Meu PC ta conectando sozinho

Question

Seguinte galera, eu fui instalar um crack do quick time no meu pc e agpra ela ta conectando sozinho toda hora.
J&aacute; passei o antivirus (avast e Norton) mas ainda naum resolveu o problema.
E agora, o que que eu fa&ccedil;o?

Answer

:idea: Baixe o [color=red]HijackThis[/color] com um click na imagem http://www.merijn.org/images/hijackthis_big.gif
:idea: Veja como utilizar HijackThis. 

:idea: Veja esta contribui&ccedil;&atilde;o do  Claudio Pena
:idea: E tamb&eacute;m esta do do  Oct&aacute;vio Augusto


:idea: [color=brown]Se precisar, coloque o resultado do log do HijcakThis aqui para que posamos te ajudar.[/color]

Answer

Logfile of HijackThis v1.99.1
Scan saved at 20:14:07, on 9/7/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\win32host.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\win32bootcfg.exe
C:\DOCUME~1\glaucio\CONFIG~1\Temp\h91746.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\ARQUIV~1\WinZip\winzip32.exe
C:\DOCUME~1\glaucio\CONFIG~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\System32	load.ocx
O2 - BHO: C:\WINDOWS\system32\st3d.dll - {86AA461F-2A5B-4889-B543-E1BBA6746D61} - C:\WINDOWS\system32\st3d.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Debug ] C:\WINDOWS\SMSS.exe
O4 - HKLM\..\Run: [ccApp] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Windows Core Kernel Update] C:\WINDOWS\System32\win32bootcfg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [211ce5f1.exe] C:\WINDOWS\System32\211ce5f1.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKCU\..\Run: [211ce5f1.exe] C:\Documents and Settings\glaucio\Configura&ccedil;&otilde;es locais\Dados de aplicativos\211ce5f1.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{340EB601-9FBB-4526-B4BF-1D7141697875}: NameServer = 200.225.159.124 200.225.159.126
O20 - Winlogon Notify: st3d - C:\WINDOWS\system32\st3d.dll (file missing)
O20 - Winlogon Notify: winzbr32 - winzbr32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Servi&ccedil;o de prote&ccedil;&atilde;o autom&aacute;tica do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus
avapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe

Answer

Tem tanta coisa no teu log que n&atilde;o sei nem por onde come&ccedil;ar.
Amigo teu log esta um terror, veja abaixo.
http://www.hijackthis.de/logfiles/735c00124cb632b91b5b73f1591a6212.html

Vc tem spybot e Ad-Aware instalado ai? 

:idea: Para remover malware execute o  Ewido Micro-version 


 :idea: Baixe tb e utilize a vers&atilde;o completa do ewido no local abaixo:
http://superdownloads.uol.com.br/search.cfm?Query=Ewido


E veja [color=red]Claudio Pena[/color] neste local:
http://forumgdh.net/viewtopic.php?t=305610&sid=80eeb6d4083ac6cf87cca498356e00a5

Answer

ehehehehe...realmente, pelo q eu vi tah terror...
mas, eu tento localizar os arquivos suspeitos diretamente no explorer do Windows?

Answer

EMN vide claudio Pena na pagina abaixo:
http://forumgdh.net/viewtopic.php?p=2306050&highlight=&sid=4c46c140a8020a9206a8fad39a2ad43b#2306050

Answer

Nussa...
Acho q &eacute; mais f&aacute;cil to formata logo...  :D  
To brincando...
Talvez o Spybot ou outros programs com a mesma fun&ccedil;&atilde;o ajudem...
XXX TOLBAR...
uashahsuas

Answer

kleeston ==>  &Eacute; mais f&aacute;cil ser prudente. :D

Answer

EMN amigo o ideal &eacute; vc aproveitar o micro conectado e atualizar anti virus / anti spy ...

reinicia em modo de seguran&ccedil;a e vamos come&ccedil;ar a limpeza ....

Iniciar / Executar / msconfig / iniciar
limpe tudo, deixe somente o que for &uacute;til (praticamente s&oacute; anti virus)

rode o anti virus, at&eacute; ter certeza de que ele n&atilde;o est&aacute; detectando mais nada ... a mesma coisa deve ser feita com o anty spy (recomendo spybot e ad-aware) ...

depois em Adicionar e Remover Programas verifique se tem algum programa diferente instalado e retire ele tbm ....

assim j&aacute; &eacute; uma limpeza que garante um pouco, mas se estiver bravo, ter&aacute; que apagar alguns arquivos manualmente ... localizando a pasta deles e apagando ...

n&atilde;o esque&ccedil;a de ativar o firewall do seu windows ...

Um Abra&ccedil;o e boa sorte

Ferramentas

Mover Tópico