[Resolvido!]Praga Digital

[pteixeira 0]

Antes de correr o vosso tutorial corri o Spybot Search & Destroy e resolveu algumas questões não todas, depois corri o vosso tutorial para remoção do SpySheriff e penso que terei conseguido desinfectar, mas acontece que quando reinicio e entro no windows aparece-me as seguintes mensagens de erros.

 

 

 

 

Mais uma coisa menos importante obviamente é que apos o restauro de todos os Reg. do Ambiente de Trabalho, tenho todas as palavras a BOLD.

 

Necessito de ajuda.

 

Obrigado

[jgarcia 1]

Caro pteixeira,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[pteixeira 0]

Logfile of HijackThis v1.99.1

Scan saved at 14:51:19, on 29-12-2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\ewido anti-malware\ewidoctrl.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [XoftSpy] C:\Programas\XoftSpy\XoftSpy.exe -s

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Pesquisa do Google - res://C:\Programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Links para esta página - res://C:\Programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Páginas semelhantes - res://C:\Programas\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...known&unknown&2

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131986751639

O17 - HKLM\System\CCS\Services\Tcpip\..\{FED98B09-F8F9-4514-AACE-6CDEC89FE365}: NameServer = 192.168.1.254

O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido anti-malware\ewidoguard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

 

Outro problema que penso que se resolverá com o KillBox é o que me está acontecer no IE caso eu defina a Homepahe em Branco.

 

[jgarcia 1]

Caro pteixeira,

 

Execute o Active Scan da Panda.

 

Retorne com o resultado.

 

Abraços.

[pteixeira 0]

OK. Cá estão eles os resultados NADA ANIMADORES

 

PANDA ACTIVESCAN

 

Incident Status Location

 

Adware:Adware/Miamore Not desinfected C:\WINDOWS\system32\browsela.dll

Virus:W32/Smitfraud.D Disinfected Operating system

Dialer:dialer.bew Not desinfected C:\WINDOWS\SYSTEM32\search.html

Adware:adware/beehappyy Not desinfected C:\WINDOWS\SYSTEM32\z11.exe

Adware:adware/spysheriff Not desinfected Windows Registry

Adware:adware/secure32 Not desinfected C:\WINDOWS\system32\drivers\etc\hosts

Adware:adware/startpage.ahk Not desinfected Windows Registry

Virus:W32/Sober.AH.worm Disinfected C:\Documents and Settings\pedro_teixeira\Application Data\Thunderbird\Profiles\ja41nbm6.default\Mail\Local Folders\Inbox.sbd\Inbox[File-packed_dataInfo.exe]

Virus:W32/Sober.AH.worm Disinfected C:\Documents and Settings\pedro_teixeira\Application Data\Thunderbird\Profiles\ja41nbm6.default\Mail\Local Folders\Inbox.sbd\Junk[File-packed_dataInfo.exe]

Possible Virus. Not desinfected C:\Documents and Settings\pedro_teixeira\cdegfr

Virus:W32/Locksky.X.worm Disinfected C:\WINDOWS\sachostx.exe

Adware:Adware/Miamore Not desinfected C:\WINDOWS\system32\browsela.dll

Virus:W32/Locksky.X.worm Disinfected C:\WINDOWS\system32\sachostc.exe

Virus:W32/Locksky.X.worm Disinfected C:\WINDOWS\system32\sachostp.exe

Virus:W32/Locksky.X.worm Disinfected C:\WINDOWS\system32\sachosts.exe

Virus:W32/Locksky.X.worm Disinfected C:\WINDOWS\system32\sachostw.exe

Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\system32\wininet.dll

Virus:Bck/Galapoper.IA Disinfected C:\WINDOWS\system32\z15.exe

Adware:Adware/WinHound Not desinfected C:\_boot.inx

 

 

Após isso corri o Spybot - Search & Destroy e aqui estão os resultados

 

Error during check!: Smitfraud-C. (Zugriffsverletzung bei Adresse 005F72F9 in Modul 'SpybotSD.exe'. Lesen von Adresse 00000000) ()

 

 

CoolWWWSearch.WCADW: IE start page (Registry change, nothing done)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=about:blank

 

Smitfraud-C.: Autorun settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-547634345-799943636-44581945-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows installer

 

Smitfraud-C.: Settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-547634345-799943636-44581945-1017\WindowsSubVersion

 

 

--- Spybot - Search && Destroy version: 1.3 ---

2005-12-23 Includes\Cookies.sbi

2005-12-23 Includes\Dialer.sbi

2005-12-23 Includes\Hijackers.sbi

2005-12-23 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2005-12-23 Includes\Malware.sbi

2005-12-23 Includes\PUPS.sbi

2005-12-23 Includes\Revision.sbi

2005-12-23 Includes\Security.sbi

2005-12-23 Includes\Spybots.sbi

2005-02-17 Includes\Tracks.uti

2005-12-23 Includes\Trojans.sbi

 

No fim corri o Ad-Aware SE Professional mas não resolveu nada mais do que uns cookies.

[pteixeira 0]

P.f. ajudem-me.

[jgarcia 1]

Caro pteixeira,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINDOWS\system32\browsela.dll - Aperte X. Responda “não” à pergunta.

 

Repita a operação para:

C:\WINDOWS\SYSTEM32\search.html

C:\WINDOWS\SYSTEM32\z11.exe

C:\_boot.inx

Caso o Killbox acuse a não existência de algum arquivo/pasta, apenas passe para o próximo.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute uma verificação completa com o SpySweeper.

 

4ª Etapa

 

Reinicie em modo normal.

 

Execute o Scan Online da TrendMicro (selecione a opção Autoclean).

 

Poste o resultado e o novo log do HijackThis.

 

Um abraço.

[pteixeira 0]

Ok resultado do Spy Sweeper

********

11:48: | Start of Session, terça-feira, 3 de Janeiro de 2006 |

11:48: Spy Sweeper started

11:48: Sweep initiated using definitions version 594

11:48: Starting Memory Sweep

11:51: Memory Sweep Complete, Elapsed Time: 00:02:09

11:51: Starting Registry Sweep

11:51: Found Trojan Horse: trojan-downloader-2pursuit

11:51: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)

11:51: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)

11:51: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)

11:51: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ (10 subtraces) (ID = 1094567)

11:51: Registry Sweep Complete, Elapsed Time:00:00:24

11:51: Starting Cookie Sweep

11:51: Cookie Sweep Complete, Elapsed Time: 00:00:00

11:51: Starting File Sweep

12:00: File Sweep Complete, Elapsed Time: 00:08:56

12:00: Full Sweep has completed. Elapsed time 00:11:39

12:00: Traces Found: 24

12:01: Removal process initiated

12:01: Quarantining All Traces: trojan-downloader-2pursuit

12:01: Removal process completed. Elapsed time 00:00:01

********

11:32: | Start of Session, terça-feira, 3 de Janeiro de 2006 |

11:32: Spy Sweeper started

11:32: Sweep initiated using definitions version 594

11:32: Found Trojan Horse: trojan-downloader-2pursuit

11:32: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\inprocserver32\ (2 subtraces) (ID = 1098696)

11:32: browsela.dll (ID = 1098696)

11:32: Starting Memory Sweep

11:34: Memory Sweep Complete, Elapsed Time: 00:02:09

11:34: Starting Registry Sweep

11:34: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)

11:34: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)

11:34: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)

11:34: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ (10 subtraces) (ID = 1094567)

11:34: HKCR\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098652)

11:34: HKLM\software\classes\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098686)

11:34: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (ID = 1098692)

11:34: HKU\WRSS_Profile_S-1-5-21-547634345-799943636-44581945-1017\software\microsoft\gsgs\ (132 subtraces) (ID = 1032011)

11:34: Registry Sweep Complete, Elapsed Time:00:00:21

11:34: Starting Cookie Sweep

11:34: Found Spy Cookie: findwhat cookie

11:34: pedro_teixeira@findwhat[1].txt (ID = 2674)

11:34: Cookie Sweep Complete, Elapsed Time: 00:00:04

11:34: Starting File Sweep

11:43: File Sweep Complete, Elapsed Time: 00:08:30

11:43: Full Sweep has completed. Elapsed time 00:11:11

11:43: Traces Found: 175

11:43: Removal process initiated

11:43: Quarantining All Traces: trojan-downloader-2pursuit

11:43: trojan-downloader-2pursuit is in use. It will be removed on reboot.

11:43: browsela.dll is in use. It will be removed on reboot.

11:43: Quarantining All Traces: findwhat cookie

11:43: Removal process completed. Elapsed time 00:00:25

11:44: Deletion from quarantine initiated

11:44: Processing: findwhat cookie

11:44: Processing: trojan-downloader-2pursuit

11:44: Deletion from quarantine completed. Elapsed time 00:00:00

11:48: Processing Startup Alerts

11:48: Removed Startup entry: SpybotSD TeaTimer

11:48: Processing Startup Alerts

11:48: Allowed Startup entry: a-squared

11:48: | End of Session, terça-feira, 3 de Janeiro de 2006

 

Depois corri o TrendMicro é uma maravilha detetou os Malwares e Eliminou-os

 

Agora aqui está o resultado do Log HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 15:16:14, on 03-01-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Mozilla Thunderbird\thunderbird.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [XoftSpy] C:\Programas\XoftSpy\XoftSpy.exe -s

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...known&unknown&2

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131986751639

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FED98B09-F8F9-4514-AACE-6CDEC89FE365}: NameServer = 192.168.1.254

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

[jgarcia 1]

Caro pteixeira,

 

Baixe o CWShredder.

 

Reinicie em Modo Seguro.

 

Execute-o.

 

Abra o HijackThis --> Do a System Scan Only --> marque a entrada abaixo --> Fix Checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

Reinicie em Modo Normal.

 

Poste o novo log.

 

Abraços.

[pteixeira 0]

E eu a pensar que já me tinha livrado desta praga.

 

Cá vai o log amigo.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:34:31, on 04-01-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [XoftSpy] C:\Programas\XoftSpy\XoftSpy.exe -s

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [a-squared] "C:\Programas\a-squared\a2guard.exe"

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...known&unknown&2

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131986751639

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FED98B09-F8F9-4514-AACE-6CDEC89FE365}: NameServer = 192.168.1.254

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

 

JGarcia agradeço todo o esforço, foste incansável.

Obrigado

[jgarcia 1]

Caro pteixeira,

 

Repita a operação do meu post anterior com a máquina em Modo Normal.

 

Abraços.

[pteixeira 0]

Oi corri o CWShredder sem problemas

 

Mas com o HijackThis não encontrei a seguinte linha

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

 

Aqui está o Log.

 

Logfile of HijackThis v1.99.1

Scan saved at 17:32:22, on 05-01-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\Skype\Phone\Skype.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [XoftSpy] C:\Programas\XoftSpy\XoftSpy.exe -s

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...known&unknown&2

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131986751639

O17 - HKLM\System\CCS\Services\Tcpip\..\{FED98B09-F8F9-4514-AACE-6CDEC89FE365}: NameServer = 192.168.1.254

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Abraços.

[jgarcia 1]

Caro pteixeira,

 

Agora sim!!! O seu log está LIMPO!!! :joia:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui e saiba como.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.