Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Fulinho

Analisem meu log

Recommended Posts

Rodei o Panda Activescan...e encontrou varios spyware e um virus provavelmente removido. Alem disso quando inicio o computador ele ate inicia rápido ativando todos os programas, no entanto demora muito (cerca de 4 min) para ativar o programa de conexão local para internet...anteriormente não acontecia isso...e também o icone aparece no canto inferior direito da barra do windows...o q também não ocorria antes.

Abaixo o arquivo salvo do panda e logo apos o log do HijackThis

Incident Status Location

Adware:adware/exact.searchbar Not disinfected C:\Documents and Settings\Administrador\Configuraes locais\Temp\blank.gif

Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM32\EGDACCESS.dll

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\WinAntiVirus Pro 2006

Adware:adware/navipromo Not disinfected Windows Registry

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@2o7[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@bravenet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@casalemedia[1].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ccbill[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cgi-bin[3].txt

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@clickbank[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@com[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@counter7.sextracker[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cs.sexcounter[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@paycounter[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@revenue[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@searchportal.information[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@sextracker[1].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@spylog[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tradedoubler[2].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@xiti[1].txt

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinAntiVirus Pro 2006\WapCHK.dll

Virus:Trojan Horse.AP2 Disinfected C:\Arquivos de programas\XAimer\Mouse.dll

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@2o7[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@bravenet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@casalemedia[1].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ccbill[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cgi-bin[3].txt

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@clickbank[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@com[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@counter7.sextracker[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cs.sexcounter[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@paycounter[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@revenue[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@searchportal.information[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@sextracker[1].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@spylog[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tradedoubler[2].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@xiti[1].txt

Adware:Adware/Comet Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\sinstaller.exe

Possible Virus. Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video.zip[accessoPcompleto.exe]

Possible Virus. Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video.zip[film.exe]

Possible Virus. Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video1.zip[accessoPcompleto.exe]

Possible Virus. Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video1.zip[film.exe]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Dialer:Dialer.EOB Not disinfected C:\hijackthis\backups\backup-20060122-044636-462.dll

Dialer:Dialer.FMQ Not disinfected C:\WINDOWS\system32\EGDACCESS.dll

Dialer:Dialer.FMQ Not disinfected C:\WINDOWS\system32\EGDACCESS_1073.dll

Logfile of HijackThis v1.99.1

Scan saved at 3:29:00 AM, on 1/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Iomega\System32\AppServices.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020106 serial=DR12CBP-2441192-DLP lang=BP

O4 - HKLM\..\Run: [suite de Aplicativos Gráfi2a] C:\Arquivos de programas\Corel\Corel Graphics 11\Register\registration.exe /title="Suite de Aplicativos Gráficos CorelDRAW 11" /date=020306 serial=DR11CRD-0012082-DGW

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGD...ESS_1073_XP.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC3ACE5A-3782-4F57-8288-C3411095678A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\AppServices.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe:

BFU

Ewido > instale, atualize, mas não use ainda.

CCleaner > instale, mas também não use.

Salve ou imprima estas instruções:

1 - Desabilite o seu anti vírus. Mantenha-se conectado.

Abra uma pasta própria em C:\ e extraia os arquivos do BFU para ela.

2 - Dê um duplo clique no ícone do BFU. Marque a caixa Show log after scpript end.

Na parte superior (Scriptfile to execute:) clique no botão Web (segundo botão com o ícone verde e azul).

Na caixa Download BFU script... coloque:

http://metallica.geekstogo.com/EGDACCESS.bfu

Clique em OK e depois no botão Execute.

Quando o processo acabar aparecerá o aviso: Completed script execution.

Clique em OK.

Salve o log e depois clique em Exit.

3 - Reinicie o PC e aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Faça um full scan com o Ewido e salve o resultado (guardar relatório).

- se o Ewido detectar um Heuristic.Win32.Dialer e for o seu discador, mande ignorar este ítem.

4 - Rode o CCleaner, clicando em Executar Cleaner.

5 - Reinicie em modo normal, habilite o seu anti vírus. Faça um scan com o HijackThis e salve o log.

Poste:

log do BFU

resultado do Ewido

log do HijackThis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado Sam Spade pela atenção. Rodei suas sugestoões e estou postando os log.

BFU v1.00.9

Windows XP SP2 (WinNT 5.01.2600 SP2)

Script started at 4:39:46 PM, on 1/27/2006

Failed: FileDelete C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~DF25C8.tmp(operation failed)

Failed: FileDelete C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~DFA873.tmp (operation failed)

Failed: FileDelete C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~DFAD40.tmp (operation failed)

Script completed.

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 5:24:30 PM, 1/27/2006

+ Relatório-Checksum: 98751B8F

+ Resultado da verificação:

HKLM\SOFTWARE\Classes\AppID\{4D05A335-1A1C-46B3-BCFF-7F25B326895C} -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\CLSID\{328BA26A-1619-47ee-A37D-7D7A6AB1B000} -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\Interface\{27967FBC-694B-41A6-8CCE-30E59292350E} -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\Interface\{C0A3779C-3345-4150-BD63-C399EB32661E} -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\TypeLib\{4D05A335-1A1C-46B3-BCFF-7F25B326895C} -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\VapFM.CreationNotifier -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\VapFM.CreationNotifier\CLSID -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\VapFM.CreationNotifier\CurVer -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\VapFM.CreationNotifier.1 -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Classes\VapFM.CreationNotifier.1\CLSID -> Adware.WinFixer : Limpo com backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Limpo com backup

HKLM\SYSTEM\CurrentControlSet\Services\wff -> Adware.WinFixer : Limpo com backup

HKLM\SYSTEM\CurrentControlSet\Services\wff\Security -> Adware.WinFixer : Limpo com backup

HKLM\SYSTEM\CurrentControlSet\Services\wff\Enum -> Adware.WinFixer : Limpo com backup

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\VN1FR1SW\videox[2].exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@2o7[2].txt -> Spyware.Cookie.2o7 : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@com[2].txt -> Spyware.Cookie.Com : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@counter1.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@counter11.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@paycounter[2].txt -> Spyware.Cookie.Paycounter : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@revenue[2].txt -> Spyware.Cookie.Revenue : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@spylog[1].txt -> Spyware.Cookie.Spylog : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@symantec.122.2o7[1].txt -> Spyware.Cookie.2o7 : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\664.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\664.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\673.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\673.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\675.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\675.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\678.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\678.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\682.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\682.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\684.zip/Codec.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\684.zip/filmato.mpeg.exe -> Trojan.Dialer.og : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\685.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\685.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\685.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\697.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\697.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\697.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\700.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\700.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\700.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\702.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\702.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\702.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\703.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\703.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\703.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\713.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\713.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\713.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\714.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\714.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\714.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\771.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\771.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\771.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\772.zip/images/top_avi.exe -> Trojan.Dialer.nv : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\772.zip/filmato.mpeg.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\772.zip/Codec.exe -> Trojan.Dialer.hh : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video.zip/zip/accessocompleto.exe -> Dialer.Generic : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video.zip/zip/system/film.exe -> Dialer.Generic : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video1.zip/zip/accessocompleto.exe -> Dialer.Generic : Limpo com backup

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\video1.zip/zip/system/film.exe -> Dialer.Generic : Limpo com backup

C:\hijackthis\backups\backup-20060122-044636-462.dll -> Dialer.InstantAccess.f : Limpo com backup

C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Limpo com backup

::Fim do Relatório

Logfile of HijackThis v1.99.1

Scan saved at 5:56:34 PM, on 1/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\windows\system32\flvzeiw.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\ARQUIV~1\Iomega\System32\AppServices.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

C:\Arquivos de programas\Grisoft\AVG Free\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [flvzeiw] c:\windows\system32\flvzeiw.exe flvzeiw

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020106 serial=DR12CBP-2441192-DLP lang=BP

O4 - HKLM\..\Run: [suite de Aplicativos Gráfi2a] C:\Arquivos de programas\Corel\Corel Graphics 11\Register\registration.exe /title="Suite de Aplicativos Gráficos CorelDRAW 11" /date=020306 serial=DR11CRD-0012082-DGW

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC3ACE5A-3782-4F57-8288-C3411095678A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\AppServices.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe > KillBox

Salve ou imprima estas instruções:

1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

C:\windows\system32\flvzeiw.exe

Clique no botão com o X. Responda Sim à pergunta.

Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

2 - Faça um full scan com o Ewido e salve o resultado.

3 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

R3 - URLSearchHook: (no name) - - (no file)

O4 - HKLM\..\Run: [flvzeiw] c:\windows\system32\flvzeiw.exe flvzeiw

O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab

4 - Feche o HijackThis e rode o CCleaner, clicando em Executar Cleaner.

5 - Reinicie em modo normal, faça um scan com o HijackThis e salve o log.

6 - Faça novamente um scan on line no Panda.

Poste:

resultado do Ewido

resultado do scan on line

log do HijackThis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Demorei, mas segue os logs

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 12:26:49 AM, 1/28/2006

+ Relatório-Checksum: 412F1156

+ Resultado da verificação:

C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

::Fim do Relatório

Incident Status Location

Potentially unwanted tool:Application/Need2Find Not disinfected C:\Arquivos de programas\Need2Find\bar\1.bin\ND2FNBAR.DLL

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

Spyware:spyware/altnet Not disinfected C:\Documents and Settings\Administrador\Configuraes locais\Temp\asmfiles.cab

Adware:adware/p2pnetworking Not disinfected C:\Documents and Settings\Administrador\Configuraes locais\Temp\p2psetup.exe

Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGDACCESS.inf

Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWAS6_0001_N68M2301NetInstaller.exe

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\WinAntiVirus Pro 2006

Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\AdCache

Adware:adware/instafinder Not disinfected C:\ARQUIVOS DE PROGRAMAS\INSTAFINK

Potentially unwanted tool:application/need2find Not disinfected C:\ARQUIVOS DE PROGRAMAS\Need2Find

Spyware:spyware/rxtoolbar Not disinfected C:\ARQUIVOS DE PROGRAMAS\RXToolBar

Adware:adware/navipromo Not disinfected Windows Registry

Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Adware:adware/dyfuca Not disinfected Windows Registry

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ad.yieldmanager[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@adopt.hbmediapro[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@btg.btgrab[2].txt

Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cliks[2].txt

Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@desktop.kazaa[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@offeroptimizer[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinAntiVirus Pro 2006\WapCHK.dll

Adware:Adware/InstaFinder Not disinfected C:\Arquivos de programas\INSTAFINK\InstaFinderK_inst.exe

Spyware:Spyware/Altnet Not disinfected C:\Arquivos de programas\Kazaa\TopSearch.dll

Potentially unwanted tool:Application/Need2Find Not disinfected C:\Arquivos de programas\Need2Find\bar\1.bin\N2PLUGIN.DLL

Potentially unwanted tool:Application/Need2Find Not disinfected C:\Arquivos de programas\Need2Find\bar\1.bin\ND2FNBAR.DLL

Potentially unwanted tool:Application/Need2Find Not disinfected C:\Arquivos de programas\Need2Find\bar\1.bin\NPND2FN.DLL

Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\asmfiles.cab

Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\asmfiles.cab[asm.exe]

Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\asmfiles.cab[asmps.dll]

Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\p2psetup.exe

Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\__unin__.exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@ad.yieldmanager[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@adopt.hbmediapro[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@btg.btgrab[2].txt

Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cliks[2].txt

Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@desktop.kazaa[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@offeroptimizer[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Adware:Adware/Comet Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\sinstaller.exe

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking v126.cpl

Adware:Adware/InstaFinder Not disinfected C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\adm.exe

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\adm25.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\adm4.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admdata.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admdloader.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admfdi.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admprog.dll

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[AltnetUninstall.exe]

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[asmend.exe]

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\mysearch.cab

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab[Points Manager.exe]

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmfiles.cab

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmfiles.cab[sysdetect.dll]

Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\Setup.exe

Logfile of HijackThis v1.99.1

Scan saved at 12:35:46 AM, on 1/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020106 serial=DR12CBP-2441192-DLP lang=BP

O4 - HKLM\..\Run: [suite de Aplicativos Gráfi2a] C:\Arquivos de programas\Corel\Corel Graphics 11\Register\registration.exe /title="Suite de Aplicativos Gráficos CorelDRAW 11" /date=020306 serial=DR11CRD-0012082-DGW

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\AppServices.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Arrumou um novo problema instalando o Kazaa. Antes de instalar qualquer programa, faça uma pesquisa pela Net para evitar estas infecções.

Desinstale e dê uma olhada neste artigo:

Testes com adwares em programas P2P

Depois que desinstalar, rode em modo de segurança:

Ewido > salve o resultado.

CCleaner.

Reinicie em modo normal faça um scan com o HijackThis e salve o log.

Faça um novo scan on line.

Se demorar de fazer isto, rode primeiro o CCleaner, para imediatamente depois, fazer o scan on line.

Poste:

resultado do Ewido

resultado do scan on line

log do HijackThis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai vai novamente

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 3:23:51 AM, 1/29/2006

+ Relatório-Checksum: D661EB7E

+ Resultado da verificação:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Limpo com backup

HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Limpo com backup

HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Limpo com backup

HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Limpo com backup

HKU\S-1-5-21-2052111302-1409082233-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Limpo com backup

HKU\S-1-5-21-2052111302-1409082233-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Limpo com backup

HKU\S-1-5-21-2052111302-1409082233-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Limpo com backup

HKU\S-1-5-21-2052111302-1409082233-725345543-500\Software\Need2Find -> Spyware.Need2Find : Limpo com backup

HKU\S-1-5-21-2052111302-1409082233-725345543-500\Software\Need2Find\bar -> Spyware.Need2Find : Limpo com backup

C:\Arquivos de programas\INSTAFINK -> Spyware.404Search : Limpo com backup

C:\Arquivos de programas\INSTAFINK\instafink.dll -> Spyware.404Search : Limpo com backup

C:\Arquivos de programas\Need2Find -> Spyware.Need2Find : Limpo com backup

C:\Arquivos de programas\Need2Find\bar -> Spyware.Need2Find : Limpo com backup

C:\Arquivos de programas\Need2Find\bar\History -> Spyware.Need2Find : Limpo com backup

C:\Arquivos de programas\Need2Find\bar\History\search -> Spyware.Need2Find : Limpo com backup

C:\Arquivos de programas\Need2Find\bar\Settings -> Spyware.Need2Find : Erro durante a limpeza

C:\Arquivos de programas\Uninstall Need2Find Bar.dll -> Spyware.MySearch : Limpo com backup

C:\Documents and Settings\Administrador\Configurações locais\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Limpo com backup

C:\Documents and Settings\Administrador\Configurações locais\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Limpo com backup

C:\Documents and Settings\Administrador\Configurações locais\Temp\p2psetup.exe -> Spyware.P2PNetworking : Limpo com backup

C:\Documents and Settings\Administrador\Configurações locais\Temp\__unin__.exe -> Spyware.Altnet : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpo com backup

C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Limpo com backup

C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Limpo com backup

::Fim do Relatório

Incident Status Location

Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGDACCESS.inf

Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWAS6_0001_N68M2301NetInstaller.exe

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\WinAntiVirus Pro 2006

Adware:adware/navipromo Not disinfected Windows Registry

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinAntiVirus Pro 2006\WapCHK.dll

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Adware:Adware/Comet Not disinfected C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\sinstaller.exe

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Logfile of HijackThis v1.99.1

Scan saved at 3:35:12 AM, on 1/29/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\ARQUIV~1\Iomega\System32\AppServices.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Arquivos de programas\RXToolBar\sfcont.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020106 serial=DR12CBP-2441192-DLP lang=BP

O4 - HKLM\..\Run: [suite de Aplicativos Gráfi2a] C:\Arquivos de programas\Corel\Corel Graphics 11\Register\registration.exe /title="Suite de Aplicativos Gráficos CorelDRAW 11" /date=020306 serial=DR11CRD-0012082-DGW

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [semanticInsight] C:\Arquivos de programas\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC3ACE5A-3782-4F57-8288-C3411095678A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Arquivos de programas\RXToolBar\sfcont.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\AppServices.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Copie e salve no Bloco de notas este texto em azul. Salve com um nome fácil de localizar:

C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWAS6_0001_N68M2301NetInstaller.exe

C:\WINDOWS\smdat32a.sys

C:\Arquivos de programas\Arquivos comuns\WinAntiVirus Pro 2006\WapCHK.dll

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\sinstaller.exe

Salve ou imprima estas instruções:

Se em qualquer dos procedimentos abaixo, não encontrar uma entrada no HijackThis ou um arquivo que pedi para deletar, não interrompa os passos e prossiga até o fim.

1 - No Painel de Controle > Adicionar/Remover programas > desinstale: RXToolBar

2 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

Depois clique no botão All Files.

Clique no botão com o X. Responda Sim à pergunta.

3 - Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

Faça um full scan com o Ewido e salve o resultado.

4 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Arquivos de programas\RXToolBar\sfcont.dll (file missing)

O4 - HKLM\..\Run: [semanticInsight] C:\Arquivos de programas\RXToolBar\Semantic Insight\SemanticInsight.exe

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Arquivos de programas\RXToolBar\sfcont.dll

5 - Feche o HijackThis e rode o CCleaner, clicando em Executar Cleaner. Aguarde o exame acabar.

6 - Pelo Windows Explorer > Arquivos de Programas > delete a pasta: RXToolBar

Pelo Windows Explorer > Arquivos de Programas > ARQUIVOS COMUNS > delete a pasta: WinAntiVirus Pro 2006

7 - Reinicie em modo normal faça um scan com o HijackThis e salve o log.

8 - Faça um novo scan on line.

Se demorar de fazer isto, rode primeiro o CCleaner, para imediatamente depois, fazer o scan on line.

Poste:

resultado do Ewido

resultado do scan on line

log do HijackThis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novos logs

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 4:18:49 AM, 1/29/2006

+ Relatório-Checksum: B70FED45

+ Resultado da verificação:

C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

::Fim do Relatório

Incident Status Location

Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGDACCESS.inf

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys

Adware:adware/navipromo Not disinfected Windows Registry

Potentially unwanted tool:application/winantivirus2006 Not disinfected HKEY_CLASSES_ROOT\WAP6.PCHECK

Spyware:spyware/altnet Not disinfected Windows Registry

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Logfile of HijackThis v1.99.1

Scan saved at 4:31:45 AM, on 1/29/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\ARQUIV~1\Iomega\System32\AppServices.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020106 serial=DR12CBP-2441192-DLP lang=BP

O4 - HKLM\..\Run: [suite de Aplicativos Gráfi2a] C:\Arquivos de programas\Corel\Corel Graphics 11\Register\registration.exe /title="Suite de Aplicativos Gráficos CorelDRAW 11" /date=020306 serial=DR11CRD-0012082-DGW

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\AppServices.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Selecione e copie no Bloco de notas o que está dentro do Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBON]

[-HKEY_CURRENT_USER\Software\tbon]

[-HKEY_CURRENT_USER\Software\Classes\tbonac]

[-HKEY_CLASSES_ROOT\WAP6.PCHECK]

[-HKEY_CLASSES_ROOT\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}]

[-HKEY_CLASSES_ROOT\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}]

[-HKEY_CLASSES_ROOT\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}]

[-HKEY_CLASSES_ROOT\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}]

[-HKEY_CLASSES_ROOT\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}]

[-HKEY_CLASSES_ROOT\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}]

[-HKEY_CLASSES_ROOT\Interface\{510C3373-4842-4944-8729-0AFF6725A132}]

[-HKEY_CLASSES_ROOT\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}]

[-HKEY_CLASSES_ROOT\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}]

[-HKEY_CLASSES_ROOT\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}]

[-HKEY_CLASSES_ROOT\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}]

[-HKEY_CLASSES_ROOT\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}]

O REGEDIT4 fica colado aonde se inicia o texto no bloco de notas. Não altere em nada a disposição do que colou.

Salve no desktop com o nome NavTBon.reg e colocando como tipo de arquivo: todos os arquivos.

Copie e salve no Bloco de notas este texto em azul:

C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGDACCESS.inf

C:\WINDOWS\smdat32m.sys

Salve ou imprima estas instruções:

1 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

Depois clique no botão All Files.

Clique no botão com o X. Responda Sim à pergunta.

Ao reiniciar o PC, aperte F8 intermitentemente. No menu que vai aparecer, escolha: modo seguro.

2 - Pelo Windows Explorer > Arquivos de Programas, procure e delete a pasta > TBONbin ou The BestOffers Network.

Se não encontrar continue seguindo oresto das instruções.

3 - Feche todas as janelas e dê um duplo-clique no NavTBon.reg. Aceite a incorporação ao Registro.

4 - Reinicie em modo normal, rode o CCleaner e logo em seguida faça um novo scan on line.

Poste o resultado deste scan.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postando o log do scan on line

Incident Status Location

Adware:adware/navipromo Not disinfected Windows Registry

Potentially unwanted tool:application/winantivirus2006 Not disinfected HKEY_CLASSES_ROOT\WAP6.PCHECK.1

Spyware:spyware/altnet Not disinfected Windows Registry

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Compartilhar este post


Link para o post
Compartilhar em outros sites

Contam somente 3 detecções. Veja abaixo.

Não determina em que chave está:

Adware:adware/navipromo Not disinfected Windows Registry

Spyware:spyware/altnet Not disinfected Windows Registry

São entradas inválidas em algum lugar no Registro, mas não infectam mais.

Reinicie o PC em modo de segurança.

Vá em Iniciar > Executar > digite: regedit

Navegue no Editor, como faz no Windows Explorer. Clique no sinal + da chave HKEY_CLASSES_ROOT e localize > WAP6.PCHECK.

Clique com o direito em cima e exclua. Faça com muito cuidado isso, para não deletar nada mais além desta entrada.

Feche o Editor e reinicie em modo normal.

Faça um novo scan on line e poste o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom parece que estamos finalizando. Mas queria também aproveitar e consultar sobre 2 problemas que esta ocorrendo.

1 - menos importante, mas a data e hora nunca entram corretos quando ligo meu pc...sempre na data 1 de janeiro de 2003 e hora errada também.

2 - mais importante e recentemente, ontem pra ser mais preciso, o programa do excel, não esta abrindo, todos os outros aplicativos do windows funcionam normalmente, word, powerpoint, etc...sempre q tento acessar o excel, ele pede pra aguardar enquanto configura o windows (sera q vou ter q reinstalar o windows?).

Novo log do scan on line

Incident Status Location

Adware:adware/navipromo Not disinfected Windows Registry

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cgi-bin[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@com[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@mediaplex[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@perf.overture[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@serving-sys[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tribalfusion[2].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@uol.com[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@atdmt[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@cgi-bin[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@com[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@mediaplex[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@perf.overture[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@serving-sys[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@terra.com[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tribalfusion[2].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@tucows[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\usuario@uol.com[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@google.com[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\usuario\Cookies\usuario@terra.com[1].txt

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050830-081240-139.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20050923-002401-892.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051004-213315-279.inf

Dialer:Dialer.B Not disinfected C:\hijackthis\backups\backup-20051023-084600-869.inf

Compartilhar este post


Link para o post
Compartilhar em outros sites

O problema com a data deve ser a bateria da placa mãe. Faça a troca para ver se resolve. Quanto ao problema com o Excel, será melhor abrir um tópico na área de Windows.

O PC está limpo. :-BEER

Para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

Leia este artigo Proteja seu PC para evitar novas infecções.

Se você não tem mais problemas, clique no botão Alertar e diga que o problema está resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×