Sparks 0 Denunciar post Postado Janeiro 3, 2007 Olá Pessoal, sou novo aqui e estou com o problema do "Socket Error #11004" já baixei o Hijack e esta ai o LOG. Logfile of HijackThis v1.99.1 Scan saved at 15:23:11, on 3/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\Arquivos de programas\Winamp\Winampa.exe C:\Arquivos de programas\Windows Defender\MSASCui.exe C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\WINDOWS\sxe17.tmp C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsdmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162760045703 O17 - HKLM\System\CCS\Services\Tcpip\..\{1924A079-0156-4AFF-B399-4F1081D3217E}: NameServer = 200.204.0.10 200.204.0.10 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Por favor galera, fico aguardando a resposta e ajuda. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 3, 2007 Opa Sparks, 1. Baixe o BankerFix. 2. Desative o seu anti-vírus temporariamente. 3. Dê um duplo-clique sobre o bankerfix.exe, aperte Enter e aguarde o término do scan. 4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente. 5. Habilite o seu anti-vírus. 6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\). 7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 4, 2007 jgarcia Fiz os procedimentos de acordo com sua resposta, ai esta o novo log do hijack Logfile of HijackThis v1.99.1 Scan saved at 16:47:14, on 3/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\Arquivos de programas\Winamp\Winampa.exe C:\Arquivos de programas\Windows Defender\MSASCui.exe C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\WINDOWS\sxe17.tmp C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsdmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162760045703 O17 - HKLM\System\CCS\Services\Tcpip\..\{1924A079-0156-4AFF-B399-4F1081D3217E}: NameServer = 200.204.0.10 200.204.0.10 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe INICIANDO BANKER FIX ======================================================= INICIANDO FOX FIX ======================================================= Iniciando Log do PV ----------------------------------- Killing '*' Arquivos a remover ----------------------------------- Arquivos ruins restantes ----------------------------------- Reg Importado ----------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] aparentemente o problema parece estar resolvido muito obrigado pela atenção e ajuda jgarcia :) abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 4, 2007 Opa Sparks, Vamos lá. Habilite o Windows para mostrar todos os arquivos (até ocultos). 1ª Etapa Baixe o CCleaner em: CCleaner Baixe, mas não execute ainda. Baixe o Killbox em: Killbox 1. Execute o Killbox, clique em Delete on Reboot. 2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar. C:\WINDOWS\sxe17.tmp 3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files. 4. Aperte em "X". Responda "não" à pergunta. É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível. 2ª Etapa Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro). Execute o HijackThis, clique em Do a system scan only e marque: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsdmail.com/O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O11 - Options group: [iNTERNATIONAL] International* Clique em Fix Checked. 3ª Etapa Reinicie em Modo Normal. Execute o CCleaner e clique em Executar Cleaner. Poste um novo log do HijackThis. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 4, 2007 Feito! ai está o novo LOG do Hijack Logfile of HijackThis v1.99.1 Scan saved at 14:14:38, on 4/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\Arquivos de programas\Winamp\Winampa.exe C:\Arquivos de programas\Windows Defender\MSASCui.exe C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe D:\Spark\Programas\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsdmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162760045703 O17 - HKLM\System\CCS\Services\Tcpip\..\{1924A079-0156-4AFF-B399-4F1081D3217E}: NameServer = 200.204.0.10 200.204.0.10 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe OBS: reparei que o arquivo sxe17.tmp ficou na C:\!KillBox isso pode ser deletado? Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 4, 2007 isso pode ser deletado? Sim. Pode deletar. Bem, o seu log está LIMPO. :thumbsup: Para finalizar: 1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 4, 2007 Valeo jgarcia obrigado pela ajuda e atenção só gostaria de fazer mais uma pergunta, há outros arquivos sxe na pasta C:\WINDOWS desculpe a ignorancia mas é normal estes arquivos ainda estarem lá? Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 4, 2007 só gostaria de fazer mais uma pergunta, há outros arquivos sxe na pasta C:\WINDOWSdesculpe a ignorancia mas é normal estes arquivos ainda estarem lá? Que ignorância rapaz! Você é bem esperto, pois não é nada normal tais arquivos estarem em C:\WINDOWS. Bem, faça o seguinte: Baixe o SilentRunners. Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo. Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta. Abraços. Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 4, 2007 Olha, bem que eu achei estranho, porque cada vez que eu iniciava minha maquina sempre era um sxe diferente nos processos. Mas então, ai vai o conteúdo do documento... "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Smapp" = "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."] "ASUS Probe" = "C:\Program Files\ASUS\Probe\AsusProb.exe" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "WinampAgent" = ""C:\Arquivos de programas\Winamp\Winampa.exe"" [null data] "Windows Defender" = ""C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide" [MS] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SunJavaUpdateSched" = ""C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo" -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\NVCPL.DLL" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook" \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento" \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\ARQUIV~1\WINDOW~4\MpShHook.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "C:\ARQUIV~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in "Emerson Spark's" & "All Users" startup folders: ----------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar "hp psc 1000 series" -> shortcut to: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."] "hpoddt01.exe" -> shortcut to: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "Microsoft Office" -> shortcut to: "C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "FRU Task #Hewlett-Packard#hp psc 1200 series#1162754293" -> launches: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1162754293"" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Serviço Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Arquivos de programas\MSN Messenger\usnsvc.dll" [MS]} SmartLinkService, SLService, "slserv.exe" [" "] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Windows Defender, WinDefend, ""C:\Arquivos de programas\Windows Defender\MsMpEng.exe"" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = "hpzsnt07.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 58 seconds, including 18 seconds for message boxes) Fico aguardando a resposta, jgarcia. Abraços :) Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 5, 2007 Opa Sparks, Baixe o F-Secure Blacklight em: F-Secure Blacklight Salve-o em sua área de trabalho e o execute. Aceite o acordo. Se ele encontrar algum arquivo, ignore, pois quero apenas o log. Ao final do scan será gerado o arquivo fsb-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 6, 2007 Opa, jgarciaai está o log01/05/07 22:22:03 [info]: BlackLight Engine 1.0.55 initialized01/05/07 22:22:03 [info]: OS: 5.1 build 2600 (Service Pack 2)01/05/07 22:22:03 [Note]: 7019 401/05/07 22:22:03 [Note]: 7005 001/05/07 22:22:24 [Note]: 7006 001/05/07 22:22:24 [Note]: 7011 158401/05/07 22:22:25 [Note]: 7026 001/05/07 22:22:25 [Note]: 7026 001/05/07 22:22:31 [Note]: FSRAW library version 1.7.102101/05/07 22:27:49 [Note]: 7007 0Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 7, 2007 Opa Sparks, Execute o Active Scan da Panda e retorne com o resultado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 8, 2007 Opa, garciaIncident Status Location Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@ad.yieldmanager[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@atdmt[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@atdmt[3].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@bravenet[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@casalemedia[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@de.uol.com[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@fastclick[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@ig.com[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@media.fastclick[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@revenue[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@statcounter[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@uol.com[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@uol.com[3].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@zedo[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.uol.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[de.uol.com.br/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.2o7.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.google.com.br/] Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe10.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe11.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe12.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe13.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe14.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe15.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe16.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe3.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe4.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe5.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe59.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe6.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe7.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe8.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxe9.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeA.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeB.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeC.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeD.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeE.tmp Virus:Trj/Banbra.DQE Disinfected C:\WINDOWS\sxeF.tmp Hacktool:HackTool/Flood Not disinfected D:\Spark\Scripts\CyberScript32\sistema\dlls\nHTMLn.dll Virus:Bck/IRCFlood.S Not disinfected D:\Spark\Scripts\xtreme822.rar[xtreme822\sys\dlls\aircdll.dll] Hacktool:HackTool/Flood Not disinfected D:\Spark\Scripts\xtreme822.rar[xtreme822\sys\dlls\nHTMLn.dll] ai está o resultado.Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 8, 2007 Opa Sparks, Vamos lá. 1ª Etapa 1. Execute o Killbox, clique em Delete on Reboot. 2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar. D:\Spark\Scripts\CyberScript32\sistema\dlls\nHTMLn.dll D:\Spark\Scripts\xtreme822.rar 3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files. 4. Aperte em "X". Responda "não" à pergunta. 2ª Etapa Reinicie em Modo Normal. Execute o CCleaner e clique em Executar Cleaner. Execute o Active Scan da Panda novamente e verifique se ainda detecta algo. Aguardo retorno. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 8, 2007 Opa, garcia ai esta o resultado do novo scan Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@atdmt[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Cookies\emerson_spark's@uol.com[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[de.uol.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.uol.com.br/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emerson Spark's\Dados de aplicativos\Mozilla\Firefox\Profiles\sva1i9wm.default\cookies.txt[.atdmt.com/] Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 9, 2007 Opa Sparks, O seu PC pode ser considerado LIMPO. :thumbsup: A presença de cookies é inevitável, pois eles se fazem necessários ao acesso de inúmeros sites. Execute o CCleaner uma vez por semana para manter-se livre deles. ;) Para finalizar execute as ações contidas no Post #6. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sparks 0 Denunciar post Postado Janeiro 10, 2007 Opa, tudo certo então jgarcia, problema totalmente resolvido ^_^ Agradeço mais uma vez pela ajuda e atenção. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 10, 2007 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
