Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
deds

analisem meu log, por favor

Recommended Posts

Olá

Meu computador contraiu virus quando baixei um arquivo q acreditei ser um pacote de codecs

Acredito q tenha mais de um, pois já apereceram mensagens popup do antivirus acusando os virus FakeAlert-B, Puper, BraveSentry, além de 80 infecçoes q aparecem no System Scan Status do antivirus, cujos nomes dos virus não aparecem, os quais ele conseguiu deletar apenas um.

não consigo removê-los com meu antivirus(McAfee), nem com nenhum dos antispywares q instalei (Spybot, e Microsoft). Gostaria q alguem analisasse meu log, q peguei no HijackThis.

Agradeço desde já.

Logfile of HijackThis v1.99.1

Scan saved at 18:08:15, on 29/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\system32\resetservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Network Associates\VirusScan\VsStat.exe

C:\Arquivos de programas\Network Associates\VirusScan\Vshwin32.exe

C:\Arquivos de programas\Network Associates\VirusScan\Avconsol.exe

C:\Arquivos de programas\Network Associates\VirusScan\Webscanx.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\sstray.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

C:\Arquivos de programas\RSSoft\RSEDNClient.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\WINDOWS\system32\atmclk.exe

C:\Documents and Settings\André\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: load=???

?

F3 - REG:win.ini: run=???

?

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [zango] c:\arquivos de programas\zango\zango.exe

O4 - HKLM\..\Run: [webscan] C:\Arquivos de programas\Acceleration Software\Anti-Virus\stopsignav.exe -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spywareQuake.com] C:\Arquivos de programas\SpywareQuake.com\Spyware-Quake.exe /h

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [EanthologyApp] "C:\Arquivos de programas\Arquivos comuns\eAcceleration\eanthology.exe" /b Startup

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Arquivos de programas\RSSoft\RSEDNClient.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BitTorrent.lnk = C:\Arquivos de programas\BitTorrent\bittorrent.exe

O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC5EA59-C6A6-4A8F-ACFF-44767A8F197F}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McShield - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Desculpe pelos outros posts.

Eu havia pegado o log e errado, e eaqueci da possibilidade de editar meu post inicial. :wacko:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá ao Painel de Controle -> em remover programas -> removar se existir

c:\arquivos de programas\zango

C:\Arquivos de programas\SpywareQuake.com\

use o smitRem:

http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1

Rode o smitRem.exe e clique em Start. Ele vai criar uma pasta na área de trabalho chamada smitRem. Não entre nela ainda.

No Modo de Segurança, entre na pasta do smitRem que deve estar na sua área de trabalho e rode o RunThis.bat. Pode levar um tempo.

Execute o HijackThis, clique em Do a System Scan Only, marque

somente as entradas abaixo e dê Fix Checked.

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: load=???

?

F3 - REG:win.ini: run=???

?

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM\..\Run: [zango] c:\arquivos de programas\zango\zango.exe

O4 - HKLM\..\Run: [spywareQuake.com] C:\Arquivos de programas\SpywareQuake.com\Spyware-Quake.exe /h

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

Reinicie

Faça o download do SmitFraudFix:

http://linhadefensiva.uol.com.br/dl/smitfraudfix

Descompacte o conteúdo do arquivo SmitfraudFix.zip para uma pasta própria.

Entre na pasta criada para o SmitFraudFix e rode o SmitfraudFix.cmd. Aperte a opção 1 e aperte Enter.

Cole na resposta os 03 logs

SmitRem

SmitFraudFix

Hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

segui todos os passos indicados, porém dois dos arquivos q você mencionou q deveriam ser apagados pelo hijackthis eu n encontrei. Acho q foram apagados pelo smitrem

segue abaixo os logs para verificaçao

SmitFraudFix v2.50

Scan done at 5:57:43,39, ter 30/05/2006

Run from C:\Documents and Settings\Andr‚\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andr‚\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANDR~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Arquivos de programas

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Minha p gina inicial atual"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1

Scan saved at 06:01:51, on 30/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\resetservice.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Network Associates\VirusScan\VsStat.exe

C:\WINDOWS\system32\sstray.exe

C:\Arquivos de programas\RSSoft\RSEDNClient.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\Network Associates\VirusScan\Vshwin32.exe

C:\Arquivos de programas\Network Associates\VirusScan\Avconsol.exe

C:\Arquivos de programas\Network Associates\VirusScan\Webscanx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\notepad.exe

C:\Documents and Settings\André\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll

O3 - Toolbar: (no name) - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [webscan] C:\Arquivos de programas\Acceleration Software\Anti-Virus\stopsignav.exe -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [EanthologyApp] "C:\Arquivos de programas\Arquivos comuns\eAcceleration\eanthology.exe" /b Startup

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Arquivos de programas\RSSoft\RSEDNClient.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BitTorrent.lnk = C:\Arquivos de programas\BitTorrent\bittorrent.exe

O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC5EA59-C6A6-4A8F-ACFF-44767A8F197F}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McShield - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Não sei como pegar o log com o smitrem

Caso seja necessário, me explique como fazer, q eu ponho aqui

Será q o log já está limpo? Meu pc parece estar bem melhor :palmas:

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.Faça o download do ATF Cleaner by Atribune

http://www.atribune.org/ccount/click.php?id=1

-> em seu desktop

2.Cole o atalho Panda ActiveScan em seu desktop.

Reinicie o computador no Modo de Segurança apertando F8 logo que iniciar até aparecer um menu onde você pode selecionar a opção "Modo Seguro" ou "Modo de Segurança".

1) Rode o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll

O3 - Toolbar: (no name) - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - (no file)

opcional

O4 - HKLM\..\Run: [EanthologyApp] "C:\Arquivos de programas\Arquivos comuns\eAcceleration\eanthology.exe" /b Startup

2) Dois cliques no ATF-Cleaner.exe para rodar a ferramenta.

Check (assinale) os seguintes boxes:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

clica Empty Selected. Aparece uma janela "Done Cleaning" clique OK e exit.

NOTA: Firefox browser/Opera browser -> Se você gostar de manter suas senhas conservadas, clique No -> prompt.

Reinicie

Execute o scan Panda, ao término, faça o log hijackthis e anexe o resultado Panda

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Olá

muito obrigado pela ajuda

Executei os passos seguintes q você orientou, e postei os logs logo abaixo(Panda/Hijack)

Parece q o Panda encontrou alguns problemas

Obrigado

Incident Status Location

Adware:Adware/Redswoosh Not disinfected C:\Arquivos de programas\RSSoft\RSEDNClient.exe

Adware:adware/alexa-toolbar Not disinfected c:\arquivos de programas\Alexa Toolbar

Potentially unwanted tool:application/myway Not disinfected c:\arquivos de programas\MyWay

Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM

Adware:Adware/Alexa-Toolbar Not disinfected C:\Arquivos de programas\Alexa Toolbar\uninstall.exe

Potentially unwanted tool:Application/MyWay Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\1A4A7FEB-A495-4C59-85FA-60BABA

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\237FFE13-A787-4180-ABAD-00AF08

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\5E614F8C-4A0B-4DA7-8168-68D774

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\7238A755-75EA-4D52-A7CA-C4424D

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\84A3C053-32B3-484E-B1DD-EA70C0

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\8F89AA2D-F9B4-49A0-9BB6-4C176D

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\963660E9-BE0C-41EB-B222-54AB7B

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\979A617E-439A-4EBB-A43D-913C6F

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\AF8FFF1B-9217-4EFF-83F1-AAF960

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\D64BDB66-983D-435F-AB6C-D7EC69

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\DD22198C-F5EB-48A2-AA74-A126D9

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\5F7B8518-7014-4241-ACA5-3484F7\E608E38A-DC47-4D59-B0ED-5CA1A7

Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\96EE27DF-995D-41C8-AB07-717357\D8390670-B285-4B71-94AE-DA7D59

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\DD5BD482-D2A7-468B-BB16-1D6D23\2B70388F-3B1C-4405-9386-6A86AD

Virus:Bck/CrackBox Disinfected C:\Arquivos de programas\Reason 2.5 crack by CooleR\Reason Soundbank Cd (needed For Running) (1) (2).exe

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\André\Cookies\andré@2o7[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Cookies\andré@acesso.uol.com[1].txt

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\André\Cookies\andré@admotion.com[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\André\Cookies\andré@ads.pointroll[1].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\André\Cookies\andré@adultfriendfinder[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\André\Cookies\andré@as-us.falkag[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\André\Cookies\andré@atdmt[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\André\Cookies\andré@belnk[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\André\Cookies\andré@belnk[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\André\Cookies\andré@burstnet[1].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\André\Cookies\andré@burstnet[3].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Cookies\andré@de.uol.com[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\André\Cookies\andré@dist.belnk[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Cookies\andré@google.com[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\André\Cookies\andré@server.iad.liveperson[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\André\Cookies\andré@serving-sys[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Cookies\andré@terra.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Cookies\andré@uol.com[1].txt

Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\André\Cookies\andré@www.seeq[1].txt

Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\André\Cookies\andré@www.seeq[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.google.com.br/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.kinghost.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.go.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.qksrv.net/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.qksrv.net/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.overture.com/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.as-us.falkag.net/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.weborama.fr/]

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.ccbill.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.bannerlandia.com.ar/]

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.belnk.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.com.com/]

Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.findwhat.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.microsofteup.112.2o7.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.uol.com.br/cyberdiet]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.z1.adserver.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[admotion.com.ar/]

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[adserver.terra.es/]

Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[c.goclick.com/]

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[hc2.humanclick.com/]

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[hc2.humanclick.com/hc/41090446]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[server.iad.liveperson.net/hc/3889204]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[stat.onestat.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\André\Dados de aplicativos\Mozilla\Firefox\Profiles\ywx5s9p8.default\cookies.txt[www48.seeq.com/]

Adware:Adware/Alexa-Toolbar Not disinfected C:\Documents and Settings\André\Desktop\backups\backup-20060530-175506-533.dll

Logfile of HijackThis v1.99.1

Scan saved at 16:21:00, on 2/6/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\system32\resetservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Network Associates\VirusScan\VsStat.exe

C:\Arquivos de programas\Network Associates\VirusScan\Vshwin32.exe

C:\Arquivos de programas\Network Associates\VirusScan\Avconsol.exe

C:\Arquivos de programas\Network Associates\VirusScan\Webscanx.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\sstray.exe

C:\Arquivos de programas\RSSoft\RSEDNClient.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\André\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [webscan] C:\Arquivos de programas\Acceleration Software\Anti-Virus\stopsignav.exe -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Arquivos de programas\RSSoft\RSEDNClient.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BitTorrent.lnk = C:\Arquivos de programas\BitTorrent\bittorrent.exe

O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Arquivos de programas\M-Audio Ozone\OZTask.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC5EA59-C6A6-4A8F-ACFF-44767A8F197F}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{07A767CD-A7DC-4E2A-92E4-4ADAEA177900}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Arquivos de programas\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McShield - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Network Associates\McShield\Mcshield.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Arquivos de programas\M-Audio Ozone\Install\Ozinst.exe

O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\

Limpe a quarentena do Microsoft AntiSpyware

Adware:Adware/Redswoosh Not disinfected C:\Arquivos de programas\RSSoft\RSEDNClient.exe 

Cautela. Pode ser falso/positivo

clica

Adware:adware/alexa-toolbar Not disinfected c:\arquivos de programas\Alexa Toolbar 
Potentially unwanted tool:application/myway Not disinfected c:\arquivos de programas\MyWay
Adware:Adware/Alexa-Toolbar Not disinfected C:\Arquivos de programas\Alexa Toolbar\uninstall.exe

Desinstale via Painel de Controle, se constar, depois apague as pastas

C:\Arquivos de programas\Alexa

c:\arquivos de programas\MyWay

Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM 

Iniciar -> executar -> escrever regedit -> enter -> com todo cuidado possivel limpe a entrada

hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\-> AltnetDM

fecha o editor do registro

o resto é cookies e arquivos temporários, e voce pode apagar através do browser

log limpo

Reinicie o computador em modo normal

Leia o artigo Proteja seu PC para evitar futuras infecções:

http://linhadefensiva.uol.com.br/artigos/proteja-seu-pc/

Desabilite e reabilite a Restauração do Sistema:

http://service1.symantec.com/SUPPORT/INTER...a5?OpenDocument

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Potentially unwanted tool:Application/Altnet Not disinfected C:\Arquivos de programas\Microsoft AntiSpyware\Quarantine\

Limpe a quarentena do Microsoft AntiSpyware

Adware:Adware/Redswoosh Not disinfected C:\Arquivos de programas\RSSoft\RSEDNClient.exe 

Cautela. Pode ser falso/positivo

clica

Desculpe a ignorância, mas não estou conseguindo limpar a quarentena do Anti Spy, porém ele rodou, e apareceu q não havia nenhum objeto na quarentena.

Sobre o outro arquivo, será q é algum arquivo de emule,soulseek,bittorrent, ou de algum site como rapidshare,megaupload, etc?

se n for nada disso, eu acho q prefiro apagar mesmo.

Muito obrigado pela ajuda :-BEER

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×