Ir para conteúdo
Fórum Script Brasil

Chiclets

Membros
 Perfil  Explorar Conteúdo

  • Total de itens

    19

  • Registro em

  • Última visita

Sobre Chiclets

Chiclets's Achievements

0

Reputação

  1. Chiclets
  2. Chiclets
    Scan taken on 27 Jun 2008 03:30:50 (GMT) A-Squared Found nothing AntiVir Found HEUR/Crypted ArcaVir Found nothing Avast Found nothing AVG Antivirus Found SHeur.BPWZ BitDefender Found nothing ClamAV Found PUA.Packed.Themida CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found BehavesLikeWin32.ExplorerHijack Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found Sus/ComPack (probable variant) VirusBuster Found nothing VBA32 Found nothing
  3. Chiclets
    Scan taken on 23 Jun 2008 16:48:15 (GMT) A-Squared Found nothing AntiVir Found TR/Crypt.XPACK.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found PSW.Banker4.AGYL BitDefender Found nothing ClamAV Found nothing CPsecure Found Troj.Spy.W32.Banbra.awt Dr.Web Found Trojan.PWS.Banker.22057 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Spy.Win32.Banbra.azn Fortinet Found W32/Banbra.AZN!tr.spy Ikarus Found Trojan-Spy.Win32.Banker.man Kaspersky Anti-Virus Found Trojan-Spy.Win32.Banbra.azn NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found Trj/Banbra.DQQ Sophos Antivirus Found Mal/Generic-A VirusBuster Found nothing VBA32 Found Trojan-Spy.Win32.Banbra.azn
  4. Chiclets
  5. Chiclets
    Desculpa a demora Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:38, on 15/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\system32\RunDll32.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\vsnpstd.exe C:\Conf\msoft.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Internet Explorer\PLUGINS\iedw.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msoft.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.scr C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Window] C:\Conf\msoft.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [pluginiedw] C:\Arquivos de programas\Internet Explorer\PLUGINS\iedw.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: msoft.exe O4 - Global Startup: msnmsg.scr O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.MSN.com/já-JP/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210110338656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210117005156 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- End of file - 6274 bytes
  6. Chiclets
    essa é minha outra maquina.
  7. Chiclets
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:13, on 22/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\heap41a\svchost.exe C:\heap41a\svchost.exe C:\WINDOWS\system32\drivers\spools.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrador\cftmon.exe O4 - HKLM\..\Policies\Explorer\Run: [status] present O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Agendador de tarefas (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: Windows NetBalance Monitor - Unknown owner - C:\WINDOWS\system32\msnbm32.exe -- End of file - 2865 bytes
  8. Chiclets
  9. Chiclets
    Antivírus Versão Última Atualização Resultado AhnLab-V3 2008.4.22.0 2008.04.22 - AntiVir 7.8.0.8 2008.04.22 TR/Spy.Banker.kjc.1 Authentium 4.93.8 2008.04.22 - Avast 4.8.1169.0 2008.04.21 Win32:Banload-EVO AVG 7.5.0.516 2008.04.21 PSW.Banker4.XYZ BitDefender 7.2 2008.04.22 Trojan.Downloader.Banload.NXI CAT-QuickHeal 9.50 2008.04.22 - ClamAV 0.92.1 2008.04.22 - DrWeb 4.44.0.09170 2008.04.22 Trojan.PWS.Banker.19336 eSafe 7.0.15.0 2008.04.21 suspicious Trojan/Worm eTrust-Vet 31.3.5725 2008.04.22 - Ewido 4.0 2008.04.22 Logger.Banker.kjc F-Prot 4.4.2.54 2008.04.21 - F-Secure 6.70.13260.0 2008.04.22 Trojan-Spy.Win32.Banker.kjc FileAdvisor 1 2008.04.22 - Fortinet 3.14.0.0 2008.04.22 - Ikarus T3.1.1.26.0 2008.04.22 - Kaspersky 7.0.0.125 2008.04.22 Trojan-Spy.Win32.Banker.kjc McAfee 5278 2008.04.21 - Microsoft 1.3408 2008.04.22 TrojanSpy:Win32/Bancos.gen!B NOD32v2 3046 2008.04.22 - Norman 5.80.02 2008.04.22 - Panda 9.0.0.4 2008.04.21 - Prevx1 V2 2008.04.22 - Rising 20.41.12.00 2008.04.22 - Sophos 4.28.0 2008.04.22 - Sunbelt 3.0.1056.0 2008.04.17 - Symantec 10 2008.04.22 - TheHacker 6.2.92.287 2008.04.22 - VBA32 3.12.6.4 2008.04.16 Trojan-Spy.Win32.Banker.kjc VirusBuster 4.3.26:9 2008.04.22 - Webwasher-Gateway 6.6.2 2008.04.22 Trojan.Spy.Banker.kjc.1 Informações adicionais File size: 1364992 bytes MD5...: c3b63b8b5f05651419d6aed77a9aab67 SHA1..: ab9d558130bc2f3b52e5bf93f9b99632aad6b36b SHA256: 8dfbb29c8c104858cb9d1b4b92fad14c46a23d49bfb11796f375b67059d58482 SHA512: 64d06290a5a9d7109c4d3d5f24086569d65dd9ee04a2a7f40dbad052d6ba49b9 8b9ddb590bb4e52894a8f93b2607b4400daf5124b28d4d6d76a95b26f4d543de PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x89cba0 timedatestamp.....: 0x47f2b485 (Tue Apr 01 22:17:41 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x354000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x355000 0x148000 0x147e00 7.87 b158d5e600bd9984e897373f7b9be4ef .rsrc 0x49d000 0x6000 0x5200 5.78 2f8b7c107f712c7922628b4cd2306beb ( 8 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegFlushKey > comctl32.dll: ImageList_Add > gdi32.dll: SaveDC > oleaut32.dll: VariantCopy > user32.dll: GetDC > version.dll: VerQueryValueA > winmm.dll: timeGetTime ( 0 exports ) packers (Kaspersky): PE_Patch.UPX, UPX packers (F-Prot): UPX packers (Avast): UPX packers (Authentium): UPX Antivírus Versão Última Atualização Resultado AhnLab-V3 2008.4.22.0 2008.04.22 - AntiVir 7.8.0.8 2008.04.22 TR/Dldr.Delphi.Gen Authentium 4.93.8 2008.04.22 - Avast 4.8.1169.0 2008.04.21 - AVG 7.5.0.516 2008.04.21 - BitDefender 7.2 2008.04.22 - CAT-QuickHeal 9.50 2008.04.22 - ClamAV 0.92.1 2008.04.22 - DrWeb 4.44.0.09170 2008.04.22 - eSafe 7.0.15.0 2008.04.21 - eTrust-Vet 31.3.5725 2008.04.22 - Ewido 4.0 2008.04.22 - F-Prot 4.4.2.54 2008.04.21 - F-Secure 6.70.13260.0 2008.04.22 - FileAdvisor 1 2008.04.22 - Fortinet 3.14.0.0 2008.04.22 - Ikarus T3.1.1.26 2008.04.22 - Kaspersky 7.0.0.125 2008.04.22 - McAfee 5278 2008.04.21 - Microsoft 1.3408 2008.04.22 - NOD32v2 3046 2008.04.22 - Norman 5.80.02 2008.04.22 - Panda 9.0.0.4 2008.04.22 Suspicious file Prevx1 V2 2008.04.22 Heuristic: Suspicious Self Modifying File Rising 20.41.12.00 2008.04.22 - Sophos 4.28.0 2008.04.22 - Sunbelt 3.0.1056.0 2008.04.17 - Symantec 10 2008.04.22 - TheHacker 6.2.92.287 2008.04.22 - VBA32 3.12.6.4 2008.04.16 - VirusBuster 4.3.26:9 2008.04.22 - Webwasher-Gateway 6.6.2 2008.04.22 Trojan.Dldr.Delphi.Gen Informações adicionais File size: 79360 bytes MD5...: 18b57a279d4f996d4f9ac4d5ec30da4a SHA1..: e2327d0551cb54534dc46ca9ba436dfc1188af77 SHA256: 6a9036ff0c9db5bdec2dd9c2bfdb8ba4477f96fbfb2427e6fa3ed22b77cd9f67 SHA512: 56b11f2ab08e4e89f49b4e0c2ee2e9f6ec8d3f51ed2a032682ba7626b3f6c4f6 f092ddf60f979fda125001409858ca165437866d8385559e66b4f450b2280301 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x41028c timedatestamp.....: 0x47f2a7a1 (Tue Apr 01 21:22:41 2008) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xec40 0xee00 6.50 22b690e7ba5ee6d6965a3b16ac31c19b .itext 0x10000 0x2a4 0x400 4.51 4f8f04e839f3ce6f3a83d9c8241794e1 .data 0x11000 0xc38 0xe00 2.28 f7533a5d09a3ee604cf5347467e5488a .bss 0x12000 0x49e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x17000 0xa7e 0xc00 4.38 b048d00a14cfa29f6ef0639c71494ffe .edata 0x18000 0x6c 0x200 1.25 15eebd2b88509301e72fa2023b7565da .reloc 0x19000 0x1314 0x1400 6.52 82f764334a1625b2221862b57df9cce9 .rsrc 0x1b000 0x1000 0x1000 3.68 1b4496cae2434ff08f5b2e924c80418c ( 10 imports ) > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA > kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle > kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc > user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA > kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetEvent, ResetEvent, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateProcessA, CreateEventA, CompareStringA, CloseHandle > kernel32.dll: Sleep > URLMON.DLL: URLDownloadToFileA > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit ( 2 exports ) CandleInTheWind, GoodBeyYelouBrickRoad Prevx info: http://info.prevx.com/aboutprogramtext.asp...B4AB1008F369E1F
  10. Chiclets
  11. Chiclets
  12. Chiclets
  13. Chiclets
    BankerFix 2.5b - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 13/4/2008 - 17:28 ------------------------------------------------------- Lista de Definição: 2008-02-22-1 ======================================================= Killando arquivos em Help ----------------------------------- Killing '*' Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:31:27, on 13/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\vsnpstd.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\ctfmon.exe C:\windows\system\IEXPLORERS.EXE C:\windows\system\brcc.exe C:\windows\eguis.EXE C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Twain Thunker] C:\Program Files\twunk_32.exe O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system\IEXPLORERS.EXE O4 - HKCU\..\Run: [firewals] C:\windows\system\brcc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181316313 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181289548 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6790 bytes
  14. Chiclets
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:51, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\vsnpstd.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\ctfmon.exe C:\windows\system\IEXPLORERS.EXE C:\windows\system\brcc.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\windows\eguis.EXE C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Twain Thunker] C:\Program Files\twunk_32.exe O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system\IEXPLORERS.EXE O4 - HKCU\..\Run: [firewals] C:\windows\system\brcc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [internet Explorerr] C:\windows\eguis.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181316313 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202181289548 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6670 bytes
  15. Chiclets
×
×
  • Criar Novo...