[Arquivado] secure32 new.net cws.searchmeup wupd savenow webhancer

Este PC tem Spy-bot residente e atualizado, Ad-aware atualizado e AVG atualizado. Com eles tudo limpo.

Como desconfiava de algum verme ou vírus no PC, já que o IE às vezes não abria a janela ao clicar no ícone e a temperatura da cpu anda subindo além do normal, passei o PANDA http://www.pandasoftware.com/products/activescan.htm e obtive como resultado esse monte de vermes: :o

Incident Status Location

Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe

Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe

Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\toolbar.exe

Adware:adware/wupd Not disinfected C:\ARQUIVOS DE PROGRAMAS\MediaGateway

Adware:adware/savenow Not disinfected C:\ARQUIVOS DE PROGRAMAS\VVSN

Adware:adware/webhancer Not disinfected C:\ARQUIVOS DE PROGRAMAS\whInstall

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[2].txt

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@admotion.com[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@adopt.hbmediapro[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ath.belnk[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@atwola[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@bannerlandia.com[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@belnk[1].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@burstnet[2].txt

Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@c.goclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@de.uol.com[1].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@did-it[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@dist.belnk[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@google.com[1].txt

Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@go[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt

Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@kinghost[1].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@searchportal.information[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@yadro[1].txt

Adware:Adware/WinAD Not disinfected C:\Arquivos de programas\Bit Lord 1.1\Downloads\Alcohol 120% 1.9.3105 Latest [Corporate Edition With CRACK- BEST YET]\Alcohol 120% 1.9.3105 Latest [Corporate Edition With Patch]\Keygen.exe

Adware:Adware/WinAD Not disinfected C:\Arquivos de programas\Bit Lord 1.1\Downloads\Alcohol 120% 1.9.3105 Latest [Corporate Edition With CRACK- BEST YET].zip[Keygen.exe]

Hacktool:Hacktool/Netbuster Not disinfected C:\Backup_HD_antigo\c em pc1 (S3o2a7)\Netbuster\NetBuster.exe

Hacktool:Hacktool/Netbuster Not disinfected C:\Backup_HD_antigo\c em pc1 (S3o2a7)\xx_1\Hacker\Nucker_i\netbuster1_31.zip[NetBuster.exe]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\Cookies\administrador@ig.com[1].txt

Adware:Adware/WinAD Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\MGW_SH.exe

Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\SHNT288.exe

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[whAgent.inf]

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[whAgent.exe]

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[whInstaller.exe]

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[whSurvey.exe]

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[webhdll.dll]

Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temp\wh.exe[whiehlpr.dll]

Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\41WTONER\Setup[1].exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[2].txt

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@admotion.com[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@adopt.hbmediapro[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ath.belnk[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@atwola[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@bannerlandia.com[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@belnk[1].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@burstnet[2].txt

Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@c.goclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@de.uol.com[1].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@did-it[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@dist.belnk[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@google.com[1].txt

Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@go[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt

Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@kinghost[1].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@searchportal.information[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@yadro[1].txt

Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe

Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe

Como o Panda não elimina os vermes só vírus, fui examinar o log do PANDA e ele informa vermes até nuns arquivos "nada a ver" como os marcados em verde acima. Imagino serem falsos positivos do Panda.

Como não entendo muito de eliminação de vermes resolví passar o HijackThis e postar aqui:

Logfile of HijackThis v1.99.1

Scan saved at 06:01:02, on 27/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Intel\Intel® Active Monitor\imonnt.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Intel\Intel® Active Monitor\imontray.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\ARQUIV~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

C:\WINDOWS\system32\NILaunch.exe

C:\Arquivos de programas\Elaborate Bytes\DVD Region Killer\RegKillTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\dvd43\dvd43_tray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\arquivos de programas\netappel\netappel.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\lotus\organize\easyclip.exe

C:\lotus\smartctr\smartctr.exe

C:\lotus\smartctr\suitest.exe

C:\Util\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/re...=WinXp&Lang=Ptb

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iMONTRAY] C:\Arquivos de programas\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [DataLayer] C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Arquivos de programas\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill

O4 - HKLM\..\Run: [RegKillTray] "C:\Arquivos de programas\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [dvd43] C:\Arquivos de programas\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [VVSN] C:\Arquivos de programas\VVSN\VVSN.exe :devil:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [NetAppel] "C:\arquivos de programas\netappel\netappel.exe" -nosplash -minimized

O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe

O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe

O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww8.banrisul.com.br/bto/link/msie/S...reControl2k.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Arquivos de programas\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Gostaria que me informassem se realmente tem todos esses vermes mesmo no PC e como eliminá-los.

Pelo menos o vvsn.exe :devil: já indica algum problema :cry:

Desde já agradeço a ajuda.

{}

Palc