpack plugins
2
E-mail plugins
1
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Infected with: DeepScan:Generic.Banker.OT.69D402D0
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Disinfection failed
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Deleted
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Suspected of: BehavesLike:Win32.SMTP-Mailer
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Disinfection failed
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Deleted
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Infected with: DeepScan:Generic.Banker.OT.69D402D0
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Disinfection failed
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Deleted
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
1)Apliquei o bankerfix segue log.
2)Logo abaixo, novo logfile do hijack.
3)Segue relatório do Bit defender. (módo report, para não apagar arquivos errados)
Por favor analise. Ainda acho que há ameaças.
BankerFix 2.3 - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
Data: 9/7/2007 - 12:30
-------------------------------------------------------
Lista de Definição: 2007-07-08-1
=======================================================
Log do FoxFix
=======================================================
Iniciando Log do PV
-----------------------------------
Killing '*'
Arquivos a remover
-----------------------------------
Arquivos ruins restantes
-----------------------------------
Reg Importado
-----------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Logfile of HijackThis v1.99.1
Scan saved at 12:39:13, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab
O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab
O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)
3)
BitDefender Online Scanner
Scan report generated at: Mon, Jul 09, 2007 - 13:23:22
Scan path: A:\;C:\;D:\;
Statistics
Time
00:22:26
Files
56597
Folders
3186
Boot Sectors
2
Archives
380
Packed Files
211
Results
Identified Viruses
1
Infected Files
2
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
483833
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
2
Archive plugins
10
Unpack plugins
2
E-mail plugins
1
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Infected with: DeepScan:Generic.Banker.OT.69D402D0
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Disinfection failed
C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe
Deleted
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Suspected of: BehavesLike:Win32.SMTP-Mailer
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Disinfection failed
C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe
Deleted
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Infected with: DeepScan:Generic.Banker.OT.69D402D0
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Disinfection failed
C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe
Deleted