Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
eneas_eneas

peguei um .scr, mas não executei. Minha máquina está infectada?

Recommended Posts

Galera, obrigado por abrir esse canal de comunicação e ajuda. As instruções daqui já me ajudaram muito.

Se alguém puder ajudar... eu ficaria bastante agradecido.

Minha namorada abaixou um .scr sem querer. Quando ela foi executar, o windows perguntou se era para executar mesmo e ela cancelou. Mas, quando inicio o meu computador, ele tenta se executar de novo!! Além disso, meu computador não está desligando direito e a janela de gerenciamento do CTRL+ALT+DEL não fica totalmente visível. Não consigo enxergá-la!

Quando eu soube, apaguei o .scr do computador com um Shift+Del.

Além disso, eu executei o HijackThis (aprendi aqui), e estou postanto também o log dele. Não manjo nada... será que minha máquina tá com algum problema? O .scr já instalou/danificou alguma coisa? Putz, se alguém puder me dar uma mão, VALEU!!! De qualquer maneira, obrigado, pessoal!

abraços,

E.

Logfile of HijackThis v1.99.1

Scan saved at 00:01:08, on 30/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\WISPTIS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgwb.dat

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Piolet] C:\Arquivos de programas\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\hpztsb02.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Arquivos de programas\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente do Acrobat.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .kzp: C:\Arquivos de programas\Internet Explorer\Plugins\NPTkzp32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137378930390

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Na verdade, o arquivo que estava tentanto se executar quando eu ligava o computador era hpztsb02.exe. Ele está no log do Hijack. Eu fui ao C:\windows (onde ele estava) e o apaguei com Shift+Del. Agora eu vou apagar o seu pedido de execução com o Hijack. Será que minha máquina não estava infectada e isso vai resolver? valeu... se alguém leu...

Compartilhar este post


Link para o post
Compartilhar em outros sites

.Faça o download do ewido

http://www.ewido.net/en/download/

• Selecione "English" como idioma para a instalação

• Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

• Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

• Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

• Saia do ewido e não rode um scan completo ainda

Reinicie em Modo Seguro

(aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

• Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

• O ewido detecta alguns programas legítimos como discadores dial-up. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

Ao término da varredura, localize o screen com nome de -> Save report

• Quando o ewido terminar, feche-o.

Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\hpztsb02.exe

Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

Via Windows Explorer apague arquivos e a pasta

C:\WINDOWS\hpztsb02.exe

C:\Program Files\webHancer

e todo seu conteúdo

Reinicie em Modo Normal

Cole log hijackthis + log ewido

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo Sr.Ida,

Muito obrigado pela atenção e pela ajuda. Fiquei muito feliz de ver alguém disposto a ajudar mesmo sem me conhecer, e vi que você faz isso costumeiramente, ajudando tantas outras pessoas. Parabéns!!!

Bem, vamos às questões técnicas. Segui o protocolo que você me passou. Depois de passar o Ewido, não mais achei todas as entradas do Hijack que você falor para eu retirar, nem achei os arquivos no HD (habilitei, antes, a exibição de todos - ah, um deles eu já havia apagado anteriormente). De qualquer maneira, acho que agora está tudo OK! Valeu MESMO!

log Ewido:

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 00:01:43, 31/5/2006

+ Relatório-Checksum: 22108F36

+ Resultado da verificação:

D:\CDs\PACOTES_ESTATISTICOS\SYSTAT SigmaPlot v9.0\SYSTAT[1].SigmaPlot.v9.0.WinAll.SR.Patched-EAT\SYSTAT.SigmaPlot.v9.0.WinAll.SR.Patched-EAT\CRACK\eatss90.exe -> Trojan.Agent.jh : Ignorado

D:\CDs\PACOTES_ESTATISTICOS\SYSTAT SigmaPlot v9.0.rar/SYSTAT[1].SigmaPlot.v9.0.WinAll.SR.Patched-EAT\SYSTAT.SigmaPlot.v9.0.WinAll.SR.Patched-EAT\CRACK\eatss90.exe -> Trojan.Agent.jh : Ignorado

HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Limpo com backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Limpo com backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Limpo com backup

C:\Arquivos de programas\Arquivos comuns\rorulaad\ausmslof\daulelsr.exe -> Adware.Gator : Limpo com backup

C:\Arquivos de programas\Arquivos comuns\rorulaad\rpnmurebbt\ucunemmpp.exe -> Adware.Gator : Limpo com backup

C:\Arquivos de programas\Flash CD & DVD Burner\Partner\VVSNInst.exe -> Adware.SaveNow : Limpo com backup

C:\Arquivos de programas\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Limpo com backup

C:\Documents and Settings\eneas\Configurações locais\Temp\Cookies\eneas@questionmarket[1].txt -> TrackingCookie.Questionmarket : Limpo com backup

C:\Documents and Settings\eneas\Configurações locais\Temp\FDD94.exe -> Adware.Gator : Limpo com backup

C:\Documents and Settings\eneas\Configurações locais\Temp\SHNT288.exe -> Adware.NewDotNet : Limpo com backup

C:\Documents and Settings\eneas\Configurações locais\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@2o7[2].txt -> TrackingCookie.2o7 : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@ads22.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@adtech[2].txt -> TrackingCookie.Adtech : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@burstnet[2].txt -> TrackingCookie.Burstnet : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@casalemedia[2].txt -> TrackingCookie.Casalemedia : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@com[1].txt -> TrackingCookie.Com : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@estat[1].txt -> TrackingCookie.Estat : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@hotlog[1].txt -> TrackingCookie.Hotlog : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@image.masterstats[1].txt -> TrackingCookie.Masterstats : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@overture[1].txt -> TrackingCookie.Overture : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@pro-market[1].txt -> TrackingCookie.Pro-market : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@revenue[1].txt -> TrackingCookie.Revenue : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@serving-sys[2].txt -> TrackingCookie.Serving-sys : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@spylog[1].txt -> TrackingCookie.Spylog : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@stat.onestat[2].txt -> TrackingCookie.Onestat : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@statcounter[2].txt -> TrackingCookie.Statcounter : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@tacoda[1].txt -> TrackingCookie.Tacoda : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@web-stat[2].txt -> TrackingCookie.Web-stat : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Limpo com backup

C:\Documents and Settings\eneas\Cookies\eneas@zedo[2].txt -> TrackingCookie.Zedo : Limpo com backup

:mozilla.27:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Casalemedia : Limpo com backup

:mozilla.52:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.53:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.54:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.55:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.56:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.57:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.58:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.59:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.60:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.61:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sexcounter : Limpo com backup

:mozilla.63:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.64:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.65:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.66:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.67:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.68:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.69:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.70:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.97:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.2o7 : Limpo com backup

:mozilla.98:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.2o7 : Limpo com backup

:mozilla.104:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.2o7 : Limpo com backup

:mozilla.110:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Paycounter : Limpo com backup

:mozilla.112:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Revenue : Limpo com backup

:mozilla.113:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Serving-sys : Limpo com backup

:mozilla.114:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Serving-sys : Limpo com backup

:mozilla.115:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Serving-sys : Limpo com backup

:mozilla.116:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Serving-sys : Limpo com backup

:mozilla.123:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Statcounter : Limpo com backup

:mozilla.124:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Statcounter : Limpo com backup

:mozilla.131:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Tradedoubler : Limpo com backup

:mozilla.132:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Tribalfusion : Limpo com backup

:mozilla.135:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.136:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Clickzs : Limpo com backup

:mozilla.146:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Cqcounter : Limpo com backup

:mozilla.151:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Yieldmanager : Limpo com backup

:mozilla.152:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Yieldmanager : Limpo com backup

:mozilla.161:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Enhance : Limpo com backup

:mozilla.162:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Goclick : Limpo com backup

:mozilla.163:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Goclick : Limpo com backup

:mozilla.171:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Masterstats : Limpo com backup

:mozilla.173:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sitestat : Limpo com backup

:mozilla.174:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Sitestat : Limpo com backup

:mozilla.180:C:\Documents and Settings\eneas\Dados de aplicativos\Mozilla\Firefox\Profiles\uzv8lm8b.default\cookies.txt -> TrackingCookie.Liveperson : Limpo com backup

C:\WINDOWS\DLP.dll -> Adware.Webdir : Limpo com backup

D:\Glaucia\programas\fddli_1200_Aq_s_Inst-74.exe -> Adware.Gator : Limpo com backup

D:\PROGRAMAS\media_player\editor\14(msn.tweakzone.nl).exe/14(msn.tweakzone.nl)\msnDetective20\Detective2oo3.exe -> Not-A-Virus.HackTool.Win32.VB.aa : Limpo com backup

::Fim do Relatório

log do hijack:

Logfile of HijackThis v1.99.1

Scan saved at 00:17:03, on 31/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Piolet] C:\Arquivos de programas\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Arquivos de programas\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente do Acrobat.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARQUIV~1\Yahoo!\Common\yhexbmesbr.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .kzp: C:\Arquivos de programas\Internet Explorer\Plugins\NPTkzp32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137378930390

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Fim, valeu!

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×