Ir para conteúdo
Fórum Script Brasil

katia-boop

Membros
  • Total de itens

    6
  • Registro em

  • Última visita

Sobre katia-boop

katia-boop's Achievements

0

Reputação

  1. Sim..fiz tudo conforme foi pedido.. e o vírus ainda continua aqui. Aguardo instruções. Obrigada Kátia
  2. Olá, Renato.. Após desativar e ativar a restauração do sistema, reiniciei o pc. Logo em seguida, veio aviso de um killfiles. Selecionei excluir. Aí vai o resultado do log do pocket killbox Katia Pocket Killbox version Running on Windows XP as Administrador(Administrator) was started @ segunda-feira, outubro 01, 2007, 10:35 AM Killbox Closed(Exit) @ 10:43:05 AM __________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator) was started @ segunda-feira, outubro 01, 2007, 10:43 AM Killbox Closed(Exit) @ 10:43:39 AM __________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator) was started @ segunda-feira, outubro 01, 2007, 10:43 AM # 1 [Delete on Reboot] Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe # 2 [Delete on Reboot] Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe # 3 [Delete on Reboot] Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe # 4 [Delete on Reboot] Path = C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe # 5 [Delete on Reboot] Path = C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Killbox Closed(Exit) @ 11:03:54 AM __________________________________________________ Pocket Killbox version Running on Windows XP as Administrador(Administrator) was started @ segunda-feira, outubro 01, 2007, 11:23 AM Killbox Closed(Exit) @ 11:23:44 AM __________________________________________________
  3. Aí vão os dois escaneamentos, Renato.. Obrigda, K. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, September 29, 2007 6:00:02 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 29/09/2007 Kaspersky Anti-Virus database records: 425210 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 125004 Number of viruses found: 3 Number of infected objects: 40 Number of suspicious objects: 0 Duration of the scan process: 02:14:41 Infected Object Name / Virus Name / Last Action C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped C:\Arquivos de programas\eMule\Temp03.part Object is locked skipped C:\Arquivos de programas\eMule\Temp04.part Object is locked skipped C:\Arquivos de programas\eMule\Temp05.part Object is locked skipped C:\Arquivos de programas\eMule\Temp09.part Object is locked skipped C:\Arquivos de programas\eMule\Temp12.part Object is locked skipped C:\Arquivos de programas\eMule\Temp38.part Object is locked skipped C:\Arquivos de programas\eMule\Temp50.part Object is locked skipped C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\12UXLPFK\fotomensagem-858506[1].exe Infected: Trojan-Downloader.Win32.Banload.aqo skipped C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\hotmail[1].exe Infected: Trojan-PSW.Win32.Delf.que skipped C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\TJ0JWV6I\timbrasil[1].exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\Documents and Settings\Administrador\Meus documentos\fotomensagem-858506.exe Infected: Trojan-Downloader.Win32.Banload.aqo skipped C:\Documents and Settings\Ka\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Ka\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Lu\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Lu\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Lu\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Lu\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Lu\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Lu\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\qoobox\Quarantine\C\136907.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skipped C:\qoobox\Quarantine\C\210504.exe.vir Infected: Trojan-PSW.Win32.Delf.que skipped C:\qoobox\Quarantine\C\979623.exe.vir Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004655.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004682.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP100\A0004704.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004729.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP101\A0004739.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004860.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP102\A0004878.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004890.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004900.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004911.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0004926.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005928.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005958.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP103\A0005975.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP104\A0006010.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP105\A0006048.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP106\A0006072.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006104.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0006114.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007116.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007136.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP107\A0007158.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP108\A0007189.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007229.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007260.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0007270.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008272.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008289.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP109\A0008298.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008387.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008388.exe Infected: Trojan-PSW.Win32.Delf.que skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP111\A0008389.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP112\change.log Object is locked skipped C:\System Volume Information\_restore{7B384D5D-84D9-4189-9523-6B01131BCEA1}\RP99\A0004613.exe Infected: Trojan-Spy.Win32.Banker.ark skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_444.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process complet! -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:07:09, on 29/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\eMule\emule.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-776561741-162531612-1417001333-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ka') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6241 bytes
  4. Aí vai o escaneamento solicitado.. Valeu! Kátia Service load: 0% 100% File: hyplay.exe_ Status: OK MD5: ee1a816b32121e328aae9ae7f5529086 Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 29 Sep 2007 14:18:51 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Statistics Last file scanned at least one scanner reported something about: stub.shark (MD5: 4a98f2165e1a942be062d8493d65d8bb, size: 286720 bytes), detected by: Scanner Malware name A-Squared X AntiVir X ArcaVir Trojan.Vb.Bax Avast Win32:VB-FED AVG Antivirus X BitDefender Backdoor.VB.BJP ClamAV Trojan.Karsh-1 CPsecure BackDoor.W32.VB.bax Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 probably a variant of Win32/VB.BCO Norman Virus Control X Panda Antivirus X Rising Antivirus X Sophos Antivirus Troj/Baxor-Gen VirusBuster X VBA32 X
  5. Olá.. Há alguns dias estou com esse tróia Killfiles no notebook. Baixei e executei o HijackThis e aqui está o log. Aguardo notícias. Obrigada! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21:50, on 26/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186145116781 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D94D8-9C09-43B6-8715-1D711EC57D7E}: NameServer = 200.165.132.155 200.149.55.142 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6011 bytes
×
×
  • Criar Novo...