Ir ao conteúdo
  • Cadastre-se
rogerwaters

Log do Hijack

Posts recomendados

Alguma coisa é ativada no host quando inicio o internet banking, segundo o aviso do McAfee.

Taí o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:31, on 1/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\arquiv~1\mcafee\MCAFEE~1\masalert.exe

C:\Arquivos de programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

c:\arquiv~1\mcafee\mcafee antispyware\massrv.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfService.exe

C:\Arquivos de programas\Symantec\Ghost\ngserver.exe

c:\arquivos de programas\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\STacSV.exe

c:\arquiv~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Symantec\Ghost\bin\dbserv.exe

C:\Arquivos de programas\Symantec\Ghost\bin\rteng7.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Programas\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de

programas\GetRight\xx2gr.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos

de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} -

C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de

programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD

Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\ARQUIV~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\ARQUIV~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\DAEMON Tools\daemon.exe"

-lang 1033

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [_AntiSpyware] c:\arquiv~1\mcafee\MCAFEE~1\masalert.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic

Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de

programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google

Updater\GoogleUpdater.exe

O8 - Extra context menu item: Download with GetRight - C:\Arquivos de

programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel -

res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de

programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) -

https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E32E4FD-BA73-4A4B-9C3E-957DECAD1F62}: NameServer =

200.165.132.155,200.165.132.148

O17 - HKLM\System\CCS\Services\Tcpip\..\{82C4C220-D611-45AB-B112-15694E715C13}: NameServer =

200.165.132.154 200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E32E4FD-BA73-4A4B-9C3E-957DECAD1F62}: NameServer =

200.165.132.155,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E32E4FD-BA73-4A4B-9C3E-957DECAD1F62}: NameServer =

200.165.132.155,200.165.132.148

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de

programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de

programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\arquiv~1\mcafee\mcafee

antispyware\massrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de

programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\ARQUIV~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation -

C:\Arquivos de programas\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Win32 Configuration Server (NGServer) - Symantec Corporation -

C:\Arquivos de programas\Symantec\Ghost\ngserver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. -

C:\WINDOWS\system32\STacSV.exe

--

End of file - 10156 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
Alguma coisa é ativada no host quando inicio o internet banking, segundo o aviso do McAfee.

Qual coisa?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do McAfee:

McAfee AntiSpyware Event Log Listing

Date Created: 3/1/2008 17:40:43

Number of Events: 1441

Type: Host File Monitor Change

Date: 3/1/2008 17:38:09

Filename: C:\WINDOWS\system32\drivers\etc\hosts

--------------------

Type: Host File Monitor Change

Date: 3/1/2008 17:38:01

Filename: C:\WINDOWS\system32\drivers\etc\hosts

Imagem que aparece no canto da tela:

post-17583-13884945485028_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HostsXpert, descompacte o arquivo, abra o programa e clique em Restore MS Hosts File;

- Veja se o problema ainda ocorre.

Compartilhar este post


Link para o post
Compartilhar em outros sites

A janelinha não aparece mais na primeira página do internet banking, mas aparece na segunda.

Depois, volta a aparecer na primeira página, como antes.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra com o bloco de notas o arquivo C:\WINDOWS\System32\drivers\etc\hosts

Copie o conteúdo do arquivo e poste aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

# Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

#

127.0.0.1 localhost

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nenhum problema. O arquivo não está modificado. Desconsidere o aviso do antivírus.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado, JoseMelo...

Mas, como isso não acontecia antes e passou a acontecer, do nada, vou recuperar minha imagem inicial do C:. 100% segurança.

Um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...