Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
nakaPT

como eliminar Trojan.Downloader.Small.CML?

Recommended Posts

ola pessoal, PRECISO DE AJUDA, eu vi uma resposta ao post do malware Trojan.Downloader.Small.CML, e fiquei um bocado confuso... segui as indicaçoes e sakei o hijack pra uma nova pasta no c: e fiz o log, mas reparei no meu logg e vi k era um pouco diferente o k e normal, mas no meu n aparecia o dominio New.Net... mas aqui vai meu log:

Logfile of HijackThis v1.99.1

Scan saved at 16:26:27, on 04-09-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

d:\Programas\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

d:\Programas\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programas\D-Tools\daemon.exe

D:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe

D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programas\MSN Messenger\msnmsgr.exe

D:\Programas\Spyware Doctor\swdoctor.exe

D:\Programas\Logitech\SetPoint\SetPoint.exe

C:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\a\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\MsgPlus.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\RunOnce: [spyware Doctor] "D:\Programas\Spyware Doctor\swdoctor.exe" /RM /FS /X

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTManager] "d:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [LDM] d:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programas\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "D:\Programas\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = D:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm414YYPT

O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148416115720

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148416101501

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F501EE7-42DE-4928-A2AE-5C2040F43D6F}: NameServer = 195.245.176.19 194.38.131.19

O18 - Protocol: bw+0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Programas\Spyware Doctor\sdhelp.exe

espero k me possam ajudar... fico mt agradecido!!! obrigado...

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • para alem desse malware encontrei numa nova pesquisa um TROJAN.popuper ... enfim acho k n existe solução... senao um format no c:!!!! alguem me ajude por favor... :cry:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm414YYPT

    O18 - Protocol: bw+0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw+0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: bwg0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwg0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0 - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0s - {BAA5FFE9-6C2E-4840-B328-BC3E9FE296C4} - d:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - Reinicie, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • eu segui as suas instruçoes... aqui esta o novo logg:

    Logfile of HijackThis v1.99.1

    Scan saved at 1:28:13, on 05-09-2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    d:\Programas\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\system32\nvsvc32.exe

    d:\Programas\Spyware Doctor\sdhelp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Programas\D-Tools\daemon.exe

    D:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

    C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    D:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe

    D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Programas\MSN Messenger\msnmsgr.exe

    D:\Programas\Spyware Doctor\swdoctor.exe

    D:\Programas\Logitech\SetPoint\SetPoint.exe

    C:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\a\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [NVMixerTray] "C:\Programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\MsgPlus.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sTManager] "d:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b

    O4 - HKCU\..\Run: [LDM] d:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programas\MsgPlus.exe" /WinStart

    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [spyware Doctor] "D:\Programas\Spyware Doctor\swdoctor.exe" /Q

    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O4 - Global Startup: Logitech SetPoint.lnk = D:\Programas\Logitech\SetPoint\SetPoint.exe

    O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148416115720

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148416101501

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Programas\ewido anti-spyware 4.0\guard.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Programas\Spyware Doctor\sdhelp.exe

    aqui esta... espero k consiga analisar!!! abraço... e mt obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do Ewido, atualize-o, faça uma verificação completa, salve o log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • espero k seja util... mas apareceram novos trojans no scan, e postei novamente a procura de ajuda...

    obrigado pela atençao jose!

    + Scan result:

    C:\Programas\ToolBar888 -> Adware.ToolBar888 : No action taken.

    C:\Programas\ToolBar888\Activate.exe -> Adware.ToolBar888 : No action taken.

    C:\Programas\ToolBar888\MyToolBar.dll -> Adware.ToolBar888 : No action taken.

    C:\Programas\ToolBar888\Uninst.exe -> Adware.ToolBar888 : No action taken.

    C:\Documents and Settings\Nelson\Definições locais\Temporary Internet Files\Content.IE5\G90ZCJ0R\wlzip32[1].exe -> Downloader.Obfuscated.a : No action taken.

    C:\WINDOWS\system32\ishost.exe_tobedeleted -> Downloader.Zlob.aif : No action taken.

    C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.aif : No action taken.

    :mozilla.36:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

    :mozilla.37:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

    :mozilla.10:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.12:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.13:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.15:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.16:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.17:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.9:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

    :mozilla.11:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Weborama : No action taken.

    :mozilla.14:C:\Documents and Settings\Nelson\Application Data\Mozilla\Firefox\Profiles\oeqv3stm.default\cookies.txt -> TrackingCookie.Weborama : No action taken.

    C:\Programas\Ficheiros comuns\{B819D51C-07DF-2070-1125-05062005015f}\Update.exe -> Trojan.Starter.65 : No action taken.

    ::Report end

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do Killbox e execute-o:

    • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

    C:\Programas\ToolBar888\Activate.exe

    C:\Programas\ToolBar888\MyToolBar.dll

    C:\Programas\ToolBar888\Uninst.exe

    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
    • Clique no killbox.png e responda Não à pergunta.

    - Faça o download do CCleaner:

    • Abra o programa e clique em Executar Cleaner;
    • Após isto, clique em Erros > Procurar erros > Corrigir Erros

    - No mais, nenhum problema no sistema.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • faço todos as indicaçoes... executo o killbox faço ctrl+C nos directorios k me deu e vou a file copy from clippboard e dps eu selecciono o all files e clico no X mas n aparece nenhuma pergunta, aparece assim: You have not specified any file to delete, you must specify a file path in the yellow box! ... sera k estou faznedo algo de errado?! ... :looka:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Você deve selecionar todos os arquivos em marrom, copiar (Ctrl+C) e seguir os próximos passos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • JoseMelo, é isso mesmo o k eu faço... eu selecciono os arquivos e faço o copy from clippboard e sigo os passos mas continua aparencendo aquela frase... n sei como pk eu faço td cm você me disse!!!

    mas me ajuda cm isto agora... cada vez tenho mais virus por causa deste, eu li as definiçoes deste malware e o k ele faz é connectar-se a uma pagina da internet e baixar todos os malwares e spywares k conseguir encontrar... veja cm tenho a minha vault do AVG!!!

    já estou ficando sem esperanças...

    post-87316-13884923968886_thumb.jpg

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Pelo que você descreveu, não está fazendo corretamente.

    1 - Marque Delete on reboot;

    2 - Selecione todos os arquivos da lista;

    3 - Pressione Ctrl+C;

    4 - Clique em File > Paste from clipboard e em All files.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • JoseMelo, eu fiz cm você me disse e tenho a certeza k fiz td correcto, ms continua aparencendo aquela frase, por isso eu fiz 1de cada vez pus os arquivos da lista um de cada vez, penso k vai dar ao mesmo certo?! e agora... cm removo os trojans?!?! o avg não cura eles...

    mt obrigado por td!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×