1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Virus Por E-mail "barco Afundado Na China"

Discussão em 'Windows 7 e anteriores' iniciada por luistfashion, 25 de Junho de 2007. (Respostas: 6; Visualizações: 1218)

  1. luistfashion

    luistfashion Power Member

    Abri um mail dum contacto conhecido um e-mail sobre um afundamento dum barco na china.

    Com o HiJackThis saiu o relatório:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:24:06, on 25-06-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Programas\Windows Defender\MsMpEng.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\Explorer.EXE
    H:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\system32\drivers\taskmgr.exe
    H:\Programas\ATI Technologies\ATI.ACE\cli.exe
    H:\WINDOWS\sttray.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    H:\Programas\Microsoft IntelliType Pro\type32.exe
    H:\Programas\Microsoft IntelliPoint\point32.exe
    H:\Programas\HP\hpcoretech\hpcmpmgr.exe
    H:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    H:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    H:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe
    H:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Programas\Java\jre1.6.0_01\bin\jusched.exe
    H:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    H:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
    H:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
    H:\Programas\Windows Defender\MSASCui.exe
    H:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    H:\Programas\QuickTime\qttask.exe
    H:\Programas\iTunes\iTunesHelper.exe
    H:\Programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
    H:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
    H:\Programas\Skype\Phone\Skype.exe
    H:\Programas\MSN Messenger\MsnMsgr.Exe
    H:\Programas\Google\Google Talk\googletalk.exe
    H:\Programas\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    H:\Programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    H:\WINDOWS\ATKKBService.exe
    H:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    H:\Programas\Bonjour\mDNSResponder.exe
    H:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    H:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    H:\Programas\Norton AntiVirus\navapsvc.exe
    H:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    H:\WINDOWS\system32\STacSV.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Programas\Skype\Plugin Manager\SkypePM.exe
    H:\Programas\iPod\bin\iPodService.exe
    H:\Programas\PC Connectivity Solution\ServiceLayer.exe
    H:\Programas\ATI Technologies\ATI.ACE\cli.exe
    H:\Programas\ATI Technologies\ATI.ACE\cli.exe
    H:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    H:\Programas\MSN Messenger\usnsvc.exe
    H:\Programas\MSN Messenger\msnmsgr.exe
    H:\Programas\Mozilla Firefox\firefox.exe
    H:\Documents and Settings\User\Ambiente de trabalho\FixSchoeb-Haxdoor.exe
    H:\Programas\Messenger\msmsgs.exe
    H:\Documents and Settings\User\Ambiente de trabalho\HiJackThis_v2.exe
    H:\WINDOWS\system32\drivers\isapnp.exe
    H:\Programas\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - H:\Programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - H:\Programas\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATICCC] "H:\Programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ccApp] "H:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [type32] "H:\Programas\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "H:\Programas\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "H:\Programas\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "H:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "H:\Programas\Ficheiros comuns\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "H:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] H:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "H:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "H:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [TkBellExe] "H:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "H:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AudioHQ] "H:\WINDOWS\system32\audiohq.exe"
    O4 - HKLM\..\Run: [Windows Defender] "H:\Programas\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "H:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Services] H:\WINDOWS\system32\drivers\Sndrec32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "H:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [googletalk] H:\Programas\Google\Google Talk\googletalk.exe /autostart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://lanidorparedes.homelinux.com/RtspVaPgDec.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gaiaglobal.pt/mapa/layout_02/map/mgaxctrl.cab
    O16 - DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} (EzAutoLogin Control) - http://203.233.205.66:8080/help/EzAutoLoginProj1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174683946968
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: H:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - H:\Programas\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: iPod Service - Apple Inc. - H:\Programas\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - H:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - H:\Programas\Norton AntiVirus\SAVScan.exe
    O23 - Service: ServiceLayer - Nokia. - H:\Programas\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - H:\WINDOWS\system32\STacSV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - H:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - file:///H:/DOCUME~1/User/DEFINI~1/Temp/msohtml1/02/clip_image002.jpg

    --
    End of file - 13526 bytes


    Já passei o Norton o Ad-Aware 2007 e o Spyboot.

    Não sei se já eliminei o virus mas sinto o Pc a correr de forma irregular.

    Podem ajudar-me?
     
  2. luxboy

    luxboy Power Member

    irregular como? crasha? da erros? o que é que continha esse mail?
     
  3. ortigas24

    ortigas24 1st Folding then Sex

    Mete aqui o log e apaga o que ele te mandar.

    Se o PC num te está a correr como deve ser, pode ser muito provavelmente registros danificados, aconselho passares o Tune UP utilities;)
     
  4. Boas, realmente é um virus, já fui informado a algum tempo que iria aparecer na minha caixa de correio e apareceu mesmo.
    Tenta correr na pagina do panda antivirus o antivirus online que la tem, normalmente detecta tudo.

    Até...
     
  5. mistic_girl

    mistic_girl Power Member

    Eu já tive esse vírus maldito, mas felizmente consegui livrar-me dele!

    1º Comecei por fazer restaurar o computador para um ponto antecedente ao vírus, depois tratei de procurar onde estava o vírus, desactivei o restauro do sistema e finalmente mandei-o para a reciclagem e eliminei-o.
     
  6. luistfashion

    luistfashion Power Member

    Obrigado pelas dicas.

    Penso que agora ja me livrei dele...

    Obrigado pela dica do Tune Up...noto muita diferença com o Optimizador...RECOMENDO !!
     
  7. carsten_999

    carsten_999 What is folding?

    Eu apagei logo...esse e-mail,nem o vi...:x2:
     

Partilhar esta Página