1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Socorro - Problema com Spyware

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por firestorm, 21 de Junho de 2006. (Respostas: 3; Visualizações: 789)

  1. firestorm

    firestorm Power Member

    Boas ppl.

    Tenho um amigo que o pc está sempre a abrir sites de sexo e casino etc etc, logo tem um malware qq.

    Ja o mandei instalar o spysweeper, detectou mta coisa, mas continua a contecer.

    aki posto o log para me ajudarem a ajudar o moço.

    tks
    Logfile of HijackThis v1.99.1
    Scan saved at 23:00:13, on 21-06-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Programas\Norton AntiVirus\navapsvc.exe
    C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Programas\Ficheiros comuns\InterVideo\SchSvr\SchSvr.exe
    C:\Programas\InterVideo\Common\Bin\WinRemote.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Programas\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\Programas\MessengerPlus! 3\MsgPlus.exe
    C:\Programas\QuickTime\qttask.exe
    C:\Programas\D-Tools\daemon.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\Programas\Windows Defender\MSASCui.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Programas\Creative\MediaSource\Detector\CTDetect.exe
    C:\Programas\Porto Editora Multimedia\Diciopedia 2005 CD\TaskIconD2005_CD.exe
    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\z0\itips\My paste\dn\Atalhos\SoF2mp_min.exe
    C:\WINDOWS\explorer.exe
    C:\Programas\z0\itips\My paste\dn\Atalhos\SoF2mp_min.exe
    C:\Programas\Soldier Of Fortune 2 - Double Helix\sof2mp.exe
    C:\Programas\z0\itips\My paste\dn\Programas & Installes\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clix.pt/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
    O3 - Toolbar: Ver HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programas\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: GeoSapoBar - {41C098D1-A36B-11d4-9F8C-00E07D02355A} - C:\PROGRA~1\Imersiva\GEOSAP~1\GEOSAP~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programas\Ficheiros comuns\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] C:\Programas\InterVideo\Common\Bin\WinRemote.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Diciopédia 2005 CD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia 2005 CD\TaskIconD2005_CD.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/MsnChat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B21E71A-8FC1-4821-A610-5A2B2EAC4DA4}: NameServer = 195.23.129.126,194.79.69.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53A9D140-9888-4F3F-8E8E-AA3AE996F9A7}: NameServer = 195.23.129.126,194.79.69.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98910227-B36E-432E-9631-0715090EF0D2}: NameServer = 195.23.129.126,194.79.69.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3DC8FBD-C932-4464-AE91-460F4CD0A884}: NameServer = 195.23.129.126,194.79.69.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B21E71A-8FC1-4821-A610-5A2B2EAC4DA4}: NameServer = 195.23.129.126,194.79.69.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Programas\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    Última edição pelo moderador: 21 de Junho de 2006
  2. lightMC

    lightMC Power Member

    tenta com o spyware doctor
     
  3. VASC

    VASC Power Member

    :kfold:

    Podes tentar tambem o windows defender, já me aconteceu e ele limpou
    mas tens de instalar o microsoft anti spyware pois a versão defender que
    evoluiu do anti spy não instala a menos que o win seja original............

    Convem ainda fazer a limpeza em modo de segurança pois há Worms que
    se não for assim o anti não os apaga........

    cumpz :004:
     
  4. paraai5

    paraai5 Power Member

    Boas

    corre o lavasoft e 1 anti virus, mas em antes d os correres n te eskeças d deligar o restauro d sistema......

    deve resolver o teu problema

    abraço
     

Partilhar esta Página