[Arquivado]meu pc ta lento...reiniciando sozinho acho que to infectado

[flavio junior 0]

ai vai o log!!

 

Logfile of HijackThis v1.99.1

Scan saved at 17:51:13, on 7/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\rundll32.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

F:\DAP\DAP.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] f:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smcService] f:\ARQUIV~1\Sygate\SPF\Smc.exe -startgui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\FLAVIO-REIS\Desktop\utorrent.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.orkut.com

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_22.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.212/g_bin/eng/chess_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: MsgPlusLoader.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - f:\Arquivos de programas\Sygate\SPF\Smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa flavio junior,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Deldomains em:

Deldomains

 

Salve o deldomains.inf em seu desktop.

 

Execute o Deldomains dando um clique-direito no arquivo deldomains.inf e clicando em Instalar. Executar o arquivo diretamente não funciona.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_22.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://200.212.184.212/g_bin/eng/chess_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[flavio junior 0]

pronto fiz o que você pediu...

 

ai vai o novo log!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 19:55:55, on 8/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

F:\ARQUIV~1\Sygate\SPF\Smc.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Documents and Settings\FLAVIO-REIS\Desktop\utorrent.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\wscntfy.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] f:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smcService] f:\ARQUIV~1\Sygate\SPF\Smc.exe -startgui

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\FLAVIO-REIS\Desktop\utorrent.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: MsgPlusLoader.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - f:\Arquivos de programas\Sygate\SPF\Smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa flavio junior,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[flavio junior 0]

pronto acho que e iso ai...incident Status Location Adware:adware/savenow Not disinfected c:\arquivos de programas\VVSN Adware:adware/elitebar Not disinfected Windows Registry Adware:adware/alexa-toolbar Not disinfected Windows Registry Potentially unwanted tool:application/seekmo Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} Dialer:dialer.cn Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{511F9316-771B-4953-A268-1C36DA667FE9} Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\mooold.dll Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@adtech[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@adultfriendfinder[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@as-eu.falkag[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@atdmt[2].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@bfast[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@burstnet[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@cgi-bin[5].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@cs.sexcounter[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@de.uol.com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@fastclick[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@google.com[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@hitbox[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@ig.com[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@microsofteup.112.2o7[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@statcounter[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@terra.com[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@toplist[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@uol.com[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@xiti[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@yadro[2].txt Virus:Trj/Bancos.NT Disinfected C:\WINDOWS\Fonts\taskmgr.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Virus:Bck/Bifrose.ABA Disinfected C:\WINDOWS\system32\scvhost.exe Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe Hacktool:HackTool/Flood Not disinfected F:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\mooold.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\mooold.dll

[jgarcia 1]

Opa flavio junior,

 

Vamos lá.

 

1ª Etapa

 

Baixe o Ewido em:

Ewido

 

* Selecione "English" como idioma para a instalação;

* Clique em Next --> I Agree --> Next --> Next. Desmarque a caixa Install background guard e clique em Install e depois Finish;

* Na janela principal do Ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização;

* Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo;

* Pronto, mas não o execute ainda.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Execute uma verificação completa com o Ewido.

 

* Abra o Ewido e clique em Verificar --> Verificação Completa do Sistema;

* O Ewido detecta alguns programas legítimos, portanto não marque a caixa que diz Executar a ação em todas as infecções. Se o Ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

* Quando o Ewido terminar, feche-o.

 

3ª Etapa

 

Reinicie o computador em Modo Normal.

 

Execute o Active Scan novamente e retorne com o resultado.

 

Abraços.

[flavio junior 0]

pronto ai vai....Incident Status Location Adware:adware/elitebar Not disinfected Windows Registry Adware:adware/alexa-toolbar Not disinfected Windows Registry Dialer:dialer.cn Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{511F9316-771B-4953-A268-1C36DA667FE9} Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\mooold.dll Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@adultfriendfinder[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@belnk[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@cgi-bin[5].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@de.uol.com[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@dist.belnk[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@ig.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@terra.com[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@toplist[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@uol.com[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\FLAVIO-REIS\Cookies\flavio-reis@xiti[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe Hacktool:HackTool/Flood Not disinfected F:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\mooold.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\mooold.dll

[jgarcia 1]

Opa flavio junior,

 

Vamos lá.

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não o execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize o banco de dados, mas não o execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\moo.dll

C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins\mooold.dll

C:\WINDOWS\system32\swsc.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

1. Vá até Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

 

Delete a seguinte pasta:

 

{511F9316-771B-4953-A268-1C36DA667FE9}

 

Saia do Editor do Registro.

 

2. Localize e delete:

 

C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\The 7 Deadly Sins <- a pasta

 

3. Execute uma verificação completa com o SpySweeper.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[flavio junior 0]

pronto fiz tudo que você pediu!!!so que o active scan ainda detectou algumas coisas...Incident Status Location Adware:adware/alexa-toolbar Not disinfected Windows Registry Adware:adware/elitebar Not disinfected Windows Registry Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll( 1) Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll( 4) Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\mooold.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\mooold.dll( 3) Possible Virus. Not disinfected C:\!KillBox\swsc.exe Possible Virus. Not disinfected C:\!KillBox\swsc.exe( 2) Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Hacktool:HackTool/Flood Not disinfected F:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\mooold.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\moo.dll Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\mooold.dll

[flavio junior 0]

pronto fiz tudo que você pediu!!!

so que o active scan ainda detectou algumas coisas...

 

Incident Status Location

 

Adware:adware/alexa-toolbar Not disinfected Windows Registry

Adware:adware/elitebar Not disinfected Windows Registry

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll( 1)

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\moo.dll( 4)

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\mooold.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\!KillBox\mooold.dll( 3)

Possible Virus. Not disinfected C:\!KillBox\swsc.exe

Possible Virus. Not disinfected C:\!KillBox\swsc.exe( 2)

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Hacktool:HackTool/Flood Not disinfected F:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\moo.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\mooold.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\moo.dll

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected F:\The 7 Deadly Sins\mooold.dll

 

mais uma coisa...

quando tento instalar as atualizacoes do windows, media player, e algumas outras coisas o pc reinicia sozinho...

sera que iso tem haver com algum malware???

 

nao sei se precisa mais ai vai + um log HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:13:15, on 13/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

F:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] f:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] "f:\Arquivos" de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smcService] "f:\ARQUIV~1\Sygate\SPF\Smc.exe" -startgui

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\FLAVIO-REIS\Desktop\utorrent.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - f:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - F:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - F:\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tradu&zir - file://F:\Arquivos de programas\Kounen\TraduzWeb\2.0p\bin\tw.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: MsgPlusLoader.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - f:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - f:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - f:\Arquivos de programas\Sygate\SPF\Smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

[jgarcia 1]

Opa flavio junior,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\WINDOWS\system32\Process.exe

F:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll

F:\moo.dll

F:\mooold.dll

F:\The 7 Deadly Sins\moo.dll

F:\The 7 Deadly Sins\mooold.dll

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

1. Localize e delete:

 

F:\The 7 Deadly Sins <- a pasta

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Localize e delete o conteúdo da seguinte pasta C:\!KillBox.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.