[Arquivado] Log file Hijack

[mendingo 0]

Desculpe, mas somente mais tarde vi a regra do Fórum para naõ postar mais de uma mensagem. Vou evitar a repetição de posts e ser conciso. Obrigado.

 

O trojan-Downloader.Win32.Banload.bfn foi executado a partir de abertura de um e-mail acusando dívida e nome sujo no SPC.

 

O antivírus AVS detectou imediatamente :

File: C:\Documents and Settings\Configurações locais\Temporary Internet Files\Content.IE5\KZHZ2AF9\static[1].scr/YodaProt

 

Como eliminar as ameaças? Segue logfile Hijack. Obrigado

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:39:47, on 8/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\regedit.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab

O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)

 

 

 

1)Apliquei o bankerfix segue log.

2)Logo abaixo, novo logfile do hijack.

3)Segue relatório do Bit defender. (módo report, para não apagar arquivos errados)

 

Por favor analise. Ainda acho que há ameaças.

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 9/7/2007 - 12:30

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:39:13, on 9/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab

O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)

 

 

 

3)

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Mon, Jul 09, 2007 - 13:23:22

 

 

 

 

 

Scan path: A:\;C:\;D:\;

 

 

 

 

 

 

 

Statistics

 

Time

00:22:26

 

Files

56597

 

Folders

3186

 

Boot Sectors

2

 

Archives

380

 

Packed Files

211

 

 

 

 

Results

 

Identified Viruses

1

 

Infected Files

2

 

Suspect Files

1

 

Warnings

0

 

Disinfected

0

 

Deleted Files

3

 

 

 

 

Engines Info

 

Virus Definitions

483833

 

Engine build

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

 

Scan plugins

2

 

Archive plugins

10

 

Unpack plugins

2

 

E-mail plugins

1

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Infected with: DeepScan:Generic.Banker.OT.69D402D0

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Disinfection failed

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Deleted

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Suspected of: BehavesLike:Win32.SMTP-Mailer

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Disinfection failed

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Deleted

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Infected with: DeepScan:Generic.Banker.OT.69D402D0

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Disinfection failed

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Deleted

[mendingo 0]

1)Apliquei o bankerfix segue log.

2)Logo abaixo, novo logfile do hijack.

3)Segue relatório do Bit defender. (módo report, para não apagar arquivos errados)

 

Por favor analise. Ainda acho que há ameaças.

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 9/7/2007 - 12:30

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:39:13, on 9/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: ADVFN 4v4 - http://br.advfn.com/p.php?pid=loadercab

O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{B12F4919-B356-402E-9335-B274C35725AC}: NameServer = 200.204.0.10 200.204.0.10

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WinConnection V3.5e (WinConnection) - Unknown owner - C:\ARQUIV~1\Winco\WINCON~1\WINCOGAT.EXE

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TightVNC-unstable\WinVNC.exe" -service (file missing)

 

 

 

3)

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Mon, Jul 09, 2007 - 13:23:22

 

 

 

 

 

Scan path: A:\;C:\;D:\;

 

 

 

 

 

 

 

Statistics

 

Time

00:22:26

 

Files

56597

 

Folders

3186

 

Boot Sectors

2

 

Archives

380

 

Packed Files

211

 

 

 

 

Results

 

Identified Viruses

1

 

Infected Files

2

 

Suspect Files

1

 

Warnings

0

 

Disinfected

0

 

Deleted Files

3

 

 

 

 

Engines Info

 

Virus Definitions

483833

 

Engine build

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

 

Scan plugins

2

 

Archive plugins

10

 

Unpack plugins

2

 

E-mail plugins

1

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Infected with: DeepScan:Generic.Banker.OT.69D402D0

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Disinfection failed

 

C:\Arquivos de programas\AntiSpam UOL\UOLAntiSpam.exe

Deleted

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Suspected of: BehavesLike:Win32.SMTP-Mailer

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Disinfection failed

 

C:\Arquivos de programas\MicroPower Software\Delta Translator 2.0\Registro.exe

Deleted

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Infected with: DeepScan:Generic.Banker.OT.69D402D0

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Disinfection failed

 

C:\Documents and Settings\Configurações locais\Temp\ASsetup.exe

Deleted

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.