Ir ao conteúdo
  • Cadastre-se
Squilaro

Verificar Log

Recommended Posts

Por favor tenho um micro que está cheio de vírus, eu removo eles com o anti-vírus e ele volta logo depois. Por favor tem como vocês analisarem o meu Log

Atc,

Ederson.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:02:52, on 11/12/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\eEBAPI\eEBSVC.exe

C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\SiteAdvisor\6173\SAService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\csrcs.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\SiteAdvisor\6173\SiteAdv.exe

C:\Arquivos de programas\Network Associates\Common Framework\McTray.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\Mayra\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\Mayra\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\Arquivos de programas\Microsoft Office\Office\OUTLOOK.EXE

C:\Documents and Settings\Mayra\Menu Iniciar\Programas\Inicializar\userinit.exe

C:\WINDOWS\system32\MAPISP32.EXE

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\WINDOWS\system32\sysmgr.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=131.107.2.232:80;http=131.107.2.232:80;https=131.107.2.232:80;socks=131.107.2.232:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 131.107.2.205;INAL.OLLA.COM.BR;<local>

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O1 - Hosts: 131.107.2.205 inal.olla.com.br

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6173\SiteAdv.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6173\SiteAdv.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB002" /M "Stylus C63"

O4 - HKLM\..\Run: [EPSON Stylus C63 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P33 "EPSON Stylus C63 Series (cópia 1)" /O6 "USB002" /M "Stylus C63"

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6173\SiteAdv.exe

O4 - HKLM\..\Run: [\\fn2\EPSON Stylus C83 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4D1.EXE /P39 "\\FN2\EPSON Stylus C83 Series (cópia 1)" /O6 "USB002" /M "Stylus C83"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Mayra\svchost.exe

O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Mayra\CONFIG~1\Temp\3.tmp

O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Mayra\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Outlook.lnk = C:\Arquivos de programas\Microsoft Office\Office\OUTLOOK.EXE

O4 - Startup: userinit.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200657043159

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\EPSON\eEBAPI\eEBSVC.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6173\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

--

End of file - 8705 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o seguinte tópico:

http://forum.clubedohardware.com.br/leia-antes-postar/597599

E poste um log do DDS para análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×