Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
carlosalbertoctba

Vírus no java/byteverify

Recommended Posts

Estava com problemas de trojan e altnet em abril, e não consegui remover manualmente, então paguei para reformatar, e agora está lenta novamente.

Tenho o sistema xp e vários membros de minha família tem seu logon, e quando passo o AVG em meu usuário não acusa vírus, mas quando o AVG é automático ele vasculha todos os usuários, então aparece o seguinte resultado.

Alguém pode me ajudar a remover os vírus???

Partition table (MBR),"- OK -","Quick checked"

Boot sector of disk C:,"- OK -","Quick checked"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned"

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned"

System registry exefile\shell\open\command,"","Scanned"

System registry scrfile\shell\open\command,"","Scanned"

System registry scrfile\shell\config\command,"","Scanned"

System registry batfile\shell\open\command,"","Scanned"

System registry cmdfile\shell\open\command,"","Scanned"

System registry comfile\shell\open\command,"","Scanned"

System registry piffile\shell\open\command,"","Scanned"

System registry giffile\shell\open\command,"","Scanned"

System registry htmlfile\shell\open\command,"","Scanned"

System registry htafile\shell\open\command,"","Scanned"

System registry jpegfile\shell\open\command,"","Scanned"

System registry txtfile\shell\open\command,"","Scanned"

System registry regfile\shell\open\command,"","Scanned"

System registry cplfile\shell\cplopen\command,"","Scanned"

System registry Word.Document.8\shell\open\command,"","Scanned"

System registry WordPad.Document.1\shell\open\command,"","Scanned"

System registry inffile\shell\open\command,"","Scanned"

System registry vbsfile\shell\open\command,"","Scanned"

System registry vbefile\shell\open\command,"","Scanned"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe,"- OK -","Quick checked"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe,"- OK -","Quick checked"

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\QuickTime\qttask.exe,"- OK -","Quick checked"

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Windows Defender\MSASCui.exe,"- OK -","Quick checked"

C:\Arquivos de programas\iTunes\iTunesHelper.exe,"- OK -","Quick checked"

C:\WINDOWS\regedit.exe,"- OK -","Quick checked"

C:\WINDOWS\rqqsnd.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\mshta.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\rundll32.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shimgvw.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe,"- OK -","Quick checked"

C:\WINDOWS\vsnpstd2.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\kernel32.dll,"Change","Changed"

C:\WINDOWS\system32\wsock32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\user32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"Change","Changed"

C:\WINDOWS\system32\ntoskrnl.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\drivers\etc\hosts,"- OK -","Quick checked"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip,"Virus identified Java/ByteVerify","Infected, Archive"

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe,"Trojan horse Generic.QCA","Infected, Embedded object"

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip,"Trojan horse Generic.QCA","Infected, Archive"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned"

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned"

System registry exefile\shell\open\command,"","Scanned"

System registry scrfile\shell\open\command,"","Scanned"

System registry scrfile\shell\config\command,"","Scanned"

System registry batfile\shell\open\command,"","Scanned"

System registry cmdfile\shell\open\command,"","Scanned"

System registry comfile\shell\open\command,"","Scanned"

System registry piffile\shell\open\command,"","Scanned"

System registry giffile\shell\open\command,"","Scanned"

System registry htmlfile\shell\open\command,"","Scanned"

System registry htafile\shell\open\command,"","Scanned"

System registry jpegfile\shell\open\command,"","Scanned"

System registry txtfile\shell\open\command,"","Scanned"

System registry regfile\shell\open\command,"","Scanned"

System registry cplfile\shell\cplopen\command,"","Scanned"

System registry Word.Document.8\shell\open\command,"","Scanned"

System registry WordPad.Document.1\shell\open\command,"","Scanned"

System registry inffile\shell\open\command,"","Scanned"

System registry vbsfile\shell\open\command,"","Scanned"

System registry vbefile\shell\open\command,"","Scanned"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe,"- OK -","Quick checked"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe,"- OK -","Quick checked"

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\QuickTime\qttask.exe,"- OK -","Quick checked"

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Windows Defender\MSASCui.exe,"- OK -","Quick checked"

C:\Arquivos de programas\iTunes\iTunesHelper.exe,"- OK -","Quick checked"

C:\WINDOWS\regedit.exe,"- OK -","Quick checked"

C:\WINDOWS\rqqsnd.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\mshta.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\rundll32.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shimgvw.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe,"- OK -","Quick checked"

C:\WINDOWS\vsnpstd2.exe,"- OK -","Quick checked"

AGUARDO AJUDA.

CARLOS

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba,

@- Baixe o HijackThis, colocando numa pasta em C:\HIJACK\HijackThis.exe

- Para executá-lo, feche todas as janelas abertas e clique em Do a system scan and save a logfile.

- Copie todo o log do hijack e cole-o na sequência...

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK, PASSEI O HIJACK E ESTOU COLANDO EM SEGUIDA, TAMBÉM EM ANEXO A VERIFICAÇÃO DO PANDA GRATUITO, SÓ DETECTA, NÃO REMOVE.

AGUARDO RESPOSTA

Logfile of HijackThis v1.99.1

Scan saved at 14:08:02, on 15/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\MediaKey\MMKeybd.EXE

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B90F870-6521-4C53-9120-04D11F0A2B1F}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

<div align="center">PANDA</div>

Incidência Estado Localização

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

Virus:Trj/Nabload.KW Desinfectado Sistema Operativo

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

Ferramenta potencialmente indesejada:application/mywebsearch Não desinfectado c:\windows\system32\f3PSSavr.scr

Ferramenta potencialmente indesejada:application/funweb Não desinfectado HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d}

Ferramenta potencialmente indesejada:Application/FunWeb Não desinfectado C:\Arquivos de programas\MSN Messenger\msimg32.dll

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MSN Messenger\riched20.dll

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[1].txt

Spyware:Cookie/Cgi-bin Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

Spyware:Cookie/Clickbank Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@clickbank[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@statcounter[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[1].txt

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

Virus:Trj/Nabload.KW Desinfectado C:\WINDOWS\temqr1z.tmp

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba, caso exista, em adicionar ou remover programas, desinstale o MyWebSearch.

@- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

- Copie as instruções para o bloco de notas ou imprima!

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

c:\windows\system32\f3PSSavr.scr

C:\Arquivos de programas\MSN Messenger\msimg32.dll

C:\Arquivos de programas\MSN Messenger\riched20.dll

C:\WINDOWS\temqr1z.tmp

...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta. Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

- Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes às entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ

- Localize a pasta abaixo em negrito e delete-a:

C:\Arquivos de programas\MyWebSearch\

@- Clique em Iniciar // Executar // Digite: cleanmgr.exe

(Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

@- Reinicie em modo normal.

@- Copie outro log do Hijack (atualizado) e cole-o na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá amigo.

Fiz a primeira parte que você orientou, mas não consigo entrar em modo seguro, nem com F5 e F8, será que é porque o meu teclado é multimídia??

Irei pegar um teclado normal emprestado ou você tem outra opção.

Grato

Carlos

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba, já conseguiu? Tenta a tecla Ctrl... Caso não consiga me avisa que faremos em modo normal, porém, o procedimento, terá que ser diferente. Cole um novo log do Hijack.

Um forte abraço,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Consegui acessar em modo seguro.

O problema é que o meu teclado é com plug usb, e o setup dele não estava configurado para este tipo. Mas agora consegui seguir o que você indicou.

Eis aí o novo log do hijack.

Aguardo os novos procedimentos (outrossim, baixei o programa shaware "nod32" mas ele não informa que a maioria dos ítens está bloqueada, será que é por cauxa do "windows defender" e meu programa é alternativo°°

Um abraço

Carlos

Logfile of HijackThis v1.99.1

Scan saved at 21:58:27, on 21/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\MediaKey\MMKeybd.EXE

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba, vamos precisar de um scan on-line... acredito que ainda tenha algum problema "oculto" em seu computador. Por favor, informe quais os problemas que ainda estão acontecendo.

@- Faça um scan on-line em um desses links disponíveis: PANDA ou BITDEFENDER

...em todos os discos; reserve log...

  • Obs: Usuários do Avast podem receber um alerta ao tentar utilizar o scan do PANDA. Caso receba, ignore ou desabilite o seu anti-vírus temporariamente para fazer o scan.

- Post um novo log do hijack, do scan on-line e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

AÍ VAI O

BitDefender Online Scanner

Scan report generated at: Thu, Nov 23, 2006 - 06:42:05

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

04:56:16

Files

1175388

Folders

11007

Boot Sectors

4

Archives

294251

Packed Files

82093

Results

Identified Viruses

3

Infected Files

5

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

5

Engines Info

Virus Definitions

317610

Engine build

AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

Scan plugins

13

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)=>price_new.zip

Infected with: Win32.Bagle.*****@mm

C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)=>price_new.zip

Deleted

C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)

Updated

C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)

Updated

C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx

Update failed

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Infected with: Dropped:Application.Adware.NewDotNet.A

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Disinfection failed

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Deleted

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe

Update failed

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Detected with: Application.Spyware.WebHancer.A

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Disinfection failed

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Deleted

C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)

Update failed

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Infected with: Dropped:Application.Adware.NewDotNet.A

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Disinfection failed

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

Deleted

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe

Update failed

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Detected with: Application.Spyware.WebHancer.A

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Disinfection failed

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

Deleted

C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)

Update failed

HIJACK

Logfile of HijackThis v1.99.1

Scan saved at 07:30:32, on 23/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\MediaKey\MMKeybd.EXE

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Aínda aparece os vírus e não foram deletados.

Anexo o Panda e AVG

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MSN Messenger\RICHED20.dll

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

Potentially unwanted tool:application/mywebsearch Not disinfected c:\arquivos de programas\MyWebSearch

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\f3PSSavr.scr

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ad.yieldmanager[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@terra.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

AVG

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MSN Messenger\RICHED20.dll

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

Potentially unwanted tool:application/mywebsearch Not disinfected c:\arquivos de programas\MyWebSearch

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\f3PSSavr.scr

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ad.yieldmanager[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@terra.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

GRATO

CARLOS

ENVIANDO AVG, VERIFICAR QUE NÃO FOI DELETADO OS VÍRUS ENCONTRADOS.

Partition table (MBR) - OK - Quick checked

Boot sector of disk C: - OK - Quick checked

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned

System registry exefile\shell\open\command Scanned

System registry scrfile\shell\open\command Scanned

System registry scrfile\shell\config\command Scanned

System registry batfile\shell\open\command Scanned

System registry cmdfile\shell\open\command Scanned

System registry comfile\shell\open\command Scanned

System registry piffile\shell\open\command Scanned

System registry giffile\shell\open\command Scanned

System registry htmlfile\shell\open\command Scanned

System registry htafile\shell\open\command Scanned

System registry jpegfile\shell\open\command Scanned

System registry txtfile\shell\open\command Scanned

System registry regfile\shell\open\command Scanned

System registry cplfile\shell\cplopen\command Scanned

System registry Word.Document.8\shell\open\command Scanned

System registry WordPad.Document.1\shell\open\command Scanned

System registry inffile\shell\open\command Scanned

System registry vbsfile\shell\open\command Scanned

System registry vbefile\shell\open\command Scanned

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe - OK - Quick checked

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE - OK - Quick checked

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE - OK - Quick checked

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe - OK - Quick checked

C:\Arquivos de programas\Eset\nod32kui.exe - OK - Quick checked

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE - OK - Quick checked

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe - OK - Quick checked

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked

C:\Arquivos de programas\QuickTime\qttask.exe - OK - Quick checked

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe - OK - Quick checked

C:\Arquivos de programas\Windows Defender\MSASCui.exe - OK - Quick checked

C:\Arquivos de programas\iTunes\iTunesHelper.exe - OK - Quick checked

C:\WINDOWS\regedit.exe - OK - Quick checked

C:\WINDOWS\system32\mshta.exe - OK - Quick checked

C:\WINDOWS\system32\rundll32.exe - OK - Quick checked

C:\WINDOWS\system32\shell32.dll - OK - Quick checked

C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe - OK - Quick checked

C:\WINDOWS\vsnpstd2.exe - OK - Quick checked

C:\WINDOWS\system32\kernel32.dll Change Changed

C:\WINDOWS\system32\wsock32.dll - OK - Quick checked

C:\WINDOWS\system32\user32.dll - OK - Quick checked

C:\WINDOWS\system32\shell32.dll Change Changed

C:\WINDOWS\system32\ntoskrnl.exe - OK - Quick checked

C:\WINDOWS\system32\drivers\etc\hosts - OK - Quick checked

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned

System registry exefile\shell\open\command Scanned

System registry scrfile\shell\open\command Scanned

System registry scrfile\shell\config\command Scanned

System registry batfile\shell\open\command Scanned

System registry cmdfile\shell\open\command Scanned

System registry comfile\shell\open\command Scanned

System registry piffile\shell\open\command Scanned

System registry giffile\shell\open\command Scanned

System registry htmlfile\shell\open\command Scanned

System registry htafile\shell\open\command Scanned

System registry jpegfile\shell\open\command Scanned

System registry txtfile\shell\open\command Scanned

System registry regfile\shell\open\command Scanned

System registry cplfile\shell\cplopen\command Scanned

System registry Word.Document.8\shell\open\command Scanned

System registry WordPad.Document.1\shell\open\command Scanned

System registry inffile\shell\open\command Scanned

System registry vbsfile\shell\open\command Scanned

System registry vbefile\shell\open\command Scanned

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe - OK - Quick checked

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE - OK - Quick checked

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE - OK - Quick checked

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe - OK - Quick checked

C:\Arquivos de programas\Eset\nod32kui.exe - OK - Quick checked

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE - OK - Quick checked

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe - OK - Quick checked

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked

C:\Arquivos de programas\QuickTime\qttask.exe - OK - Quick checked

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe - OK - Quick checked

C:\Arquivos de programas\Windows Defender\MSASCui.exe - OK - Quick checked

C:\Arquivos de programas\iTunes\iTunesHelper.exe - OK - Quick checked

C:\WINDOWS\regedit.exe - OK - Quick checked

C:\WINDOWS\system32\mshta.exe - OK - Quick checked

C:\WINDOWS\system32\rundll32.exe - OK - Quick checked

C:\WINDOWS\system32\shell32.dll - OK - Quick checked

C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe - OK - Quick checked

C:\WINDOWS\vsnpstd2.exe - OK - Quick checked

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por favor, repita integralmente o procedimento descrito no Post nº #4. Post um novo log do Hijack.

Você chegou apagar a pasta: MyWebSearch?

Um forte abraço,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, aí está o log novo.

Logfile of HijackThis v1.99.1

Scan saved at 13:34:36, on 28/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\MediaKey\MMKeybd.EXE

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok carlosalbertoctba. Agora, para verificarmos a total eliminação do problema: faça um novo scan on-line com o PANDA (somente com ele). Caso ainda apareça os problemas, faremos os procedimentos de outra maneira.

Até...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Em anexo log do Panda.

Incidência Estado Localização

Ferramenta potencialmente indesejada:application/mywebsearch Não desinfectado c:\arquivos de programas\MyWebSearch

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\!KillBox\f3PSSavr.scr

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\!KillBox\riched20.dll

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ehg-dig.hitbox[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@hitbox[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

Grato

Carlos

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba, aparentemente tudo resolvido. Apesar do scan ainda mostrar a pasta MyWebSearch, não "existe" mais nenhum arquivo que possa reinstalar esta aplicação.

Ainda existe algum alerta dos programas de proteção?

Um forte abraço,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Existem estes arquivos infectados e não removidos.

Como faço para remover manualmente??

Grato

Carlos

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Existem estes arquivos infectados e não removidos.

Como faço para remover manualmente??

Grato

Carlos

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

Compartilhar este post


Link para o post
Compartilhar em outros sites

<div align="center">carlosalbertoctba, esses arquivos estão compactados e não lhe causaram maiores problemas, porém, pode apagá-los manualmente e depois esvaziar a lixeira.

Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

Poderá clicar no botão ALERTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.</div>

<div align="center">Obrigado pelo retorno e um forte abraço!</div>

<div align="center">buho8xs.gif</div>

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

CASO RESOLVIDO!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×