Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
yautja

2 iexplore.exe que não fecham.

Recommended Posts

Bem, utilizo Firefox, mas recentemente algumas janelas do iexplorer começaram a abrir do nada, olhando o task manager notei que existem 2 iexplore.exe que ficam constantemente abertos, ao tentar finalizá-los eles voltam consumindo muita memória e travando meu pc durante um tempo. Outra coisa que notei, é que ao tentar finalizar o iexplore.exe, aparece no taskmanager um tal de LONGSI~1.EXE que some quando o iexplore.exe volta, esse longsi~1 se encontra na pasta C:\WINDOWS\Prefetch juntamente com outro arquivo chamado IEXPLORE.EXE, ambos retornam após serem deletados.

Segue abaixo o log gerado pelo hijack:

Logfile of HijackThis v1.99.1

Scan saved at 9:44:30 PM, on 9/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Seekmo /fleok=1D8A83A5C5E019769AA475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Application Data\seek film amok web\Long sign.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AmokGrid] C:\DOCUME~1\Admin\APPLIC~1\CLOSED~1\Bits4Up.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Bem Vindo ao Forum do Clube do Hardware.

Faça o download de Lop_Icone-medium;init:.jpg

  • Temporariamente desactive seus programas de proteção (Antivirus, etc.) para não interferirem com a ferramenta.
  • Duplo-Clique no ícone do Lop S&D que estará no desktop.
    Se utiliza o Windows Vista, dê clique direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
  • Irá surgir uma janela (conforme imagem abaixo), tecle P de Português e dê enter.
    Lop_Choix-large.jpg
  • Pressione agora o numero "3 - Remocao - Hosts" pressionando a tecla "3" e dê ENTER.
  • A ferramenta irá rodar para que a infecção possa ser removida.
  • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório na sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Lusitano, obrigado pelas boas vindas.

Bem, segui passo a passo as instruções e consegui rodar com êxito o programa, segue abaixo o log do CiD e logo em seguida o do Hijack:

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Duron )

BIOS : Version 1.00

USER : Admin ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 18 Go Free : 0 Go

D:\ (Local Disk) - NTFS - Total : 48 Go Free : 38 Go

E:\ (Local Disk) - NTFS - Total : 25 Go Free : 0 Go

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [3] ( Tue 09/16/2008|12:54 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\WINDOWS\Tasks\A6BF46419188FEC1.job

Deletado! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Long sign.exe

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1\ACTIVESENDREGSBIRD.exe

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1\bike phone third.exe

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1\Bits4Up.exe

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1\imwmfgml.exe

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1\skyjwifm.exe

Deletado! - C:\DOCUME~1\Admin\LOCALS~1\Temp\nscE8.tmp

Deletado! - C:\DOCUME~1\Admin\LOCALS~1\Temp\nsgE3.tmp

Deletado! - C:\DOCUME~1\Admin\LOCALS~1\Temp\nsiE2.tmp

Deletado! - C:\DOCUME~1\Admin\LOCALS~1\Temp\nsiE7.tmp

Deletado! - C:\Program Files\Circle Developement\Uninstall.exe

Deletado! - C:\DOCUME~1\Admin\Cookies\admin@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\Admin\Cookies\admin@advertising[1].txt

Deletado! - C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[1].txt

Deletado! - C:\DOCUME~1\Admin\Cookies\admin@www.lop[1].txt

Deletado! - C:\DOCUME~1\Admin\Cookies\admin@888[1].txt

Deletado! - C:\DOCUME~1\Admin\LOCALS~1\Temp\bis62.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web

Deletado! - C:\DOCUME~1\Admin\APPLIC~1\closed~1

Deletado! - C:\Program Files\closed~1

Deletado! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em APPLIC~1

[06/05/2006|01:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> .bittorrent

[06/17/2008|03:35] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Adobe

[05/27/2006|04:02] C:\DOCUME~1\Admin\APPLIC~1\<DIR> AdobeAUM

[05/27/2006|04:02] C:\DOCUME~1\Admin\APPLIC~1\<DIR> AdobeUM

[07/02/2006|01:48] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Apple Computer

[08/23/2008|06:55] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Corel

[09/13/2007|01:28] C:\DOCUME~1\Admin\APPLIC~1\<DIR> DivX

[09/22/2006|11:03] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Hamachi

[02/26/2006|11:01] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Help

[08/28/2008|12:56] C:\DOCUME~1\Admin\APPLIC~1\<DIR> HP

[08/20/2008|12:12] C:\DOCUME~1\Admin\APPLIC~1\<DIR> HPAppData

[02/19/2006|10:19] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Identities

[12/16/2006|03:34] C:\DOCUME~1\Admin\APPLIC~1\<DIR> IMVU

[08/23/2008|05:57] C:\DOCUME~1\Admin\APPLIC~1\<DIR> InstallShield

[06/05/2006|01:52] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Leadertech

[10/30/2007|12:24] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Macromedia

[04/14/2006|10:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Media Player Classic

[08/14/2008|11:55] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Microsoft

[06/19/2008|06:21] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Mozilla

[08/27/2008|08:23] C:\DOCUME~1\Admin\APPLIC~1\<DIR> NJStar

[08/21/2008|03:26] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Real

[09/12/2006|06:40] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Sun

[02/11/2007|06:44] C:\DOCUME~1\Admin\APPLIC~1\<DIR> teamspeak2

[07/18/2007|02:09] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Uniblue

[02/17/2008|05:04] C:\DOCUME~1\Admin\APPLIC~1\<DIR> uTorrent

[09/07/2008|05:32] C:\DOCUME~1\Admin\APPLIC~1\<DIR> Winamp

[02/19/2006|04:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel

[02/19/2006|01:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[02/19/2006|03:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia

[02/19/2006|05:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[04/03/2008|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[01/22/2007|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems

[06/05/2006|02:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[08/05/2008|02:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira

[08/20/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard

[08/20/2008|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP

[08/20/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant

[08/20/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HPSSUPPLY

[08/05/2008|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield

[05/08/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft

[05/27/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!

[04/29/2006|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[04/26/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters

[02/19/2006|03:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec

[08/20/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG

[08/01/2006|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[02/19/2006|02:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/15/2006|05:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[02/19/2006|02:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[09/16/2008 12:44 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/23/2001 09:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Program Files

[04/03/2008|09:16] C:\Program Files\<DIR> Adobe

[03/21/2008|01:15] C:\Program Files\<DIR> AIDA

[08/05/2008|02:44] C:\Program Files\<DIR> Avira

[04/25/2008|07:55] C:\Program Files\<DIR> C-Media

[08/21/2008|03:16] C:\Program Files\<DIR> Combined Community Codec Pack

[09/09/2008|12:04] C:\Program Files\<DIR> Common Files

[09/09/2008|03:55] C:\Program Files\<DIR> Corel

[06/01/2008|06:41] C:\Program Files\<DIR> CyberScript32

[05/16/2006|04:33] C:\Program Files\<DIR> Firefox_google

[08/25/2008|01:19] C:\Program Files\<DIR> Gravity

[08/20/2008|12:04] C:\Program Files\<DIR> Hewlett-Packard

[08/20/2008|12:13] C:\Program Files\<DIR> HP

[04/29/2008|05:27] C:\Program Files\<DIR> InstallShield Installation Information

[09/15/2008|08:32] C:\Program Files\<DIR> Internet Explorer

[01/01/2007|05:46] C:\Program Files\<DIR> Java

[05/08/2008|04:24] C:\Program Files\<DIR> Lavasoft

[04/03/2008|03:38] C:\Program Files\<DIR> LimeWire

[01/21/2007|10:04] C:\Program Files\<DIR> Media Player

[08/13/2008|05:58] C:\Program Files\<DIR> Messenger

[09/11/2008|06:15] C:\Program Files\<DIR> Messenger Plus! Live

[02/19/2006|03:54] C:\Program Files\<DIR> Microsoft ActiveSync

[02/19/2006|02:12] C:\Program Files\<DIR> microsoft frontpage

[02/19/2006|03:53] C:\Program Files\<DIR> Microsoft Office

[02/19/2006|03:54] C:\Program Files\<DIR> Microsoft.NET

[02/19/2006|02:24] C:\Program Files\<DIR> Movie Maker

[09/16/2008|12:47] C:\Program Files\<DIR> Mozilla Firefox

[02/01/2008|07:53] C:\Program Files\<DIR> MSBuild

[02/19/2006|02:05] C:\Program Files\<DIR> MSN Gaming Zone

[12/20/2007|03:38] C:\Program Files\<DIR> MSN Messenger

[08/07/2008|05:06] C:\Program Files\<DIR> MSXML 4.0

[02/01/2008|06:37] C:\Program Files\<DIR> MSXML 6.0

[02/19/2006|02:20] C:\Program Files\<DIR> NetMeeting

[08/27/2008|08:23] C:\Program Files\<DIR> NJStar Chinese WP

[03/11/2007|04:23] C:\Program Files\<DIR> On2 Technologies

[02/19/2006|02:08] C:\Program Files\<DIR> Online Services

[06/13/2007|07:12] C:\Program Files\<DIR> Outlook Express

[06/05/2006|02:35] C:\Program Files\<DIR> QuickTime

[08/21/2008|03:22] C:\Program Files\<DIR> Real

[02/01/2008|06:46] C:\Program Files\<DIR> Reference Assemblies

[01/08/2007|11:10] C:\Program Files\<DIR> Teamspeak2_RC2

[02/19/2006|01:17] C:\Program Files\<DIR> Uninstall Information

[03/26/2008|08:40] C:\Program Files\<DIR> VIA

[04/27/2008|11:34] C:\Program Files\<DIR> VIAudioi

[02/28/2007|04:30] C:\Program Files\<DIR> VirtuaNes

[12/20/2007|03:38] C:\Program Files\<DIR> Windows Live

[04/29/2008|08:06] C:\Program Files\<DIR> Windows Media Connect 2

[01/29/2007|03:38] C:\Program Files\<DIR> Windows Media Player

[07/18/2007|02:49] C:\Program Files\<DIR> Windows NT

[02/19/2006|03:25] C:\Program Files\<DIR> WindowsUpdate

[07/05/2006|10:23] C:\Program Files\<DIR> WinRAR

[02/19/2006|02:12] C:\Program Files\<DIR> xerox

[12/19/2007|05:26] C:\Program Files\<DIR> XP Codec Pack

[06/17/2007|12:22] C:\Program Files\<DIR> Xvid

[08/05/2008|02:57] C:\Program Files\<DIR> ZSnes

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[04/03/2008|08:47] C:\Program Files\Common Files\<DIR> Adobe

[01/22/2007|06:21] C:\Program Files\Common Files\<DIR> Adobe Systems Shared

[08/20/2008|05:17] C:\Program Files\Common Files\<DIR> DESIGNER

[08/20/2008|12:03] C:\Program Files\Common Files\<DIR> Hewlett-Packard

[08/20/2008|12:05] C:\Program Files\Common Files\<DIR> HP

[02/08/2008|12:33] C:\Program Files\Common Files\<DIR> INCA Shared

[08/05/2008|02:36] C:\Program Files\Common Files\<DIR> InstallShield

[11/16/2006|05:38] C:\Program Files\Common Files\<DIR> Java

[08/05/2008|02:35] C:\Program Files\Common Files\<DIR> Microsoft Shared

[02/19/2006|02:07] C:\Program Files\Common Files\<DIR> MSSoap

[02/19/2006|09:56] C:\Program Files\Common Files\<DIR> ODBC

[08/05/2008|02:30] C:\Program Files\Common Files\<DIR> Protexis

[08/21/2008|03:23] C:\Program Files\Common Files\<DIR> Real

[02/19/2006|02:07] C:\Program Files\Common Files\<DIR> Services

[02/19/2006|09:56] C:\Program Files\Common Files\<DIR> SpeechEngines

[04/29/2008|05:34] C:\Program Files\Common Files\<DIR> Symantec Shared

[06/13/2007|07:12] C:\Program Files\Common Files\<DIR> System

[01/22/2007|10:54] C:\Program Files\Common Files\<DIR> Vbox

[05/08/2008|04:21] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

[10/04/2007|08:05] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts MODIFICADO

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 12:59:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 6

--------------------\\ Procurando por outras infecções

Não foram encontradas outras infecções.

[F:2609][D:202]-> C:\DOCUME~1\Admin\LOCALS~1\Temp

[F:268][D:0]-> C:\DOCUME~1\Admin\Cookies

[F:1532][D:11]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 09/16/2008|13:04 - Option : [3]

--------------------\\ Verificação completa em 13:04:21

Log do Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 1:30:31 PM, on 9/16/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Seekmo /fleok=1D8A83A5C5E019769AA475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segui todas as instruções, rodei o Combofix e fiz um novo log do Hijack:

Log do Combofix:

ComboFix 08-09-16.05 - Admin 2008-09-18 13:32:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.236 [GMT -3:00]

Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Admin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Admin\Cookies\admin@adserver.filefront[1].txt

C:\WINDOWS\system32\AutoRun.inf

.

((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))

.

2008-09-16 12:53 . 2008-09-16 13:04 <DIR> d-------- C:\Lop SD

2008-09-15 21:43 . 2008-09-16 13:33 <DIR> d-------- C:\Hijack

2008-09-09 00:12 . 2008-09-09 15:55 <DIR> d-------- C:\Program Files\Corel

2008-09-07 17:07 . 2008-09-07 17:32 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp

2008-08-28 00:56 . 2008-08-28 00:56 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HP

2008-08-27 20:23 . 2008-08-27 20:23 <DIR> d-------- C:\Program Files\NJStar Chinese WP

2008-08-27 20:23 . 2008-08-27 20:23 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\NJStar

2008-08-26 19:30 . 2008-08-26 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-26 19:30 . 2008-08-26 19:30 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-24 00:58 . 2008-08-24 00:58 39,446 --a------ C:\WINDOWS\FontData.fdb

2008-08-23 18:55 . 2008-09-09 23:36 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

2008-08-23 18:55 . 2008-09-05 19:29 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\7ABCB34DFE.sys

2008-08-23 17:57 . 2008-08-23 17:57 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield

2008-08-21 15:22 . 2008-08-21 15:22 <DIR> d-------- C:\Program Files\Real

2008-08-21 15:16 . 2008-08-21 15:16 <DIR> d-------- C:\Program Files\Combined Community Codec Pack

2008-08-20 00:22 . 2008-08-20 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG

2008-08-20 00:19 . 2007-03-08 01:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-08-20 00:18 . 2008-08-20 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2008-08-20 00:18 . 2007-03-30 12:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll

2008-08-20 00:18 . 2007-03-08 01:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-08-20 00:17 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll

2008-08-20 00:17 . 2007-03-08 01:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-08-20 00:16 . 2007-03-17 03:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll

2008-08-20 00:16 . 2007-03-17 03:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll

2008-08-20 00:16 . 2007-03-08 01:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll

2008-08-20 00:16 . 2007-03-08 01:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll

2008-08-20 00:16 . 2007-03-17 03:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll

2008-08-20 00:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-20 00:13 . 2008-08-20 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

2008-08-20 00:12 . 2008-08-20 00:12 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HPAppData

2008-08-20 00:05 . 2008-08-20 00:05 <DIR> d-------- C:\Program Files\Common Files\HP

2008-08-20 00:05 . 2008-08-20 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-08-20 00:05 . 2008-08-20 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-08-20 00:04 . 2008-08-20 00:04 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-08-20 00:03 . 2008-08-20 00:03 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-08-20 00:01 . 2008-08-20 00:13 <DIR> d-------- C:\Program Files\HP

2008-08-20 00:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-20 00:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-08-20 00:00 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-20 00:00 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-19 23:59 . 2008-08-28 01:03 139,759 --a------ C:\WINDOWS\hpoins15.dat

2008-08-19 23:59 . 2007-09-20 17:05 1,039 --------- C:\WINDOWS\hpomdl15.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 21:15 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-25 16:19 --------- d-----w C:\Program Files\Gravity

2008-08-23 21:55 --------- d-----w C:\Documents and Settings\Admin\Application Data\Corel

2008-08-21 18:23 --------- d-----w C:\Program Files\Common Files\Real

2008-08-20 00:52 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-08-11 22:52 20 ----a-w C:\Documents and Settings\Admin\cps2.dll

2008-08-07 20:06 --------- d-----w C:\Program Files\MSXML 4.0

2008-08-05 17:57 --------- d-----w C:\Program Files\ZSnes

2008-08-05 17:44 --------- d-----w C:\Program Files\Avira

2008-08-05 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira

2008-08-05 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-08-05 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-05 17:30 --------- d-----w C:\Program Files\Common Files\Protexis

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 21:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-21 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-10 113664]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.VP31"= vp31vfw.dll

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-06-05 14:34 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"\\\\Metaandre\\Age\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"\\\\Metaandre\\War Craft III\\war3.exe"=

"\\\\Metaandre\\War Craft III\\Warcraft III.exe"=

"C:\\Program Files\\CyberScript32\\CyberScript.exe"=

"C:\\Documents and Settings\\Admin\\Desktop\\Unused Desktop Shortcuts\\utorrent-1.7-beta-1703.exe"=

R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ac024f0-7475-11dd-a769-00e07dcbf9f8}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b95565cb-6f92-11dd-a75d-00e07dcbf9f8}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AttuneClientEngine - C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

MSConfigStartUp-TkBellExe - C:\Program Files\Real Alternative\Update_OB\realsched.exe

MSConfigStartUp-vptray - C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

MSConfigStartUp-WhenUSave - C:\Program Files\Save\Save.exe

MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3njbxt1z.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE -

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 13:36:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-18 13:41:26

ComboFix-quarantined-files.txt 2008-09-18 16:40:42

Pre-Run: 583,192,576 bytes free

Post-Run: 2,362,482,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

199 --- E O F --- 2008-09-11 00:19:17

Log do Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 1:48:47 PM, on 9/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

Obrigado pela atenção, fico no aguardo de resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desactualizado.

Versões antigas e desactualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 7 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu PC, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u7-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTMoveIt2 by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique em OTMoveIt.exe
  • Clique no botão 8gehxg0.gif
  • o OTMoveIt irá agora fazer o download duma lista, caso a sua firewall ou outro programa defensivo o alerte disso, permita o acesso.
  • Receberá a pergunta para o processo de limpeza ser iniciado, clique Yes
  • Quando terminar, saia do OTMoveIt
  • Agora elimine o OTMoveIt.exe
  • Elmine também a pasta C:\_OTMoveIt

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Beleza, estou com a versão mais atualizada do Java e de outros programas que o Secunia apontou, desinstalei o Combofix e o OTMoveIt2 após utilizá-lo, já utilizo o Firefox 3 e a Toolbar do Google e por fim fiz download e instalei o SpywareBlaster e o MVPS Hosts.

Só fiquei com um pouco de dúvida/receio em relação ao IE/Spryad e o Firewall, o primeiro porque no site consta que o programa funciona apenas até a versão 6.0 SP1 do IE, sendo que eu tenho a versão 7, e o segundo porque não tenho nenhuma base/conhecimento sobre firewalls, procedimentos de instalação/desinstalação, se é necessário configurar algo para conseguir conectar normalmente as minhas atividades rotineiras da internet, se há problemas de conflito com antivírus, etc. sendo que já utilizo o Firewall do Windows, apesar de saber que ele se situa em um nível razoável em termos de eficiência. Ficaria muito grato se pudesse me dar um feedback em relação a isso, ou ao menos me indicar um local onde eu poderia encontrar ajuda mais específica sobre este assunto, se não for muito incômodo, é claro.

De qualquer forma, agradeço muito pela atenção e paciência que teve até agora, é notável a melhora que ocorreu em meu pc. Fico apenas no aguardo de resposta final ou de fechamento do tópico, se for o caso.

Editado por yautja

Compartilhar este post


Link para o post
Compartilhar em outros sites
e o segundo porque não tenho nenhuma base/conhecimento sobre firewalls, procedimentos de instalação/desinstalação, se é necessário configurar algo para conseguir conectar normalmente as minhas atividades rotineiras da internet, se há problemas de conflito com antivírus, etc. sendo que já utilizo o Firewall do Windows, apesar de saber que ele se situa em um nível razoável em termos de eficiência. Ficaria muito grato se pudesse me dar um feedback em relação a isso, ou ao menos me indicar um local onde eu poderia encontrar ajuda mais específica sobre este assunto, se não for muito incômodo, é claro.

Aqui encontra um bom tutorial em inglês:

http://www.bleepingcomputer.com/tutorials/tutorial60.html

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×