Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Pirando

[Arquivado]Puper

Recommended Posts

Pessoal, na semana passada o Trojan Puper infectou meu PC. Depois de muita dor de cabeça, acho que eliminei a praga. Mas ficaram no PC dois executáveis que não páram perturbar com pop-ups e mensagens de alerta. Os executáveis são PMMON (3Kb) e PMSNGR (12Kb), que estão na pasta Perfect Codec em Arquivos de Programa.Alguém poderia me ajudar a eliminar essas coisas?Gil (Pirando)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Pirando,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Garcia, aqui está o LOG atual do HijackThis:

 

Gil (Pirando)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:03:24, on 2/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

c:\arquiv~1\mcafee\mcafee antispyware\massrv.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\Explorer.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfService.exe

C:\ARQUIV~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Arquivos de programas\Perfect Codec\pmsngr.exe

C:\ARQUIV~1\INTERN~2\MTRMMKey.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\Services\ServiceLayer.exe

C:\Arquivos de programas\Perfect Codec\pmmon.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\NCLTools\NclTray.exe

C:\Arquivos de programas\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Arquivos de programas\Acelerador Click21\click21core.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\ARQUIV~1\INTERN~2\KBOSDCtl.EXE

C:\ARQUIV~1\INTERN~2\KCodeMsg.EXE

C:\arquiv~1\mcafee\MCAFEE~1\masalert.exe

C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

C:\ARQUIV~1\mcafee.com\mps\mscifapp.exe

C:\ARQUIV~1\McAfee\SPAMKI~1\MskAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Acelerador Click21\click21gui.exe

C:\Arquivos de programas\IC Media Corp\ICM532\Launchpad.exe

C:\Arquivos de programas\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Arquivos de programas\Click21\DialUP.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realevent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

c:\arquivos de programas\mcafee.com\agent\mcupdate.exe

C:\Arquivos de programas\McAfee\McAfee QuickClean\PlgUni.exe

c:\arquivos de programas\mcafee.com\agent\mcagent.exe

C:\HJHIST\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luigi-milena.splinder.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.semptoshiba.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.portaldogame.cjb.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...SsFL7YnAc4unQ==

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\DAPBHO.dll

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Arquivos de programas\Perfect Codec\isaddon.dll (file missing)

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\arquivos de programas\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\arquivos de programas\mcafee.com\mps\popupkiller.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Arquivos de programas\Acelerador Click21\PBHelper.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\ARQUIV~1\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Arquivos de programas\Starware\bin\Starware.dll (file missing)

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Arquivos de programas\DAP\DAPIEBar.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL (file missing)

O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Arquivos de programas\Starware\bin\Starware.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Arquivos de programas\Perfect Codec\iesplugin.dll (file missing)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [MontereyMediaKey] C:\ARQUIV~1\INTERN~2\MTRMMKey.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Piolet] C:\Arquivos de programas\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [serviceLayer] C:\Arquivos de programas\Arquivos comuns\Nokia\Services\ServiceLayer.exe

O4 - HKLM\..\Run: [Nokia Tray Application] C:\Arquivos de programas\Arquivos comuns\Nokia\NCLTools\NclTray.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Arquivos de programas\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [slipStream] "C:\Arquivos de programas\Acelerador Click21\click21core.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\ARQUIV~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [_AntiSpyware] c:\arquiv~1\mcafee\MCAFEE~1\masalert.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MPFExe] C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\ARQUIV~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\ARQUIV~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\ARQUIV~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [CleanUp] C:\ARQUIV~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Arquivos de programas\McAfee\McAfee QuickClean\Plguni.exe /START

O4 - Startup: HotSync Manager.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

O4 - Global Startup: Acelerador Click21.lnk = C:\Arquivos de programas\Acelerador Click21\click21gui.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Launchpad.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Arquivos de programas\Acelerador Click21\gui_resource.dll/328

O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Arquivos de programas\Acelerador Click21\gui_resource.dll/327

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\ARQUIV~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\ARQUIV~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07f9f4c44f2010...RdxIE601_br.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07B8AA10-D603-42C2-A392-30DF39A9341C}: NameServer = 200.227.128.21 200.227.128.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{07B8AA10-D603-42C2-A392-30DF39A9341C}: NameServer = 200.227.128.21 200.227.128.20

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\arquiv~1\mcafee\mcafee antispyware\massrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARQUIV~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\ARQUIV~1\McAfee\SPAMKI~1\MSKSrvr.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Pirando,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 1;

 

5. Poste o log gerado pelo SmitfraudFix (opção 1).

 

Aguardo breve retorno.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.