Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Dibuca

Por favor.. XP não desliga corretamente

Recommended Posts

Galera, preciso de ajuda !!!

Meu PC com XP SP2, AVG atualizado, não desliga pelo Iniciar--> Desligar o Computador. Somente pelo Iniciar --> Fazer Logoff --> Trocar Usuário --> Desligar, e dá uma mensagem que tem alguém conectado.

Segue o log :

Logfile of HijackThis v1.99.1

Scan saved at 23:27:23, on 6/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\windows\mstray.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\devldr32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibest.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auth.ig.com.br/servlets/postauthdis....br/v6/paulista

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [mstray] c:\windows\mstray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/programas/v4.0/ysb_regular.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCAF9E3-A507-4686-B309-248E8C3B6FB5}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Conto com ajuda e agradeço. Valeu !!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Baixe > KillBox

Marque Delete on Reboot e coloque em Full Path of File to Delete:

C:\WINDOWS\System32\poker3.exe

Clique no botão com o X e siga as instruções do programa para reiniciar o PC.

Ao reiniciar, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Faça um scan com o HijackThis, marque a entrada abaixo, se ainda a encontrar e clique em Fix checked:

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe

Reinicie em modo normal, faça um scan com o HijackThis e salve o log.

Existem outros malwares no PC, darei outras instruções após o resultado deste procedimento:

Acesse http://www.virustotal.com e http://virusscan.jotti.org/

Siga as instruções dos sites para o upload deste arquivo: mstray.exe

Está em c:\windows\mstray.exe <<< aqui

Aguarde o resultado das análises e poste, mais o novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ao executar o Killbox, após clicar no X, apareceu a seguinte mensagem: PendigFileRenameOperations Registry Data has been Removed by External Process!

Como proceder ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parece que temos uma festa total neste PC !

Entrei em modo de segurança, tentei localizar o poker3.exe, mas não consegui.

Rodei o Hijack e setei a opção que você indicou, com o Fix checked.

Reiniciei em modo normal e rodei o Hijack novamente.

Fiz Upload do mstray.exe nos dois sites.

Seguem os logs:

Logfile of HijackThis v1.99.1

Scan saved at 15:37:02, on 7/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\windows\mstray.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\devldr32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibest.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auth.ig.com.br/servlets/postauthdis....br/v6/paulista

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [mstray] c:\windows\mstray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/programas/v4.0/ysb_regular.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Log do Virustotal:

This is a report processed by VirusTotal on 01/07/2006 at 17:52:19 (CET) after scanning the file "mstray.exe" file.

Antivirus Version Update Result

AntiVir 6.33.0.75 01.06.2006 TR/Banker.Delf.6000A429

Avast 4.6.695.0 01.06.2006 no virus found

AVG 718 01.06.2006 no virus found

Avira 6.33.0.75 01.06.2006 TR/Banker.Delf.6000A429

BitDefender 7.2 01.07.2006 Trojan.Banker.Delf.6000A429

CAT-QuickHeal 8.00 01.05.2006 no virus found

ClamAV devel-20051123 01.06.2006 no virus found

DrWeb 4.33 01.07.2006 no virus found

eTrust-Iris 7.1.194.0 01.06.2006 Win32/Bancos.Variant!Trojan

eTrust-Vet 12.4.1.0 01.06.2006 no virus found

Ewido 3.5 01.07.2006 no virus found

Fortinet 2.54.0.0 01.07.2006 no virus found

F-Prot 3.16c 01.07.2006 no virus found

Ikarus 0.2.59.0 01.05.2006 no virus found

Kaspersky 4.0.2.24 01.07.2006 no virus found

McAfee 4669 01.06.2006 Generic packed

NOD32v2 1.1355 01.06.2006 no virus found

Norman 5.70.10 01.06.2006 no virus found

Panda 9.0.0.4 01.07.2006 Suspicious file

Sophos 4.01.0 01.07.2006 no virus found

Symantec 8.0 01.07.2006 no virus found

TheHacker 5.9.2.069 01.06.2006 no virus found

UNA 1.83 01.06.2006 no virus found

VBA32 3.10.5 01.06.2006 suspected of Trojan-Spy.Banbra.19

Log do jotti:

File: mstray.exe

Status: INFECTED/MALWARE

MD5 e77031b0d179b841b053e0a740e3cd2d

Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT

Scanner results

AntiVir Found Trojan/Banker.Delf.6000A429

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Trojan.Banker.Delf.6000A429

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VBA32 Found Trojan-Spy.Banbra.19 (probable variant)

Obrigado por enquanto ! Estou no aguardo de novas instruções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, é o trojan Banker, que tem por especialidade roubar senhas bancárias e de cartões de crédito. É recomendável, que depois, entre em contato com os bancos onde tiver contas e mude as suas senhas.

Baixe:

FixIstBar

DelDomains

Ewido > instale, atualize, mas não use ainda.

CCleaner > instale, mas também não use.

Mantenha o Windows configurado para ver todos os arquivos.

Salve ou imprima estas instruções:

1 - No Painel de Controle > Adicionar/Remover Programas > desinstale programas com este nomes:

Integrated Search Technologies

ISTBar

ISTsvc

2 - Rode o FixIstBar.

3 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

C:\windows\mstray.exe

Clique no botão com o X e siga as instruções do programa para reiniciar o PC.

Ao reiniciar, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

4 - Faça um full scan com o Ewido e salve o resultado.

5 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

O4 - HKLM\..\Run: [mstray] c:\windows\mstray.exe

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/programas/v4.0/ysb_regular.cab

6 - Feche o HijackThis e rode o CCleaner, clicando em Executar Cleaner.

7 - Procure por pasta e arquivos com os nomes dos programas que pedi para desinstalar e delete.

8 - Clique com o botão direito em cima do DelDomains.inf e escolha: Instalar. Não irá notar nada acontecer, mas é normal.

9 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log, mais o resultado do Ewido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Putz ! Voltou a funcionar o desligamento normal do PC.... Obrigado !

você recomenda algum anti-malware que fica on-line ? Ou algum anti-virus melhor que o AVG ?

Segue o log do Hijack e do Ewido:

Logfile of HijackThis v1.99.1

Scan saved at 19:01:56, on 7/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\devldr32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auth.ig.com.br/servlets/postauthdis....br/v6/paulista

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 18:42:10, 7/1/2006

+ Relatório-Checksum: 463D4FF0

+ Resultado da verificação:

HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Limpo com backup

HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Limpo com backup

HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Limpo com backup

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Limpo com backup

HKU\S-1-5-21-1417001333-926492609-839522115-1006\Software\ShopperReports -> Spyware.HotBar : Limpo com backup

HKU\S-1-5-21-1417001333-926492609-839522115-1006\Software\ShopperReports\ShopperReports -> Spyware.HotBar : Limpo com backup

HKU\S-1-5-21-1417001333-926492609-839522115-1006\Software\ShopperReports\ShopperReports\PostInstaller -> Spyware.HotBar : Limpo com backup

C:\Arquivos de programas\ShopperReports -> Spyware.HotBar : Limpo com backup

C:\Arquivos de programas\ShopperReports\Bin -> Spyware.HotBar : Limpo com backup

C:\Arquivos de programas\ShopperReports\Bin\1.0.5.0 -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Cookies\dirceu@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Limpo com backup

C:\Documents and Settings\Dirceu\Cookies\dirceu@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\Config.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\dwld -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\report -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\res1 -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\cs\res1\WhiteList.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Dirceu\Dados de aplicativos\ShopperReports\shprrprt.log -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\Config.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\dwld -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\report -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\res1 -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\cs\res1\WhiteList.dbs -> Spyware.HotBar : Limpo com backup

C:\Documents and Settings\Neusa\Dados de aplicativos\ShopperReports\shprrprt.log -> Spyware.HotBar : Limpo com backup

C:\Jogos\Everest Poker.exe -> Spyware.Casino : Limpo com backup

::Fim do Relatório

Compartilhar este post


Link para o post
Compartilhar em outros sites

O log está limpo. O Ewido é trial e você terá uma proteção contra trojans, em tempo real, por um período de tempo. Depois perderá esta função e os updates automáticos.

Mas você pode continuar com ele, fazendo as atualizações manualmente e scans regulares no PC em busca de trojans.

Os anti vírus não protegem contra alguns tipos de malwares.

Leia este artigo Proteja seu PC para evitar novas infecções e ver sugestões de programas de proteção.

Para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

Se você não tem mais problemas, clique no botão Alertar e diga que o problema está resolvido.

Um próspero 2006. :-BEER

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×