[Arquivado] Log HijackThis para análise

[Alane 0]

meu pc pegou um vírus no msn q dexou-o lento e manda a seguinte msg p/ todos os meus contatos: mandei uma msg em homenagem a você www.mensagensvirtuais.front.ru

se puder explicar bem detalhadamente como resolver o problema seria ótimo, pois não tenho experiência com computadores. valeu.

Logfile of HijackThis v1.99.1

Scan saved at 22:22:48, on 30/7/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\srsmsn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\smics.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

C:\Arquivos de programas\Grisoft\AVG Free\avgwb.dat

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\hijack this\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Arquivos de programas\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Arquivos de programas\RXToolBar\sfcont.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"

O4 - HKLM\..\Run: [EPSON Stylus C63 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P33 "EPSON Stylus C63 Series (cópia 1)" /O6 "USB001" /M "Stylus C63"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [semanticInsight] C:\Arquivos de programas\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [srrcmsn] C:\WINDOWS\srsmsn.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /M "Stylus C63" /EF "HKCU"

O4 - HKCU\..\Run: [WinFixer2005] "C:\Arquivos de programas\WinFixer 2005\uwfx5.exe" /min

O4 - Global Startup: smics.exe

O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{282EB1C6-0155-4F82-9F37-FA93CBDD900B}: NameServer = 200.223.0.83 200.222.0.35

O17 - HKLM\System\CS1\Services\Tcpip\..\{282EB1C6-0155-4F82-9F37-FA93CBDD900B}: NameServer = 200.223.0.83 200.222.0.35

O17 - HKLM\System\CS2\Services\Tcpip\..\{282EB1C6-0155-4F82-9F37-FA93CBDD900B}: NameServer = 200.223.0.83 200.222.0.35

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Arquivos de programas\RXToolBar\sfcont.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Alane,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

 

--> Need2Find

--> RXToolBar

--> WinFixer 2005

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-los desinstalado.

 

OBS.: Caso não encontre algum(ns) do(s) programa(s) apenas passe para o próximo e/ou para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Arquivos de programas\Need2Find

C:\Arquivos de programas\RXToolBar

C:\Arquivos de programas\WinFixer 2005

C:\WINDOWS\srsmsn.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\smics.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Arquivos de programas\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Arquivos de programas\RXToolBar\sfcont.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)

O4 - HKLM\..\Run: [semanticInsight] C:\Arquivos de programas\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [srrcmsn] C:\WINDOWS\srsmsn.exe

O4 - HKCU\..\Run: [WinFixer2005] "C:\Arquivos de programas\WinFixer 2005\uwfx5.exe" /min

O4 - Global Startup: smics.exe

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Arquivos de programas\RXToolBar\sfcont.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[Alane 0]

Aí está. Espero que eu tenha feito tudo certinho.

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:00:35, on 3/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\hijack this\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &

http

://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &

http

://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"

O4 - HKLM\..\Run: [EPSON Stylus C63 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P33 "EPSON Stylus C63 Series (cópia 1)" /O6 "USB001" /M "Stylus C63"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /M "Stylus C63" /EF "HKCU"

O8 - Extra context menu item: &Search -

http

://kc.bar.need2find.com/KC/menusearch.html?p=KC

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&

http

://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http

://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http

://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http

://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http

://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[Alane 0]

detalhe: meu pc agora está desligando sozinho, de repente. será que tem alguma relação com esse vírus? obrigada.

[jgarcia 1]

Opa Alane,

 

Poste um novo log do HijackThis.

 

Abraços.

[Alane 0]

Logfile of HijackThis v1.99.1

Scan saved at 12:00:35, on 3/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\hijack this\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"

O4 - HKLM\..\Run: [EPSON Stylus C63 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P33 "EPSON Stylus C63 Series (cópia 1)" /O6 "USB001" /M "Stylus C63"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /M "Stylus C63" /EF "HKCU"

O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[jgarcia 1]

Opa Alane,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Alane 0]

OI, o Panda detectou isso:

Incident Status Location

 

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys

Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet

Adware:adware/instafinder Not disinfected c:\arquivos de programas\INSTAFINK

Potentially unwanted tool:application/need2find Not disinfected c:\arquivos de programas\Need2Find

Adware:adware/gator Not disinfected Windows Registry

Adware:adware/rxtoolbar Not disinfected Windows Registry

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinFixer 2005\FCrXML.dll

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinFixer 2005\uwappchk.dll

Adware:Adware/InstaFinder Not disinfected C:\Arquivos de programas\INSTAFINK\instafink.dll

Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\asmfiles.cab

Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\__unin__.exe

Incident Status Location

 

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinFixer 2005\FCrXML.dll

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Arquivos de programas\Arquivos comuns\WinFixer 2005\uwappchk.dll

Adware:Adware/InstaFinder Not disinfected C:\Arquivos de programas\INSTAFINK\instafink.dll

Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\asmfiles.cab

Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\p2psetup.exe

Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Alane\Configurações locais\Temp\__unin__.exe

Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Alane\Cookies\alane@0[2].txt

Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Alane\Cookies\alane@0[3].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Cookies\alane@2o7[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ad.yieldmanager[1].txt

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Alane\Cookies\alane@admotion.com[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alane\Cookies\alane@adopt.hbmediapro[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Alane\Cookies\alane@adrevolver[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Alane\Cookies\alane@adrevolver[3].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ads.addynamix[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ads.pointroll[1].txt

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alane\Cookies\alane@adtech[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alane\Cookies\alane@advertising[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Alane\Cookies\alane@apmebf[2].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Alane\Cookies\alane@as-eu.falkag[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Alane\Cookies\alane@as1.falkag[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alane\Cookies\alane@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alane\Cookies\alane@atwola[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alane\Cookies\alane@belnk[1].txt

Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\Alane\Cookies\alane@bestoffersnetworks[1].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Alane\Cookies\alane@bluestreak[2].txt

Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Alane\Cookies\alane@btg.btgrab[1].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alane\Cookies\alane@casalemedia[2].txt

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Alane\Cookies\alane@centrport[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Alane\Cookies\alane@cgi-bin[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Alane\Cookies\alane@cgi-bin[2].txt

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Alane\Cookies\alane@clickbank[1].txt

Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Alane\Cookies\alane@cliks[1].txt

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Alane\Cookies\alane@counter.hitslink[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@de.uol.com[2].txt

Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Alane\Cookies\alane@desktop.kazaa[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alane\Cookies\alane@dist.belnk[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@doubleclick[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@fastclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@google.com[2].txt

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@hc2.humanclick[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Alane\Cookies\alane@hitbox[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ig.com[1].txt

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Alane\Cookies\alane@landing.domainsponsor[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alane\Cookies\alane@mediaplex[1].txt

Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Alane\Cookies\alane@mp3search[1].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Alane\Cookies\alane@offeroptimizer[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Alane\Cookies\alane@perf.overture[1].txt

Spyware:Cookie/Match Not disinfected C:\Documents and Settings\Alane\Cookies\alane@promo.match[2].txt

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Alane\Cookies\alane@qksrv[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Alane\Cookies\alane@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Alane\Cookies\alane@realmedia[2].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Alane\Cookies\alane@revenue[1].txt

Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Alane\Cookies\alane@rn11[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alane\Cookies\alane@searchportal.information[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Alane\Cookies\alane@sel.as-eu.falkag[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alane\Cookies\alane@servedby.advertising[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alane\Cookies\alane@serving-sys[2].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alane\Cookies\alane@statcounter[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Alane\Cookies\alane@stats1.reliablestats[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@terra.com[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Alane\Cookies\alane@tradedoubler[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Alane\Cookies\alane@trafficmp[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alane\Cookies\alane@tribalfusion[1].txt

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Alane\Cookies\alane@tucows[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@uol.com[1].txt

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@valueclick[1].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Alane\Cookies\alane@winfixer[2].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Alane\Cookies\alane@z1.adserver[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alane\Cookies\alane@zedo[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.google.com.br/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.revenue.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.microsofteup.112.2o7.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.belnk.com/]

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.winfixer.com/]

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.errorsafe.com/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.valueclick.com/]

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.adopt.hbmediapro.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[admotion.com.ar/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/S147241]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[hc2.humanclick.com/]

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[hc2.humanclick.com/hc/86614178]

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[landing.domainsponsor.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/S119579]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/S147900]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/S119579]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[statse.webtrendslive.com/S147900]

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.ath.belnk.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.desktop.kazaa.com/]

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\Alane\Desktop\WinFixer2005ScannerInstall_br.exe

Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys

Adware:Adware/Cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll

Virus:Trj/Banker.DWP Disinfected C:\WINDOWS\temp977a.tmp

Virus:Trj/IMsend.A Disinfected C:\WINDOWS\temsnxx.tmp

E AGORA, O QUE DEVO FAZER?

OBRIGADA DESDE JÁ.

ALANE.

[jgarcia 1]

Opa Alane,

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize o banco de dados, mas não execute ainda.

 

Reinicie o computador em Modo Seguro.

 

Execute uma verificação completa com o SpySweeper.

 

Reinicie em Modo Normal.

 

Execute o Active Scan da Panda novamente e retorne com o resultado.

 

Aguardo retorno.

 

Um abraço.

[Alane 0]

OI José Carlos, não sei se fiz alguma coisa errada, acho que não, porém para executar o Spysweeper é necessário uma senha, enormepor sinal.O que devo fazer?Fiz algo errado?Desde já, agradeço.Alane.

[jgarcia 1]

Opa Alane,

 

Vamos lá.

 

Desinstale:

-> Altnet

-> INSTAFINK

-> Need2Find

-> WinFixer 2005

 

Utilize Adicionar / Remover programas.

 

Desinstale, uma a um, e reinicie após tê-lo feito.

 

Obs.: Caso não encontre algum dos programas acima citados na lista apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\WINDOWS\system32\cd_clint.dll

c:\windows\smdat32a.sys

C:\Documents and Settings\Alane\Configurações locais\Temp\asmfiles.cab

C:\Documents and Settings\Alane\Configurações locais\Temp\p2psetup.exe

C:\Documents and Settings\Alane\Configurações locais\Temp\__unin__.exe

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files;

 

4) Aperte em "X". Responda "não" à pergunta.

 

3ª Etapa

 

Reinicie em Modo Seguro.

 

Localize e delete:

c:\program files\Altnet <- a pasta

c:\arquivos de programas\INSTAFINK <- a pasta

c:\arquivos de programas\Need2Find <- a pasta

C:\Arquivos de programas\Arquivos comuns\WinFixer 2005 <- a pasta

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan da Panda novamente e veja se ainda detecta algo.

 

Um abraço.

[Alane 0]

O resultado foi esse, mesmo eu fazendo tudo certinho. É perseguição:Incident Status Location Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find Adware:adware/gator Not disinfected Windows Registry Adware:adware/rxtoolbar Not disinfected Windows Registry Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab( 3) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_clint.dll Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe( 2) Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe( 1) Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@google.com[1].txt Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\Alane\Desktop\WinFixer2005ScannerInstall_br.exe Incident Status Location Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab( 3) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_clint.dll Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe( 2) Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe( 1)

[jgarcia 1]

O resultado foi esse, mesmo eu fazendo tudo certinho. É perseguição.

Calma, vamos exterminar estas pestes.

 

Baixe o Ewido em:

Ewido

 

* Selecione "English" como idioma para a instalação;

* Clique em Next --> I Agree --> Next --> Next. Desmarque a caixa Install background guard e clique em Install e depois Finish;

* Na janela principal do Ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização;

* Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo;

* Pronto, mas não o execute ainda.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima estapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

Reinicie o computador em Modo Seguro.

 

Execute uma verificação completa com o Ewido.

 

* Abra o Ewido e clique em Verificar --> Verificação Completa do Sistema;

* O Ewido detecta alguns programas legítimos, portanto não marque a caixa que diz Executar a ação em todas as infecções. Se o Ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

* Quando o Ewido terminar, feche-o.

 

Vá até a pasta C:\!KillBox e delete o conteúdo.

 

Reinicie o computador em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan da Panda e retorne com o novo resultado.

 

Abraços.

[Alane 0]

Então...eu instalei esse ewido, mas tá tudo em inglês, as instruções.Não tem escrito atualização, verificação...Tem uma jenela com status, update etcE o update não pode fazer manualmente, tem dizendo que ele já foi feito automaticamente. Um coisa dessas.Será que fiz certo mesmo?Desde já agradeço.Alane LIra.

[jgarcia 1]

Opa Alane,

 

Qual foi o resultado do Active Scan da Panda?

[Alane 0]

Aí, está:Incident Status Location Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find Adware:adware/gator Not disinfected Windows Registry Adware:adware/rxtoolbar Not disinfected Windows Registry Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab( 3) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_clint.dll Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe( 2) Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe( 1) Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Cookies\alane@2o7[1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ads.addynamix[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alane\Cookies\alane@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@doubleclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@google.com[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Alane\Cookies\alane@questionmarket[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@uol.com[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.advertising.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.google.com.br/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.microsoftwga.112.2o7.net/] Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\Alane\Desktop\WinFixer2005ScannerInstall_br.exe Incident Status Location Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\asmfiles.cab( 3) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_clint.dll Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\!KillBox\p2psetup.exe( 2) Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\__unin__.exe( 1) Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Cookies\alane@2o7[1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Alane\Cookies\alane@ads.addynamix[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alane\Cookies\alane@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alane\Cookies\alane@doubleclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@google.com[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Alane\Cookies\alane@questionmarket[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Cookies\alane@uol.com[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.advertising.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.google.com.br/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alane\Dados de aplicativos\Mozilla\Firefox\Profiles\z0x3d4vg.default\cookies.txt[.microsoftwga.112.2o7.net/] Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\Alane\Desktop\WinFixer2005ScannerInstall_br.exe Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys Adware:Adware/Cydoor

[jgarcia 1]

Opa Alane,

 

Baixe o Ad-Aware SE Personal.

 

Reinicie em Modo Seguro.

 

Execute uma verificação completa com o Ad-Aware.

 

Delete o conteúdo da pasta C:\!KillBox.

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan da Panda mais uma vez e retorne com o resultado.

 

Abraços.

[Shine 0]

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada

para um moderador da área juntamente com o link para este tópico e explique

o motivo da reabertura.