Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

frlouzada

[Resolvido!]Analizem meu log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

frlouzada    0

frlouzada
Postado

Fala galera... meu pc anda meio difícil de desligar/reiniciar, tendo que apertar umas 3 vezes no botão para que isso aconteça.

Peço que dêem uma olhada no meu log e me ajudem em como proceder para limpar. Acho que meu log está imundo!

 

Logfile of HijackThis v1.99.1

Scan saved at 07:48:52, on 19/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\McAfee\MPS\mps.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\McAfee\MPS\mpsevh.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe

D:\Arquivos de programas\Nero\InCD\InCD.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\etMon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe

C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

C:\WINDOWS\system32\ExCorp.exe

C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

C:\ARQUIV~1\McAfee\MSC\McLogCln.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Brother\Brmfcmon\BrMfcmon.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Fabiano\Desktop\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pofmnyuthhirpqjgfjo.com/B1JLwHX...nOC37Qup9G2.jsp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acap-es.org.br/frl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O2 - BHO: (no name) - {7314B1E5-0A0B-F5CF-E6E3-0BD4050D0327} - C:\DOCUME~1\JOOFRA~1.JFL\DADOSD~1\showfour\Type Pile.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A9674A02-C8E5-FBFD-7BE7-D8D20107530E} - C:\DOCUME~1\JOOFRA~1.JFL\DADOSD~1\showfour\Type Pile.exe (file missing)

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\arquivos de programas\mcafee\mps\mcpopup.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O4 - HKLM\..\Run: [MPFTray] C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Nero\InCD\InCD.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] D:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Arquivos de programas\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [McLogLch_exe] C:\Arquivos de programas\McAfee\MSC\McLogLch.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [ExCorp] C:\WINDOWS\system32\ExCorp.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] D:\Arquivos de programas\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\ARQUIV~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Arquivos de programas\Acrobat Reader\Reader\reader_sl.exe

O4 - Global Startup: ExCorp.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Status Monitor.lnk = C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,25/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá frlouzada! Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um hacker. É recomendável que troque as mesmas.

 

Baixe > BankerFix

 

Desative o seu anti vírus temporariamente, para não haver conflitos.

 

Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu anti vírus.

 

Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt

 

Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\

Compartilhar este post

Link para o post
Compartilhar em outros sites

frlouzada    0

frlouzada
Postado

Feito...

E agora tá limpo?!

Uma dúvida: Esse trojan envia só as senhas que são digitadas, ou envia também as senhas que já estão memorizadas? E quando a senha é digitada em uma teclado virtual, como por exemplo no site da Caixa Econômica, também captura?

valeu []'s

 

HijackThis.log

Logfile of HijackThis v1.99.1

Scan saved at 19:45:30, on 19/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\McAfee\MPS\mps.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\McAfee\MPS\mpsevh.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

D:\Arquivos de programas\Nero\InCD\InCD.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\etMon.exe

C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe

C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

C:\ARQUIV~1\McAfee\MSC\McLogCln.exe

C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

C:\Arquivos de programas\Brother\Brmfcmon\BrMfcmon.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Documents and Settings\Fabiano\Desktop\hijackthis.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pofmnyuthhirpqjgfjo.com/B1JLwHX...nOC37Qup9G2.jsp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acap-es.org.br/frl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O2 - BHO: (no name) - {7314B1E5-0A0B-F5CF-E6E3-0BD4050D0327} - C:\DOCUME~1\JOOFRA~1.JFL\DADOSD~1\showfour\Type Pile.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A9674A02-C8E5-FBFD-7BE7-D8D20107530E} - C:\DOCUME~1\JOOFRA~1.JFL\DADOSD~1\showfour\Type Pile.exe (file missing)

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\arquivos de programas\mcafee\mps\mcpopup.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O4 - HKLM\..\Run: [MPFTray] C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Nero\InCD\InCD.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] D:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Arquivos de programas\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [McLogLch_exe] C:\Arquivos de programas\McAfee\MSC\McLogLch.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] D:\Arquivos de programas\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\ARQUIV~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Arquivos de programas\Acrobat Reader\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Status Monitor.lnk = C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,25/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

relatorio.txt

INICIANDO BANKER FIX

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\ExCorp.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ExCorp.exe

Arquivo infectado removido com sucesso!

 

 

INICIANDO FOX FIX

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, o banker age com efeito de keylogger. Captura o que é digitado. Pode roubar senhas mesmo usando o teclado virtual. Veja mais:

 

http://linhadefensiva.uol.com.br/2006/11/top-nov-06

 

O log ainda não está limpo. Mostra um problema com o adware Lop que foi instalado junto com o Messenger Plus, ao aceitar o patrocínio. Mesmo desinstalando o Plus, o Lop pode permanecer.

 

ETAPA 1

 

Baixe primeiro o FindLop > Extraia os arquivos para uma pasta própria mas não use ainda.

 

Faça o download do Lop Uninstaller de uma das URLs abaixo:

 

http://lop.com/new_uninstall.exe

 

http://homepage.ntlworld.com/tc.alpha85/lo...w_uninstall.exe

 

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

 

Desabilite seu antivírus e qualquer antispyware. Rode-o. Coloque os números e confirme.

 

Faça um scan com o HijackThis e salve o log.

 

Rode o findlop.bat e depois localize o findlop.txt em C:\

 

Ative novamente o anti vírus e os anti spywares.

 

 

ETAPA 2

 

Acesse http://virusscan.jotti.org/

 

Siga as instruções para o upload do arquivo: etMon.exe

 

No site, clique em Procurar. O arquivo está em:

 

C:\WINDOWS\etMon.exe <<< aqui

 

Clique em Submit e aguarde o resultado da análise aparecer. Salve e poste.

 

 

Poste:

 

Log do HijackThis

findlop.txt

resultado do Jotti

Compartilhar este post

Link para o post
Compartilhar em outros sites

frlouzada    0

frlouzada
Postado

Lá vai...

Espero que agora esteja OK!

 

Logfile of HijackThis v1.99.1

Scan saved at 01:34:49, on 23/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\McAfee\MPS\mps.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\Arquivos de programas\McAfee\MPS\mpsevh.exe

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe

D:\Arquivos de programas\Nero\InCD\InCD.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\etMon.exe

C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe

C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\arquivos de programas\mcafee\msc\mcuimgr.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Fabiano\Desktop\Ferramentas Defesa\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww1.brd.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\arquivos de programas\mcafee\mps\mcpopup.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O4 - HKLM\..\Run: [MPFTray] C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Nero\InCD\InCD.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] D:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Arquivos de programas\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Arquivos de programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [MskAgentexe] C:\Arquivos de programas\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] D:\Arquivos de programas\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\ARQUIV~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Arquivos de programas\Acrobat Reader\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Status Monitor.lnk = C:\Arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,25/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\4608\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0010091166775697) (0010091166775697mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP1009~1.EXE

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Nero\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\SiteAdvisor\4608\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1098648446

.job'

[TRACE] Printing all job properties

 

ApplicationName: 'D:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'

Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1098648446"'

WorkingDirectory: ''

Comment: ''

Creator: 'João Francisco'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 00/00/0000 0:00:00

StartError: SCHED_S_TASK_HAS_NOT_RUN

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 1

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

No triggers

 

 

[TRACE] Activating job 'McDefragTask.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\WINDOWS\system32\defrag.exe'

Parameters: 'C: -f'

WorkingDirectory: ''

Comment: 'Desfragmentador de disco'

Creator: 'João Francisco'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 01/15/2007 1:00:00

StartError: SCHED_S_TASK_HAS_NOT_RUN

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: MonthlyDate

Days: 15

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 09/28/2006

EndDate: 00/00/0000

StartTime: 01:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'McQcTask.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\arquivos de programas\mcafee\mqc\QcConsol.exe'

Parameters: '14 0'

WorkingDirectory: 'c:\arquivos de programas\mcafee\mqc'

Comment: 'McAfee McAfee QuickClean'

Creator: 'João Francisco'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 01/01/2007 1:00:00

StartError: SCHED_S_TASK_HAS_NOT_RUN

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: MonthlyDate

Days: 1

Months: JanFebMarAprMayJunJulAugSepOctNovDec

StartDate: 09/28/2006

EndDate: 00/00/0000

StartTime: 01:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Scanner results

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Está tudo OK. Apenas marque esta entrada abaixo e clique em Fix checked:

 

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

 

Depois, para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

 

Abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito