[Arquivado] analisar LOG

[Telmo Petelinkar 0]

Ai pessoal alguem poderia me ajudar, fui buscar um craker acabei sendo fisgado pelo malware SPYSHERIFF, nao consigo remove-lo, alguem poderia me ajudar??

ai vai meu log

 

===============================

 

Logfile of HijackThis v1.99.1

Scan saved at 11:06:14, on 4/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Program Files\SpySheriff\SpySheriff.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022206 serial=dr12wel-6341663-nkm lang=BP

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [sysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_18.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF897D1-D297-4AB8-9EBA-457690636021}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

 

=====================================

+++++++++++++++++++++++++++++++++++++

=====================================

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Thursday, May 04, 2006 1:02:45 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 4/05/2006

Kaspersky Anti-Virus database records: 180090

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

 

Scan Statistics:

Total number of scanned objects: 52546

Number of viruses found: 13

Number of infected objects: 29

Number of suspicious objects: 0

Duration of the scan process: 01:35:58

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Documentos\install.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe/bpkwb.dll Infected: Trojan-Spy.Win32.Perfloger.i skipped

C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.ab skipped

C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe RAR: infected - 2 skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP121\A0021988.exe Infected: Trojan-Proxy.Win32.Horst.aj skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP122\A0022158.exe Infected: Trojan-Proxy.Win32.Horst.aj skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP122\A0022211.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP130\A0023018.exe Infected: Trojan.Win32.IntraSpyServer skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP130\A0023019.dll Infected: Trojan.Win32.IntraSpyServer skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP130\A0023024.dll Infected: Trojan.Win32.IntraSpyServer skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP130\A0023025.exe Infected: Trojan.Win32.IntraSpyServer skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP133\A0023232.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP133\A0023255.exe Infected: Trojan-Proxy.Win32.Horst.av skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023434.dll Infected: Rootkit.Win32.Agent.bk skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023435.exe Infected: Email-Worm.Win32.Locksky.an skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023441.dll Infected: Rootkit.Win32.Agent.bk skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023442.exe Infected: Email-Worm.Win32.Locksky.an skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023457.dll Infected: Rootkit.Win32.Agent.bk skipped

C:\System Volume Information\_restore{3E670B2F-DE19-4FB7-867C-C48E44777833}\RP138\A0023458.exe Infected: Email-Worm.Win32.Locksky.an skipped

C:\WINDOWS\loadclean.exe Infected: Trojan-Downloader.Win32.Delf.aeu skipped

C:\WINDOWS\system32\comdlg64.dll Infected: Rootkit.Win32.Agent.bk skipped

C:\WINDOWS\system32\sysvx.exe Infected: Email-Worm.Win32.Locksky.an skipped

C:\WINDOWS\system32\z11.exe Infected: not-virus:Hoax.Win32.Renos.bn skipped

C:\WINDOWS\system32\z12.exe Infected: Trojan-Downloader.Win32.Small.awa skipped

C:\WINDOWS\system32\z14.exe Infected: Trojan-Downloader.Win32.Small.cph skipped

C:\WINDOWS\system32\z15.exe Infected: Trojan-Downloader.Win32.Small.ciw skipped

C:\WINDOWS\system32\z16.exe Infected: Trojan-Downloader.Win32.CWS.k skipped

C:\WINDOWS\sysvx_.exe Infected: Trojan-Downloader.Win32.Small.cph skipped

C:\winstall.exe Infected: not-virus:Hoax.Win32.Renos.bn skipped

 

Scan process completed.

 

Agradeço desde ja !!

[jgarcia 1]

Opa Telmo Petelinkar,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix --> Opção 2;

 

6. Responda sim (oui) à pergunta sobre a limpeza no registro;

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Aguardo retorno.

 

Abraços.

[Telmo Petelinkar 0]

Obrigado amigo, ai vai o Logo feito com pediu em modo de segurança com o Smitfraudfix

e o Log do hijack em modo normal

 

============================

============================

Logfile of HijackThis v1.99.1

Scan saved at 01:23:54, on 5/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022206 serial=dr12wel-6341663-nkm lang=BP

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [sysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_18.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF897D1-D297-4AB8-9EBA-457690636021}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

 

====================

++++++++++++++++++++

====================

 

SmitFraudFix v2.39

 

Scan done at 1:15:22,97, --- 05/05/2006

Run from C:\Documents and Settings\Cliente Preferencial\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\winstall.exe Deleted

C:\WINDOWS\sysvx_.exe Deleted

C:\WINDOWS\system32\comdlg64.dll Deleted

C:\WINDOWS\system32\sysvx.exe Deleted

C:\WINDOWS\system32\z11.exe Deleted

C:\WINDOWS\system32\z12.exe Deleted

C:\WINDOWS\system32\z13.exe Deleted

C:\WINDOWS\system32\z14.exe Deleted

C:\WINDOWS\system32\z15.exe Deleted

C:\WINDOWS\system32\z16.exe Deleted

C:\DOCUME~1\CLIENT~1\MENUIN~1\PROGRA~1\SpySheriff Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[jgarcia 1]

Opa Telmo Petelinkar,

 

Aparentemente o seu log está limpo, porém sugiro que você execute o Active Scan da Panda.

 

Retorne com o resultado.

 

Abraços.

[Telmo Petelinkar 0]

Opa Telmo Petelinkar,

 

Aparentemente o seu log está limpo, porém sugiro que você execute o Active Scan da Panda.

 

Retorne com o resultado.

 

Abraços.

 

 

Ola Amigo Garcia

Segui ai o Scan do Active Scan Panda

 

+===========================+

----------------------------------------------------

 

 

Incidência Estado Localização

 

Adware:adware/beehappyy Não desinfectado c:\windows\loadclean.exe

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@2o7[2].txt

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@ad.yieldmanager[1].txt

Spyware:Cookie/Admotion Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@admotion.com[2].txt

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@ads.pointroll[1].txt

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@adtech[2].txt

Spyware:Cookie/adultfriendfinder Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@adultfriendfinder[2].txt

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@advertising[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@atdmt[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@bannerlandia.com[1].txt

Spyware:Cookie/Belnk Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@belnk[1].txt

Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@bravenet[2].txt

Spyware:Cookie/Enhance Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@c.enhance[2].txt

Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@c5.zedo[1].txt

Spyware:Cookie/Casalemedia Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@casalemedia[1].txt

Spyware:Cookie/Cgi-bin Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@cgi-bin[7].txt

Spyware:Cookie/Hitslink Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter.hitslink[2].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter13.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter15.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter16.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter2.sextracker[2].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter4.sextracker[2].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter6.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter7.sextracker[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@counter9.sextracker[1].txt

Spyware:Cookie/cs.sexcounter Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@cs.sexcounter[2].txt

Spyware:Cookie/Coremetrics Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@data.coremetrics[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@de.uol.com[1].txt

Spyware:Cookie/Belnk Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@dist.belnk[2].txt

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@doubleclick[1].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@fastclick[1].txt

Spyware:Cookie/FortuneCity Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@fortunecity[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@google.com[1].txt

Spyware:Cookie/Humanclick Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@hc2.humanclick[2].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@hitbox[2].txt

Spyware:Cookie/HotLog Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@hotlog[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@ig.com[2].txt

Spyware:Cookie/MediaTickets Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@kinghost[1].txt

Spyware:Cookie/Maxserving Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@maxserving[1].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@media.fastclick[1].txt

Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@mediaplex[1].txt

Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@overture[1].txt

Spyware:Cookie/PayCounter Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@paycounter[2].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@phg.hitbox[1].txt

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@questionmarket[1].txt

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@realmedia[1].txt

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@revenue[2].txt

Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@searchportal.information[2].txt

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@servedby.advertising[2].txt

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@server.iad.liveperson[1].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@serving-sys[2].txt

Spyware:Cookie/SexList Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@sexlist[1].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@sextracker[1].txt

Spyware:Cookie/SpyLog Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@spylog[2].txt

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@statcounter[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@terra.com[2].txt

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@tribalfusion[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@uol.com[2].txt

Spyware:Cookie/WebPower Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@webpower[1].txt

Spyware:Cookie/XXXCounter Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@xxxcounter[2].txt

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@yadro[1].txt

Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\Cliente Preferencial\Cookies\cliente preferencial@zedo[1].txt

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\Cliente Preferencial\Desktop\SmitfraudFix\Process.exe

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\Documents and Settings\Cliente Preferencial\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpk.exe]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpkun.exe]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpkvw.exe]

Ferramenta potencialmente indesejada:Application/PerfectKeylog.B Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpkhk.dll]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpki.dll]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpkwb.dll]

Ferramenta potencialmente indesejada:Application/PerfectKeylog.D Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpk.chm]

Ferramenta potencialmente indesejada:Application/PerfectKeyLog.A Não desinfectado C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe[bpkr.exe]

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur000.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur001.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur002.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\heur003.dll

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\SpySheriff.exe

Adware:Adware/SpySheriff Não desinfectado C:\Program Files\SpySheriff\Uninstall.exe

Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\WINDOWS\system32\Process.exe

Ferramenta potencialmente indesejada:Application/Restart Não desinfectado C:\WINDOWS\system32\Tools\Restart.exe

[jgarcia 1]

Opa Telmo Petelinkar,

 

Vamos lá.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\Tools\Restart.exe

c:\windows\loadclean.exe

C:\Documents and Settings\Cliente Preferencial\Meus documentos\programas\i_bpk_portuguese.exe

C:\Program Files\SpySheriff

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files;

 

4) Aperte em "X". Responda "não" à pergunta.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan da Panda novamente e veja se ainda detecta algo.

 

Um abraço.

[Shine 0]

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada

para um moderador da área juntamente com o link para este tópico e explique

o motivo da reabertura.