Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
carlosalbertoctba

Vírus no java/byteverify

Recommended Posts

Estava com problemas de trojan e altnet em abril, e não consegui remover manualmente, então paguei para reformatar, e agora está lenta novamente.

Tenho o sistema xp e vários membros de minha família tem seu logon, e quando passo o AVG em meu usuário não acusa vírus, mas quando o AVG é automático ele vasculha todos os usuários, então aparece o seguinte resultado.

Alguém pode me ajudar a remover os vírus???

Partition table (MBR),"- OK -","Quick checked"

Boot sector of disk C:,"- OK -","Quick checked"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned"

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned"

System registry exefile\shell\open\command,"","Scanned"

System registry scrfile\shell\open\command,"","Scanned"

System registry scrfile\shell\config\command,"","Scanned"

System registry batfile\shell\open\command,"","Scanned"

System registry cmdfile\shell\open\command,"","Scanned"

System registry comfile\shell\open\command,"","Scanned"

System registry piffile\shell\open\command,"","Scanned"

System registry giffile\shell\open\command,"","Scanned"

System registry htmlfile\shell\open\command,"","Scanned"

System registry htafile\shell\open\command,"","Scanned"

System registry jpegfile\shell\open\command,"","Scanned"

System registry txtfile\shell\open\command,"","Scanned"

System registry regfile\shell\open\command,"","Scanned"

System registry cplfile\shell\cplopen\command,"","Scanned"

System registry Word.Document.8\shell\open\command,"","Scanned"

System registry WordPad.Document.1\shell\open\command,"","Scanned"

System registry inffile\shell\open\command,"","Scanned"

System registry vbsfile\shell\open\command,"","Scanned"

System registry vbefile\shell\open\command,"","Scanned"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe,"- OK -","Quick checked"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe,"- OK -","Quick checked"

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\QuickTime\qttask.exe,"- OK -","Quick checked"

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Windows Defender\MSASCui.exe,"- OK -","Quick checked"

C:\Arquivos de programas\iTunes\iTunesHelper.exe,"- OK -","Quick checked"

C:\WINDOWS\regedit.exe,"- OK -","Quick checked"

C:\WINDOWS\rqqsnd.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\mshta.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\rundll32.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shimgvw.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe,"- OK -","Quick checked"

C:\WINDOWS\vsnpstd2.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\kernel32.dll,"Change","Changed"

C:\WINDOWS\system32\wsock32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\user32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"Change","Changed"

C:\WINDOWS\system32\ntoskrnl.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\drivers\etc\hosts,"- OK -","Quick checked"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class,"Virus identified Java/ByteVerify","Infected, Embedded object"

C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip,"Virus identified Java/ByteVerify","Infected, Archive"

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe,"Trojan horse Generic.QCA","Infected, Embedded object"

D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip,"Trojan horse Generic.QCA","Infected, Archive"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned"

System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned"

System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned"

System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned"

System registry exefile\shell\open\command,"","Scanned"

System registry scrfile\shell\open\command,"","Scanned"

System registry scrfile\shell\config\command,"","Scanned"

System registry batfile\shell\open\command,"","Scanned"

System registry cmdfile\shell\open\command,"","Scanned"

System registry comfile\shell\open\command,"","Scanned"

System registry piffile\shell\open\command,"","Scanned"

System registry giffile\shell\open\command,"","Scanned"

System registry htmlfile\shell\open\command,"","Scanned"

System registry htafile\shell\open\command,"","Scanned"

System registry jpegfile\shell\open\command,"","Scanned"

System registry txtfile\shell\open\command,"","Scanned"

System registry regfile\shell\open\command,"","Scanned"

System registry cplfile\shell\cplopen\command,"","Scanned"

System registry Word.Document.8\shell\open\command,"","Scanned"

System registry WordPad.Document.1\shell\open\command,"","Scanned"

System registry inffile\shell\open\command,"","Scanned"

System registry vbsfile\shell\open\command,"","Scanned"

System registry vbefile\shell\open\command,"","Scanned"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe,"- OK -","Quick checked"

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe,"- OK -","Quick checked"

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE,"- OK -","Quick checked"

C:\ARQUIV~1\MediaKey\MMKEYBD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE,"- OK -","Quick checked"

C:\Arquivos de programas\QuickTime\qttask.exe,"- OK -","Quick checked"

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe,"- OK -","Quick checked"

C:\Arquivos de programas\Windows Defender\MSASCui.exe,"- OK -","Quick checked"

C:\Arquivos de programas\iTunes\iTunesHelper.exe,"- OK -","Quick checked"

C:\WINDOWS\regedit.exe,"- OK -","Quick checked"

C:\WINDOWS\rqqsnd.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\mshta.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\rundll32.exe,"- OK -","Quick checked"

C:\WINDOWS\system32\shell32.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\shimgvw.dll,"- OK -","Quick checked"

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe,"- OK -","Quick checked"

C:\WINDOWS\vsnpstd2.exe,"- OK -","Quick checked"

AGUARDO AJUDA.

CARLOS

Compartilhar este post


Link para o post
Compartilhar em outros sites

carlosalbertoctba,

@- Baixe o HijackThis, colocando numa pasta em C:\HIJACK\HijackThis.exe

- Para executá-lo, feche todas as janelas abertas e clique em Do a system scan and save a logfile.

- Copie todo o log do hijack e cole-o na sequência...

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • OK, PASSEI O HIJACK E ESTOU COLANDO EM SEGUIDA, TAMBÉM EM ANEXO A VERIFICAÇÃO DO PANDA GRATUITO, SÓ DETECTA, NÃO REMOVE.

    AGUARDO RESPOSTA

    Logfile of HijackThis v1.99.1

    Scan saved at 14:08:02, on 15/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

    C:\WINDOWS\vsnpstd2.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\Arquivos de programas\Windows Defender\MSASCui.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

    O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B90F870-6521-4C53-9120-04D11F0A2B1F}: Domain = @

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    <div align="center">PANDA</div>

    Incidência Estado Localização

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

    Virus:Trj/Nabload.KW Desinfectado Sistema Operativo

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

    Ferramenta potencialmente indesejada:application/mywebsearch Não desinfectado c:\windows\system32\f3PSSavr.scr

    Ferramenta potencialmente indesejada:application/funweb Não desinfectado HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d}

    Ferramenta potencialmente indesejada:Application/FunWeb Não desinfectado C:\Arquivos de programas\MSN Messenger\msimg32.dll

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MSN Messenger\riched20.dll

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[1].txt

    Spyware:Cookie/Cgi-bin Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

    Spyware:Cookie/Clickbank Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@clickbank[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

    Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@statcounter[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

    Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

    Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

    Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[1].txt

    Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

    Virus:Trj/Nabload.KW Desinfectado C:\WINDOWS\temqr1z.tmp

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    carlosalbertoctba, caso exista, em adicionar ou remover programas, desinstale o MyWebSearch.

    @- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

    - Copie as instruções para o bloco de notas ou imprima!

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    c:\windows\system32\f3PSSavr.scr

    C:\Arquivos de programas\MSN Messenger\msimg32.dll

    C:\Arquivos de programas\MSN Messenger\riched20.dll

    C:\WINDOWS\temqr1z.tmp

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta. Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes às entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ

    - Localize a pasta abaixo em negrito e delete-a:

    C:\Arquivos de programas\MyWebSearch\

    @- Clique em Iniciar // Executar // Digite: cleanmgr.exe

    (Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

    @- Reinicie em modo normal.

    @- Copie outro log do Hijack (atualizado) e cole-o na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá amigo.

    Fiz a primeira parte que você orientou, mas não consigo entrar em modo seguro, nem com F5 e F8, será que é porque o meu teclado é multimídia??

    Irei pegar um teclado normal emprestado ou você tem outra opção.

    Grato

    Carlos

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    carlosalbertoctba, já conseguiu? Tenta a tecla Ctrl... Caso não consiga me avisa que faremos em modo normal, porém, o procedimento, terá que ser diferente. Cole um novo log do Hijack.

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Consegui acessar em modo seguro.

    O problema é que o meu teclado é com plug usb, e o setup dele não estava configurado para este tipo. Mas agora consegui seguir o que você indicou.

    Eis aí o novo log do hijack.

    Aguardo os novos procedimentos (outrossim, baixei o programa shaware "nod32" mas ele não informa que a maioria dos ítens está bloqueada, será que é por cauxa do "windows defender" e meu programa é alternativo°°

    Um abraço

    Carlos

    Logfile of HijackThis v1.99.1

    Scan saved at 21:58:27, on 21/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

    C:\WINDOWS\vsnpstd2.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

    O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    carlosalbertoctba, vamos precisar de um scan on-line... acredito que ainda tenha algum problema "oculto" em seu computador. Por favor, informe quais os problemas que ainda estão acontecendo.

    @- Faça um scan on-line em um desses links disponíveis: PANDA ou BITDEFENDER

    ...em todos os discos; reserve log...

    • Obs: Usuários do Avast podem receber um alerta ao tentar utilizar o scan do PANDA. Caso receba, ignore ou desabilite o seu anti-vírus temporariamente para fazer o scan.

    - Post um novo log do hijack, do scan on-line e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • AÍ VAI O

    BitDefender Online Scanner

    Scan report generated at: Thu, Nov 23, 2006 - 06:42:05

    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time

    04:56:16

    Files

    1175388

    Folders

    11007

    Boot Sectors

    4

    Archives

    294251

    Packed Files

    82093

    Results

    Identified Viruses

    3

    Infected Files

    5

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    5

    Engines Info

    Virus Definitions

    317610

    Engine build

    AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

    Scan plugins

    13

    Archive plugins

    38

    Unpack plugins

    6

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)=>price_new.zip

    Infected with: Win32.Bagle.*****@mm

    C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)=>price_new.zip

    Deleted

    C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)=>[subject: Fw: ][Date: Tue, 13 Sep 2005 00:07:31 -0300]=>(MIME part)

    Updated

    C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx=>(message 99)

    Updated

    C:\COSTA E MAIL\Outlook Express\Itens enviados.dbx

    Update failed

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Infected with: Dropped:Application.Adware.NewDotNet.A

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Disinfection failed

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Deleted

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe

    Update failed

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Detected with: Application.Spyware.WebHancer.A

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Disinfection failed

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Deleted

    C:\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)

    Update failed

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Infected with: Dropped:Application.Adware.NewDotNet.A

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Disinfection failed

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0089

    Deleted

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe

    Update failed

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Detected with: Application.Spyware.WebHancer.A

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Disinfection failed

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)=>WhAgent.exe

    Deleted

    C:\My Music\IMAGENS COMPARTILHADAS\Minhas imagens\Imagens - Jeh\dolphinfree.exe=>wise0090=>(RAR Sfx o)

    Update failed

    HIJACK

    Logfile of HijackThis v1.99.1

    Scan saved at 07:30:32, on 23/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

    C:\WINDOWS\vsnpstd2.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\Arquivos de programas\Windows Defender\MSASCui.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

    O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Aínda aparece os vírus e não foram deletados.

    Anexo o Panda e AVG

    Incident Status Location

    Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MSN Messenger\RICHED20.dll

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

    Potentially unwanted tool:application/mywebsearch Not disinfected c:\arquivos de programas\MyWebSearch

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\f3PSSavr.scr

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[2].txt

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ad.yieldmanager[1].txt

    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@terra.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

    AVG

    Incident Status Location

    Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\arquiv~1\mywebs~1\bar\1.bin\mwsoemon.exe

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MSN Messenger\RICHED20.dll

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoestb.dll

    Potentially unwanted tool:application/mywebsearch Not disinfected c:\arquivos de programas\MyWebSearch

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\f3PSSavr.scr

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@acesso.uol.com[2].txt

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ad.yieldmanager[1].txt

    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@cgi-bin[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@de.uol.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@google.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@ig.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@terra.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS\Cookies\carlos@uol.com[2].txt

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

    GRATO

    CARLOS

    ENVIANDO AVG, VERIFICAR QUE NÃO FOI DELETADO OS VÍRUS ENCONTRADOS.

    Partition table (MBR) - OK - Quick checked

    Boot sector of disk C: - OK - Quick checked

    System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned

    System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned

    System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned

    System registry exefile\shell\open\command Scanned

    System registry scrfile\shell\open\command Scanned

    System registry scrfile\shell\config\command Scanned

    System registry batfile\shell\open\command Scanned

    System registry cmdfile\shell\open\command Scanned

    System registry comfile\shell\open\command Scanned

    System registry piffile\shell\open\command Scanned

    System registry giffile\shell\open\command Scanned

    System registry htmlfile\shell\open\command Scanned

    System registry htafile\shell\open\command Scanned

    System registry jpegfile\shell\open\command Scanned

    System registry txtfile\shell\open\command Scanned

    System registry regfile\shell\open\command Scanned

    System registry cplfile\shell\cplopen\command Scanned

    System registry Word.Document.8\shell\open\command Scanned

    System registry WordPad.Document.1\shell\open\command Scanned

    System registry inffile\shell\open\command Scanned

    System registry vbsfile\shell\open\command Scanned

    System registry vbefile\shell\open\command Scanned

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe - OK - Quick checked

    C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE - OK - Quick checked

    C:\ARQUIV~1\MediaKey\MMKEYBD.EXE - OK - Quick checked

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe - OK - Quick checked

    C:\Arquivos de programas\Eset\nod32kui.exe - OK - Quick checked

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE - OK - Quick checked

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe - OK - Quick checked

    C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked

    C:\Arquivos de programas\QuickTime\qttask.exe - OK - Quick checked

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe - OK - Quick checked

    C:\Arquivos de programas\Windows Defender\MSASCui.exe - OK - Quick checked

    C:\Arquivos de programas\iTunes\iTunesHelper.exe - OK - Quick checked

    C:\WINDOWS\regedit.exe - OK - Quick checked

    C:\WINDOWS\system32\mshta.exe - OK - Quick checked

    C:\WINDOWS\system32\rundll32.exe - OK - Quick checked

    C:\WINDOWS\system32\shell32.dll - OK - Quick checked

    C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe - OK - Quick checked

    C:\WINDOWS\vsnpstd2.exe - OK - Quick checked

    C:\WINDOWS\system32\kernel32.dll Change Changed

    C:\WINDOWS\system32\wsock32.dll - OK - Quick checked

    C:\WINDOWS\system32\user32.dll - OK - Quick checked

    C:\WINDOWS\system32\shell32.dll Change Changed

    C:\WINDOWS\system32\ntoskrnl.exe - OK - Quick checked

    C:\WINDOWS\system32\drivers\etc\hosts - OK - Quick checked

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

    System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned

    System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned

    System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned

    System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned

    System registry exefile\shell\open\command Scanned

    System registry scrfile\shell\open\command Scanned

    System registry scrfile\shell\config\command Scanned

    System registry batfile\shell\open\command Scanned

    System registry cmdfile\shell\open\command Scanned

    System registry comfile\shell\open\command Scanned

    System registry piffile\shell\open\command Scanned

    System registry giffile\shell\open\command Scanned

    System registry htmlfile\shell\open\command Scanned

    System registry htafile\shell\open\command Scanned

    System registry jpegfile\shell\open\command Scanned

    System registry txtfile\shell\open\command Scanned

    System registry regfile\shell\open\command Scanned

    System registry cplfile\shell\cplopen\command Scanned

    System registry Word.Document.8\shell\open\command Scanned

    System registry WordPad.Document.1\shell\open\command Scanned

    System registry inffile\shell\open\command Scanned

    System registry vbsfile\shell\open\command Scanned

    System registry vbefile\shell\open\command Scanned

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe - OK - Quick checked

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe - OK - Quick checked

    C:\ARQUIV~1\MediaKey\KPDRV4XP.EXE - OK - Quick checked

    C:\ARQUIV~1\MediaKey\MMKEYBD.EXE - OK - Quick checked

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe - OK - Quick checked

    C:\Arquivos de programas\Eset\nod32kui.exe - OK - Quick checked

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE - OK - Quick checked

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe - OK - Quick checked

    C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE - OK - Quick checked

    C:\Arquivos de programas\QuickTime\qttask.exe - OK - Quick checked

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe - OK - Quick checked

    C:\Arquivos de programas\Windows Defender\MSASCui.exe - OK - Quick checked

    C:\Arquivos de programas\iTunes\iTunesHelper.exe - OK - Quick checked

    C:\WINDOWS\regedit.exe - OK - Quick checked

    C:\WINDOWS\system32\mshta.exe - OK - Quick checked

    C:\WINDOWS\system32\rundll32.exe - OK - Quick checked

    C:\WINDOWS\system32\shell32.dll - OK - Quick checked

    C:\WINDOWS\system32\shimgvw.dll - OK - Quick checked

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe - OK - Quick checked

    C:\WINDOWS\vsnpstd2.exe - OK - Quick checked

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por favor, repita integralmente o procedimento descrito no Post nº #4. Post um novo log do Hijack.

    Você chegou apagar a pasta: MyWebSearch?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá, aí está o log novo.

    Logfile of HijackThis v1.99.1

    Scan saved at 13:34:36, on 28/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

    C:\WINDOWS\vsnpstd2.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE

    O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

    O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137101185515

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133481206756

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED10A92-4274-48D8-93F8-26B4C3C507F2}: NameServer = 201.10.120.2 201.10.128.3

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok carlosalbertoctba. Agora, para verificarmos a total eliminação do problema: faça um novo scan on-line com o PANDA (somente com ele). Caso ainda apareça os problemas, faremos os procedimentos de outra maneira.

    Até...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Em anexo log do Panda.

    Incidência Estado Localização

    Ferramenta potencialmente indesejada:application/mywebsearch Não desinfectado c:\arquivos de programas\MyWebSearch

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\!KillBox\f3PSSavr.scr

    Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\!KillBox\riched20.dll

    Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ad.yieldmanager[2].txt

    Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ads.pointroll[1].txt

    Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atdmt[1].txt

    Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@atwola[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@de.uol.com[1].txt

    Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ehg-dig.hitbox[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@google.com[1].txt

    Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@hitbox[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@ig.com[1].txt

    Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\CARLOS VINÍCIUS\Cookies\carlos vinícius@uol.com[2].txt

    Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Cecília\Cookies\cecília@microsoftwga.112.2o7[1].txt

    Grato

    Carlos

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    carlosalbertoctba, aparentemente tudo resolvido. Apesar do scan ainda mostrar a pasta MyWebSearch, não "existe" mais nenhum arquivo que possa reinstalar esta aplicação.

    Ainda existe algum alerta dos programas de proteção?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Existem estes arquivos infectados e não removidos.

    Como faço para remover manualmente??

    Grato

    Carlos

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá

    Existem estes arquivos infectados e não removidos.

    Como faço para remover manualmente??

    Grato

    Carlos

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\BlackBox.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\VerifierBug.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip:\Beyond.class Virus identified Java/ByteVerify Infected, Embedded object

    C:\Documents and Settings\JÉSSICA\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33d403fe-32550949.zip Virus identified Java/ByteVerify Infected, Archive

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip:\geraline.exe Trojan horse Generic.QCA Infected, Embedded object

    D:\Documents and Settings\Jeh\Meus documentos\Meus arquivos recebidos\geraline.zip Trojan horse Generic.QCA Infected, Archive

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    <div align="center">carlosalbertoctba, esses arquivos estão compactados e não lhe causaram maiores problemas, porém, pode apagá-los manualmente e depois esvaziar a lixeira.

    Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão ALERTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.</div>

    <div align="center">Obrigado pelo retorno e um forte abraço!</div>

    <div align="center">buho8xs.gif</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×