[Resolvido!]log do hijackthis

[deborajanaina 0]

Olá...

 

Acabei de me registrar nesse site pra ver se eu consigo entender o que se passa com o meu pc e gostaria, se possível de contar com a ajuda de vcs...

 

O meu AVG está acusando o arquivo C:\Windows\system32\kernel32.dll e o chamando-o de CHANGE.

 

Pesquisei o que seria isso e tenho algumas informações que seria um programa do windows que gerencia memória, acho! Bom, como já existe um tópico postato na qual uma pessoa esta com o mesmo problema descrito por mim, segui passo a passo a orientação dada nesse tópico, instalei o hijackthis e estou postando o log gerado para anállise de um dos moderadores!

 

Bom, desde já agradeço a colaboração!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:27:31, on 2/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?1482cd85ae7744438b7c95fe37375b0b

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?1482cd85ae7744438b7c95fe37375b0b

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...087/mcfscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\SiteAdvisor\6066\SAService.exe

[jgarcia 1]

Opa deborajanaina,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[deborajanaina 0]

OI JGARCIA...

 

ESTOU POSTANDO O LOG GERADO PELO COMBOFIX. DESDE JÁ AGRADEÇO A ATENÇÃO. :thumbsup:

 

 

 

 

 

 

ComboFix 07-08-04.3 - "win" 2007-08-06 15:13:46.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\win\DADOSD~1\FunWebProducts

 

 

((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

 

 

2007-08-06 15:04 1,408,582 --a------ C:\Arquivos de programas\ComboFix.exe

2007-08-06 14:55 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-05 10:35 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2007-08-04 12:53 99,328 --a------ C:\WINDOWS\system32\srusd.dll

2007-08-04 11:40 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll

2007-08-04 11:40 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys

2007-08-04 11:40 37,376 --a------ C:\WINDOWS\system32\kousd.dll

2007-08-04 11:12 <DIR> d-------- C:\WINDOWS\Profiles

2007-08-04 11:12 <DIR> d-------- C:\DOCUME~1\win\DADOSD~1\InterTrust

2007-08-04 09:43 <DIR> d-------- C:\DOCUME~1\win\DADOSD~1\Uniblue

2007-08-03 14:34 <DIR> d-------- C:\DOCUME~1\win\DADOSD~1\Motive

2007-08-02 21:24 <DIR> d-------- C:\Arquivos de programas\Motive

2007-08-01 13:32 <DIR> d-------- C:\WINDOWS\McAfee.com

2007-08-01 13:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\SiteAdvisor

2007-08-01 13:24 <DIR> d-------- C:\Arquivos de programas\SiteAdvisor

2007-08-01 13:23 <DIR> d-------- C:\DOCUME~1\win\DADOSD~1\SiteAdvisor

2007-08-01 13:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SiteAdvisor

2007-08-01 13:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

2007-07-30 20:37 <DIR> d-------- C:\Arquivos de programas\Assistente Tecnico Speedy

2007-07-29 20:27 <DIR> d-------- C:\WINDOWS\pss

2007-07-26 17:29 <DIR> d-------- C:\WINDOWS\Motive

2007-07-26 17:29 <DIR> d-------- C:\Arquivos de programas\Common Files

2007-07-26 17:26 947,472 --a------ C:\WINDOWS\system32\msjava.dll

2007-07-26 17:26 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll

2007-07-26 17:26 6,550 --a------ C:\WINDOWS\jautoexp.dat

2007-07-26 17:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2007-07-26 17:26 46,352 --a------ C:\WINDOWS\setdebug.exe

2007-07-26 17:26 404,752 --a------ C:\WINDOWS\system32\javart.dll

2007-07-26 17:26 313,856 --a------ C:\WINDOWS\system32\dx3j.dll

2007-07-26 17:26 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll

2007-07-26 17:26 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll

2007-07-26 17:26 187,152 --a------ C:\WINDOWS\system32\javacypt.dll

2007-07-26 17:26 172,304 --a------ C:\WINDOWS\system32\jview.exe

2007-07-26 17:26 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2007-07-26 17:26 171,280 --a------ C:\WINDOWS\system32\jit.dll

2007-07-26 17:26 154,384 --a------ C:\WINDOWS\system32\msawt.dll

2007-07-26 17:26 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe

2007-07-26 17:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2007-07-26 17:26 113 --a------ C:\WINDOWS\system32\zonedon.reg

2007-07-26 17:26 113 --a------ C:\WINDOWS\system32\zonedoff.reg

2007-07-17 11:32 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll

2007-07-17 11:32 <DIR> d-------- C:\Arquivos de programas\LGGSM

2007-07-17 11:29 22,760 -ra------ C:\WINDOWS\system32\drivers\usb2vcom.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-06 13:57 --------- d-------- C:\Arquivos de programas\Google

2007-08-04 13:01 --------- d-------- C:\DOCUME~1\win\DADOSD~1\Image Zone Express

2007-08-02 20:07 --------- d-------- C:\Arquivos de programas\LG Link

2007-07-27 20:58 --------- d-------- C:\Arquivos de programas\IncrediMail

2007-07-24 16:16 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-06-22 16:37 --------- d-------- C:\DOCUME~1\win\DADOSD~1\Jasc

2007-06-14 10:11 62358 --a------ C:\WINDOWS\system32\perfc016.dat

2007-06-14 10:11 416040 --a------ C:\WINDOWS\system32\perfh016.dat

2007-06-11 18:58 --------- d-------- C:\Arquivos de programas\Discador itelefonica

2007-05-16 12:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 12:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 12:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 12:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 12:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 12:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll

2004-03-11 13:27 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 19:54]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6066\SiteAdv.exe" [2007-02-26 15:41]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-08-02 21:24:24]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^win^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\win\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

C:\ARQUIV~1\Magentic\bin\Magentic.exe /c

 

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS

R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys

R3 Slntamr;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys

R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

S3 DCamUSBPremier;USB Video Camera;C:\WINDOWS\system32\Drivers\mpixvid.sys

S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys

S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys

S3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys

S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys

S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys

S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys

S3 usbbus;LGE CDMA Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

S3 UsbDiag;LGE CDMA USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgUsbDiag.sys

S3 USBModem;LGE CDMA USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73b09041-355e-11da-b911-806d6172696f}]

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-04 13:11:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

2007-08-04 13:11:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

2007-08-04 13:51:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job

2007-08-04 13:44:04 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

2007-08-06 17:51:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-06 15:15:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-06 15:16:07

 

--- E O F ---

[jgarcia 1]

Opa deborajanaina,

 

Submeta o arquivo abaixo ao site VirusTotal:

 

C:\WINDOWS\jautoexp.dat

 

Retorne com o resultado.

 

Abraços.

[deborajanaina 0]

OLÁ JGARCIA! SEGUI CONFORME SUA INSTRUÇÃO. SEGUE ABAIXO O RESULTADO OBTIDO! OBRIGADAArquivo jautoexp.dat recebido em 2007.08.06 22:48:35 (CET)Antivírus Versão Última Atualização Resultado AhnLab-V3 2007.8.3.0 2007.08.06 - AntiVir 7.4.0.57 2007.08.06 - Authentium 4.93.8 2007.08.03 - Avast 4.7.1029.0 2007.08.06 - AVG 7.5.0.476 2007.08.06 - BitDefender 7.2 2007.08.06 - CAT-QuickHeal 9.00 2007.08.06 - ClamAV 0.91 2007.08.06 - DrWeb 4.33 2007.08.06 - eSafe 7.0.15.0 2007.07.31 - eTrust-Vet 31.1.5037 2007.08.06 - Ewido 4.0 2007.08.06 - FileAdvisor 1 2007.08.06 - Fortinet 2.91.0.0 2007.08.06 - F-Prot 4.3.2.48 2007.08.03 - F-Secure 6.70.13030.0 2007.08.06 - Ikarus T3.1.1.8 2007.08.06 - Kaspersky 4.0.2.24 2007.08.06 - McAfee 5091 2007.08.06 - Microsoft 1.2704 2007.08.06 - NOD32v2 2439 2007.08.06 - Norman 5.80.02 2007.08.06 - Panda 9.0.0.4 2007.08.06 - Prevx1 V2 2007.08.06 - Rising 19.35.02.00 2007.08.06 - Sophos 4.19.0 2007.08.01 - Sunbelt 2.2.907.0 2007.08.04 - Symantec 10 2007.08.06 - TheHacker 6.1.7.162 2007.08.04 - VBA32 3.12.2.2 2007.08.04 - Webwasher-Gateway 6.0.1 2007.08.06 - Informações adicionais File size: 6550 bytes MD5: 9d8441d979af7e15af6331a0f41fbb89 SHA1: e68d12b3948be5ca49c19f73f0f5893e04613fb1

[jgarcia 1]

Opa deborajanaina,

 

Submeta o mesmo arquivo ao Scan da Jotti e retorne com o resultado.

 

Abraços.

[deborajanaina 0]

OK JGARCIA....AQUI ESTÁ O RESULTADO...OBRIGADA PELA PACIÊNCIA, OK... E POR FAVOR, NÃO DESISTE NÃO TÁ...RSRSRS ^_^ Service load: 0% 100% File: jautoexp.dat Status: OK MD5: 9d8441d979af7e15af6331a0f41fbb89 Packers detected: - Bit9 reports: No threat detected You searched forMD5: 9d8441d979af7e15af6331a0f41fbb89Your hash has been found in 157 Package(s).Click here to Login or Register to view more information.Scanner results Scan taken on 07 Aug 2007 14:53:53 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

[jgarcia 1]

Opa deborajanaina,

 

Execute o Panda Total Scan e retorne com o resultado.

 

Atenção: Você deverá marcar a caixa Full scan, que fica abaixo do botão Scan Now, antes de começar o scan (por padrão a caixa Quick scan estará marcada).

 

Abraços.

 

PS.: Você terá que se cadastrar, mas o processo é rápido e gratuito, portanto não se preocupe.

[deborajanaina 0]

OLÁ JGARCIA...ESTOU RETORNANDO COM O RESULTADO DO PANDA TOTAL SCAN... MAIS UMA VEZ, OBRIGADA!ANALYSIS: 2007-08-07 18:12:22PROTECTIONS: 1MALWARE: 14SUSPECTS: 0;*********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;=================================================================================================================================================================================AVG 7.5.476 7.5.476 Yes Yes;=================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;=================================================================================================================================================================================00112503 HackTool/Gendel.A SecRisk No 0 Yes No C:\WINDOWS\gendel32.exe00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@trafficmp[2].txt00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@2o7[1].txt00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@ig.com[1].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@overture[1].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@realmedia[1].txt00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@terra.com[1].txt00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@uol.com[2].txt00209833 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@acesso.uol.com[1].txt00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@cgi-bin[4].txt00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\win\Cookies\win@cgi-bin[3].txt00510383 Application/Ardamax HackTools No 0 Yes No C:\WINDOWS\system32\svchost.00700607588 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\svchost.00601262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\nircmd.exe;=================================================================================================================================================================================SUSPECTSLocation;=================================================================================================================================================================================;=================================================================================================================================================================================

[jgarcia 1]

Opa deborajanaina,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\gendel32.exe

C:\WINDOWS\system32\svchost.006

C:\WINDOWS\system32\svchost.007

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Panda Total Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[deborajanaina 0]

OLÁ JGARCIA...SEGUI TODOS OS PASSOS CONFORME SUA ORIENTAÇÃO! EXECUTEI O PANDA TOTAL SCAN E NÃO APARECEU MAIS NADA...

QUERO TE AGRADECER POR TER ATENDIDO MINHA SOLICITAÇÃO, SEMPRE DISPOSTO E MUITO COMPETENTE! MUITO OBRIGADA MESMO! :clap:

 

DEBORA JANAINA

[jgarcia 1]

Opa deborajanaina,

 

Fico feliz por saber que o problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.