1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

[Ajuda] PC Spywares!

Discussão em 'Dúvidas e Suporte Técnico PC' iniciada por Super_Tech, 26 de Fevereiro de 2007. (Respostas: 5; Visualizações: 732)

  1. Super_Tech

    Super_Tech Power Member

    Bem pessoal, tenho aqui um PC cheio de spywares entre os quais o virusburst fakelalert, malware wiped, etc.

    Tenho aqui um log do Hijakthis, se alguem me puder ajudar agradeço :)

    Logfile of HijackThis v1.99.1
    Scan saved at 13:35:22, on 26-02-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\C\System32\smss.exe
    C:\C\system32\csrss.exe
    C:\C\system32\winlogon.exe
    C:\C\system32\services.exe
    C:\C\system32\lsass.exe
    C:\C\system32\svchost.exe
    C:\C\system32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\system32\spoolsv.exe
    C:\C\Explorer.EXE
    C:\Programas\Video Access ActiveX Object\isamntr.exe
    C:\Programas\Video Access ActiveX Object\pmsnrr.exe
    C:\C\system32\CTHELPER.EXE
    C:\Programas\Video Access ActiveX Object\pmmnt.exe
    C:\Program Files\Huawei\MT882\dslagent.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programas\QuickTime\qttask.exe
    C:\Programas\Video Access ActiveX Object\isamini.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\C\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Programas\HP\hpcoretech\hpcmpmgr.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\C\system32\hphmon05.exe
    C:\Programas\Java\jre1.5.0_09\bin\jusched.exe
    C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\C\system32\ctfmon.exe
    C:\C\System32\cisvc.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\C\System32\CTsvcCDA.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\C\System32\snmp.exe
    C:\C\System32\svchost.exe
    C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\C\system32\wdfmgr.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\C\System32\MsPMSPSv.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\C\system32\HPZipm12.exe
    C:\C\System32\alg.exe
    C:\Programas\Webroot\Spy Sweeper\SSU.EXE
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\C\system32\cidaemon.exe
    C:\Documents and Settings\SOFIA\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programas\Video Access ActiveX Object\isadd.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programas\Video Access ActiveX Object\iesplugin.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\C\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\C\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\Huawei\MT882\dslagent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Programas\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\C\system32\hphmon05.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\C\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6251FA8F-4400-49F0-B63E-70BAEC350B0D}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81A42A92-F8B6-462E-9A0D-093CFD507682}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6251FA8F-4400-49F0-B63E-70BAEC350B0D}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\C\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - C:\C\system32\jbtazy.dll (file missing)
    O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\C\System32\CTsvcCDA.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    Fiz isto sem estar em safe mode. Tento outra vez em safe mode?
     
  2. luikki

    luikki Power Member

    posta a file, aqui, faz analyse, e apaga as linhas que estiverem marcadas com um x vermelho.
    depois, desactiva o restauro de sistema , corre o spybot e limpa o que ainda houver.
    reinicia, volta a correr o hijackthis, volta a postar nova file e vê se está resolvido.
    faz também uma limpeza (ao registo) com o ccleaner e com o mv regclean.
     
  3. OdracirPT

    OdracirPT Power Member

    Apaga uma destas linhas:

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\C\system32\ctfmon.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\C\system32\hphmon05.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\C\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [UpdReg] C:\C\UpdReg.EXE

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000

    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/W...gPublisher.exe

    NOTA: Parece que o C:\C\System32 é a pasta do vírus com os executáveis malignos. É melhor apagares a pasta ou passares com um antivirus para ver se isso são ficheiros originais ou ficheiros criados pelo vírus.

    Abraços
     
  4. Super_Tech

    Super_Tech Power Member

    Obrigado pela help que estão a dar pessoal!
    Este é o novo log depois do que o luikki disse pra fazer :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:33:10, on 26-02-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\C\System32\smss.exe
    C:\C\system32\csrss.exe
    C:\C\system32\winlogon.exe
    C:\C\system32\services.exe
    C:\C\system32\lsass.exe
    C:\C\system32\svchost.exe
    C:\C\system32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\System32\svchost.exe
    C:\C\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\C\System32\cisvc.exe
    C:\C\System32\CTsvcCDA.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\C\System32\snmp.exe
    C:\C\System32\svchost.exe
    C:\C\system32\wdfmgr.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
    C:\C\System32\MsPMSPSv.exe
    C:\C\System32\alg.exe
    C:\C\Explorer.EXE
    C:\Programas\Video Access ActiveX Object\isamntr.exe
    C:\Programas\Video Access ActiveX Object\pmsnrr.exe
    C:\C\system32\CTHELPER.EXE
    C:\Programas\Video Access ActiveX Object\pmmnt.exe
    C:\Program Files\Huawei\MT882\dslagent.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programas\Video Access ActiveX Object\isamini.exe
    C:\Programas\QuickTime\qttask.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\C\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Programas\HP\hpcoretech\hpcmpmgr.exe
    C:\C\system32\hphmon05.exe
    C:\Programas\Java\jre1.5.0_09\bin\jusched.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\C\system32\ctfmon.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\C\system32\HPZipm12.exe
    C:\C\System32\wbem\wmiprvse.exe
    C:\Programas\Webroot\Spy Sweeper\SSU.EXE
    C:\C\system32\wuauclt.exe
    C:\Documents and Settings\SOFIA\Ambiente de trabalho\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programas\Video Access ActiveX Object\isadd.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\C\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\C\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\Huawei\MT882\dslagent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Programas\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\C\system32\hphmon05.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\C\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6251FA8F-4400-49F0-B63E-70BAEC350B0D}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81A42A92-F8B6-462E-9A0D-093CFD507682}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6251FA8F-4400-49F0-B63E-70BAEC350B0D}: NameServer = 85.255.115.3,85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.3 85.255.112.10
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\C\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - C:\C\system32\jbtazy.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\C\System32\CTsvcCDA.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    Agora vou ver se faço o scan a essa pasta methanex :)

    Não aparece nenhum virus nem spyware no system32, isto não tá facil.
     
    Última edição: 26 de Fevereiro de 2007
  5. luikki

    luikki Power Member

    isso continua todo infectado.....
    volta a postar esta última logfile no site que te indiquei e APAGA as linhas marcadas com X vermelho!
    não esqueças que deves ter o restauro de sistema desactivado....
    e é conveniente que durante o processo de limpeza estejas desligado da net....
     

Partilhar esta Página