Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Gramo Charles

[Resolvido!]Trojan.Dropper e Anserin

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Gramo Charles    0

Gramo Charles
Postado

Pessoal da area técnica, SOCORRO!

 

Estou criando meu segundo tópico.

O Antecessor continua problemático, aguardo humildemente (em silêncio) a ajuda dos moderadores.

 

Porém, entre testes, pesquisas e dicas de amigos, conclui que o Norton 2005 é uma M****.

 

 

Este log que lhes envio é de outro ( REPITO: OUTRO ) PC.

 

Especialmente este, necessito eliminar quaisquer sejam os malwares, spywares, trojans, etc, bem como otimiza-lo ao máximo por ser utilizado em diversas arduas tarefas (gravação de dvd entre outras).

 

Disponho de nivel médio em conhecimento de Windows e entre todos fóruns que pesquisei, conclui que o iMasters é uma boa base para adquirir novos conhecimentos.

 

 

Utilizo Norton SW2005 + Spybot + MV RegClean.

 

 

Desde já, agradeço todas colaborações,

Charles

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 02:20:14, on 5/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\SnMgrSvc.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O1 - Hosts: 127.255.255.255 www.getright.com

O1 - Hosts: 127.255.255.255 pro.getright.com

O1 - Hosts: 127.255.255.255 www.headlightinc.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/ghostri.../vivid_ocx.jpeg

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Gramo Charles    0

Gramo Charles
Postado

Utilizei o HostsXpert conforme indicado.

 

O Kaspersky Online Scanner pediu um arquivo "002E08D9.key" mesmo após ter configurado o nível de segurança para Médio no I.E.

 

Usei o BitDefender Online Scanner que na primeira verificação não permitiu salvar o log.

 

Aguardo mais instruções e agradeço ao Raphael436 toda atenção dispensada.

 

O log é este:

 

 

BitDefender Online Scanner - Real Time Virus Report

Scanner - Real Time Virus Report

Generated at: Thu, Sep 06, 2007 - 00:21:48

 

 

Scan Info

Scanned Files493585

Infected Files13

 

 

Virus Detected

Dropped:Trojan.Downloader.Small.61

Generic.Adw.SaveNow.03A3F7B03

Dropped:Application.Adware.NewDotNet.A1

Application.Spyware.WebHancer.A1

Trojan.Downloader.Small.AZF1

Trojan.Spy.Bancos.AAM1

Adware.CyDoor1

Adware.BrilliView.A1

Generic.Adw.SaveNow.F81842B91

Trojan.Dropper.Hamer.B2

 

 

This summary of the scan process will be used by the BitDefender Antivirus

Lab to create agregate statistics about virus activity around the world.

 

 

Há também este relatório gerado:

 

 

 

BitDefender Online Scanner -Scan Report

Scan report generated at: Wed, Sep 05, 2007 - 22:28:39

 

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;

 

Statistics

 

Time02:46:28

Files481802

Folders10174

Boot Sectors5

Archives15184

Packed Files32569

 

Results

 

Identified Viruses 10

Infected Files 13

Suspect Files 0

Warnings0

Disinfected0

Deleted Files16

 

Engines Info

 

Virus Definitions789008

Engine buildAVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins14

Archive plugins38

Unpack plugins7

E-mail plugins6

System plugins1

 

Scan Settings

 

First ActionDisinfect

Second ActionDelete

HeuristicsYes

Enable WarningsYes

Scanned Extensions*;

Exclude Extensions

Scan EmailsYes

Scan ArchivesYes

Scan PackedYes

Scan FilesYes

Scan BootYes

 

 

 

 

 

Scanned File Status

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\194E06C5.tmp=>(Quarantine-2)

Infected with: Trojan.Spy.Bancos.AAM

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\194E06C5.tmp=>(Quarantine-2)

Disinfection failed

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\194E06C5.tmp=>(Quarantine-2)

Deleted

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4400DE=>(Quarantine-2)

Infected with: Trojan.Dropper.Hamer.B

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4400DE=>(Quarantine-2)

Disinfection failed

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4400DE=>(Quarantine-2)

Deleted

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4A54D7=>(Quarantine-2)

Infected with: Trojan.Dropper.Hamer.B

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4A54D7=>(Quarantine-2)

Disinfection failed

 

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\Quarantine\1D4A54D7=>(Quarantine-2)

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0050=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.03A3F7B0

 

C:\Install\...\wfallsfree.exe=>wise0050=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0050=>(CAB Sfx r)=>VVSN.exe

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0050=>(CAB Sfx r)

Update failed

 

C:\Install\...\wfallsfree.exe=>wise0051=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.03A3F7B0

 

C:\Install\...\wfallsfree.exe=>wise0051=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0051=>(CAB Sfx r)=>VVSN.exe

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0051=>(CAB Sfx r)

Update failed

 

C:\Install\...\wfallsfree.exe=>wise0052=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.03A3F7B0

 

C:\Install\...\wfallsfree.exe=>wise0052=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0052=>(CAB Sfx r)=>VVSN.exe

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0052=>(CAB Sfx r)

Update failed

 

C:\Install\...\wfallsfree.exe=>wise0053=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.F81842B9

 

C:\Install\...\wfallsfree.exe=>wise0053=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0053=>(CAB Sfx r)=>VVSN.exe

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0053=>(CAB Sfx r)

Update failed

 

C:\Install\...\wfallsfree.exe=>wise0054

Infected with: Dropped:Application.Adware.NewDotNet.A

 

C:\Install\...\wfallsfree.exe=>wise0054

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0054

Deleted

 

C:\Install\...\wfallsfree.exe

Update failed

 

C:\Install\...\wfallsfree.exe=>wise0055=>(RAR Sfx o)=>WhAgent.exe

Detected with: Application.Spyware.WebHancer.A

 

C:\Install\...\wfallsfree.exe=>wise0055=>(RAR Sfx o)=>WhAgent.exe

Disinfection failed

 

C:\Install\...\wfallsfree.exe=>wise0055=>(RAR Sfx o)=>WhAgent.exe

Deleted

 

C:\Install\...\wfallsfree.exe=>wise0055=>(RAR Sfx o)

Update failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 5)=>(ZIP Sfx s)=>cd_htm.dll

Detected with: Adware.CyDoor

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 5)=>(ZIP Sfx s)=>cd_htm.dll

Disinfection failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 5)=>(ZIP Sfx s)=>cd_htm.dll

Deleted

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 5)=>(ZIP Sfx s)

Updated

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 5)

Update failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 6)

Infected with: Dropped:Trojan.Downloader.Small.6

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 6)

Disinfection failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 6)

Deleted

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)

Update failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 9)=>(Inno Installer o)=>(Inno Module 3)

Infected with: Trojan.Downloader.Small.AZF

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 9)=>(Inno Installer o)=>(Inno Module 3)

Disinfection failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 9)=>(Inno Installer o)=>(Inno Module 3)

Deleted

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 9)=>(Inno Installer o)

Update failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 29)=>bdeviewer.exe

Detected with: Adware.BrilliView.A

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 29)=>bdeviewer.exe

Disinfection failed

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 29)=>bdeviewer.exe

Deleted

 

C:\Sistemas\...\Programas\SETUP.EXE=>(Instyler o)=>(Instyler Module 29)

Update failed

Compartilhar este post

Link para o post
Compartilhar em outros sites

raphael436    0

raphael436
Postado

Baixe o killbox, Copie o conteúdo das linhas em negrito abaixo:

C:\Install\...\wfallsfree.exe

C:\Sistemas\...\Programas\SETUP.EXE

Execute o Killbox. Marque a opção Delete on Reboot. Vá em File, Paste from Clipboard.

Clique no botão All Files, então clique no killboxdl5tf5.png e responda Não (No) à pergunta.

 

Faça downlaod do Ccleaner

 

Abra o programa e clique em Executar Limpeza;

Após isto, clique em Erros > Procurar erros > Corrigir Erros

 

Faça um novo log do hijackthis e cole na sua resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Gramo Charles    0

Gramo Charles
Postado

Obtive exito nesses passos.

 

Entre os aplicativos infectados, podes me dizer quais terei que reinstalar ?

 

O Nero é o que mais me preocupa.

 

Mais alguma sugestão ?

Posso habilitar a restauração so sistema ?

 

agradecido,

Charles

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:14:39, on 7/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\SnMgrSvc.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AUpdate.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\5jhDa7mn.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/ghostri.../vivid_ocx.jpeg

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

Este log fiz depois de reiniciar o sistema.

Parece ainda estar infectado pois abre alguns Pop-ups

Compartilhar este post

Link para o post
Compartilhar em outros sites

raphael436    0

raphael436
Postado

Baixe o killbox, Copie o conteúdo da linha em negrito abaixo:

C:\WINDOWS\system32\5jhDa7mn.dll

Execute o Killbox. Marque a opção Delete on Reboot. Vá em File, Paste from Clipboard.

Clique no botão All Files, então responda No à pergunta.

 

Abra o hijackthis marque se ainda estiver a entrada

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\5jhDa7mn.dll

e clique em fix checked

 

Faça um novo log e cole na sua resposta

Compartilhar este post

Link para o post
Compartilhar em outros sites

Gramo Charles    0

Gramo Charles
Postado

Ola !

 

Executei as tarefas conforme pedido. Só tenho duvida se devia ter reiniciado o pc ou não.

 

Este log foi criado sem reiniciar.

 

muito grato por toda atenção oferecida.

 

Charles

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:55:54, on 8/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\SnMgrSvc.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis\HijackThis.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.sonypictures.com/movies/ghostri.../vivid_ocx.jpeg

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito