Arquivo diário: 28/02/2008

VEADAGEM CAMPINEIRA OU AMERICANA?

por chama o técnico de plantão

Scanned Objects: 32292 (Critical:5)
Filter: No System items, No Safe items
Running Processes
AppleMobileDeviceService.exe [Apple, Inc.] : C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
GoogleToolbarNotifier.exe [Google Inc.] : C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
avgmsgr.exe ( PID=2320 )
ashDisp.exe [Microsoft Corporation ™] : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ashDisp.exe
spoolsv.exe [Microsoft Corporation ™] : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\spoolsv.exe
svchost.exe : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svchost.exe
wmiprvse.exe ( PID=3636 )
Internet Settings
R – HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie
R – HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R – HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R – HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R – HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie
R – HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = local
R – HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R – HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 – BHO: del.icio.us Toolbar Helper – {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} – [del.icio.us, a Yahoo! Company] : C:\Arquivos de programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
02 – BHO: – {7E853D72-626A-48EC-A868-BA8D5E23E045} – File not found
02 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – [Google Inc.] : C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
02 – BHO: &Google Notebook – {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
02 – BHO: Copernic Agent Results – {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
02 – BHO: Google Notas – {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
02 – BHO: Copernic Agent – {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
02 – BHO: – {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} – File not found
02 – BHO: – {688DC797-DC11-46A7-9F1B-445F4F58CE6E} – File not found
02 – BHO: – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – File not found
02 – BHO: – {FB5F1910-F110-11d2-BB9E-00C04F795683} – File not found
Toolbars
03 – Toolbar: del.icio.us – {981FE6A8-260C-4930-960F-C3BC82746CB0} – [del.icio.us, a Yahoo! Company] : C:\Arquivos de programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
03 – Toolbar: Copernic Agent – {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
03 – Toolbar: Google Notas – {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
StartUps
04 – HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, swg : [Google Inc.] : C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 – HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgmsgr : [Microsoft Corporation ™] : C:\WINDOWS\avgmsgr.exe
04 – HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, spoolsv : [Microsoft Corporation ™] : C:\WINDOWS\spoolsv.exe
04 – Startup: [Microsoft Corporation ™] : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ashDisp.exe
04 – Startup: [Microsoft Corporation ™] : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avgmsgr.exe
04 – Startup: [Microsoft Corporation ™] : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\spoolsv.exe
04 – Startup: : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svchost.exe
Explorer Bars
Copernic Agent Results – {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
Google Notas – {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
Copernic Agent – {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
Shell Extensions
Extensão do ‘Painel de controle’ para panorâmica de vídeo – {42071714-76d4-11d1-8b24-00a0c9068ff3} – : deskpan.dll
– {764BF0E1-F219-11ce-972D-00AA00A14F56} – File not found
– {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} – File not found
Barra de tarefas e menu Iniciar – {0DF44EAA-FF21-4412-828E-260A8728E7F1} – File not found
– {32683183-48a0-441b-a342-7c2a440a9478} – File not found
Contas de usuário – {7A9D77BD-5403-11d2-8785-2E0420524153} – File not found
iTunes – {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} – [Apple Inc.] : C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll
&Google Notebook – {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
Google Notas – {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} – : C:\Arquivos de programas\Google\Google Notebook\gnotes1.0.2.19–1993222632.dll
Protocol Handler
– {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
– {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
Services
23 – [Apple, Inc.] : C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 – [GRISOFT, s.r.o.] : C:\WINDOWS\system32\Drivers\avgclean.sys
23 – [Trident Microsystems Inc.] : C:\WINDOWS\system32\DRIVERS\trid3dm.sys
23 – [VIA Technologies, Inc.] : C:\WINDOWS\system32\drivers\ac97via.sys
IE URL Search Hooks
Barra de Ferramentas do Yahoo! com bloqueador de pop-up – {{EF99BD32-C1FB-11D2-892F-0090271D4F88}} – File not found
– {{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}} – [Copernic Technologies Inc.] : C:\Arquivos de programas\Copernic Agent\CopernicAgentExt.dll
Threat Files
[Microsoft Corporation ™] : C:\WINDOWS\spoolsv.exe
: C:\WINDOWS\system\svchost.exe
Advanced Files Report
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple, Inc.] [Apple Mobile Device Service] MD5=1961CB10BB48EB4D97E37DB6373E9E63 SIZE=110592
%PROGRAMFILES%\Google\GoogleToolbarNotifier\2.0.301.7164\res_pt-BR.dll [Google Inc.] [GoogleToolbarNotifier] MD5=3FC34AD372543C63238DD42826399FF9 SIZE=50176
%START_PROGRAMSALL%\Inicializar\ashDisp.exe [Microsoft Corporation ™] [Microsoft Internet Security] MD5=7F9165C38BC6D1790885A3DFB4D14FD6 SIZE=1253376
%START_PROGRAMSALL%\Inicializar\spoolsv.exe [Microsoft Corporation ™] MD5=79AEC36F6105C3E1EB0EE82AEA4D527B SIZE=399872
%START_PROGRAMSALL%\Inicializar\svchost.exe [] MD5=739A2035F60AC81CCB118AF451302922 SIZE=743424
%PROGRAMFILES%\Skype\Toolbars\Shared\SPhoneParser.dll [Skype Technologies] [Skype Phone number parser] MD5=D0048EF4C7D4D0B94071D6D595B2AD42 SIZE=1873192
%SYSDIR%\Macromed\Flash\Flash9e.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=D3C50535C26190FEAD7785A03499C0AC SIZE=2987392
%START_PROGRAMSALL%\Inicializar\avgmsgr.exe [Microsoft Corporation ™] MD5=971CB5B741707580E5B4F667053BD943 SIZE=704512
deskpan.dll []
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=6A40A562AB131E6EE7D812327A065CB1 SIZE=132392
%SYSDIR%\Drivers\avgclean.sys [GRISOFT, s.r.o.] [AVG7 Clean Driver] MD5=603DC17A48C65C637623A9BB5A5E6008 SIZE=10760
%SYSDIR%\DRIVERS\trid3dm.sys [Trident Microsystems Inc.] [Trident Video Driver] MD5=8DFD837A98A4A6C581214FA358430837 SIZE=222336
%SYSDIR%\drivers\ac97via.sys [VIA Technologies, Inc.] [VIA Audio WDM Driver] MD5=819BF44085104BE6527B86A88ACF856B SIZE=84480
%SYSDIR%\systray.exe []
End of Report

Processo de Remoção:
A Preparar Estruturas
A Criar Ponto de Restauro do Sistema
Remover Trojan/Backdoor.SDB.XD
Ficheiro Apagado: C:\WINDOWS\spoolsv.exe
Registo Apagado : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run spoolsv
Remover Advanced Keylogger 1.8
Ficheiro Apagado: C:\WINDOWS\system\svchost.exe
Remover Key Spyware
Ficheiro Apagado: C:\WINDOWS\SVCHOST.EXE
Remover Backdoor.Hupigon.ezx
A Fechar Ponto de Restauro do Sistema
Terminado