Jump to content


Photo

Mensagem de vírus


  • This topic is locked This topic is locked
19 replies to this topic

#1 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 09/12/2008, 18:41

Galera de remoção de virus me ajudem?

Não sei mais o que fazer já passei antivirus (avast) suybot, windows defender e não conseguir resolver o problema do meu IE, toda vez que abro algo acusa que tenho um virus periogoso e que preciso baixar WindWindows2009, ou pergunta se quero assistir um filme que não baixei (acho), não estou nem mais usando o IE pois sempre me da problema. Estou colocando o log para analise. Por fazer me ajudem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:25, on 9/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\PSIService.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe
E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
E:\Arquivos de programas\TOPRO\TPPOLL.EXE
E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
E:\Arquivos de programas\Java\jre6\bin\jusched.exe
E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
E:\Arquivos de programas\Windows Media Player\wmplayer.exe
E:\WINDOWS\system32\imapi.exe
E:\Arquivos de programas\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Desktop\HijackThis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\system32\PSIService.exe

--
End of file - 3611 bytes

#2 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 09/12/2008, 19:32

Remove o seu IE, instale essa nova versão:
http://baixaki.ig.co...et-Explorer.htm



#3 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 09/12/2008, 22:54

Remove o seu IE, instale essa nova versão:
http://baixaki.ig.co...et-Explorer.htm



Boa noite,

Vou remover o IE e instalar a nova versão. Vou painel de controle, remoção e removo tudo que tiver do IE. Com este procedimento meu pc estará pronto para receber a nova versão? ou tem outro procedimento?

#4 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 10/12/2008, 07:30

Claro, é o procedimento simples.
Meu inicar, Painel de Controle, Adicionar ou remover programas.



#5 Allex Severino

Allex Severino

    Será?!?!?!

  • Usuários
  • 793 posts
  • Sexo:Masculino
  • Localidade:São Luís de Montes Belos - GO

Posted 10/12/2008, 10:20

Claro, é o procedimento simples.
Meu inicar, Painel de Controle, Adicionar ou remover programas.


Se for uma atualização do IE teria mais um caminho, dentro de adicionar ou remover programas tem que ir em Adicionar/remover componentes do Windows. Deixe selecionado somente o IE e mande avançar.
Meu post lhe ajudou? Clicar no Posted Image é uma das formas de agradecer.

#6 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 10/12/2008, 14:52

Claro, é o procedimento simples.
Meu inicar, Painel de Controle, Adicionar ou remover programas.


Se for uma atualização do IE teria mais um caminho, dentro de adicionar ou remover programas tem que ir em Adicionar/remover componentes do Windows. Deixe selecionado somente o IE e mande avançar.





Se eu estiver respondendo no lugar errado me avisem:

Removi o IE e instalei a nova versão conforme solicitado, continua com os mesmo aviso, informando que tenho virus, se quero assistir um filme. No ultimo foi aberto uma pagina no Mozzila (http://systemerroron...id/4912933/4/1/ onde dizia que um spyware roubou meus dados de inf pessoal conforme abaixo: IP (meu) Pais Brasil, Brower: Mozilla;5.0 (Windows, U, Windows NT 5.1, pt-BR, rv 1.904) gecko/2008102920 e que tenho na shared doc 27 erros e hard dis crives 19. Pode informar do que se trata e que devo fazer. Grata

#7 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 10/12/2008, 19:52

Baixe o ComboFix em: ComboFix

1) Desabilite o seu anti-vírus temporariamente;
2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
5) Reabilite o seu anti-vírus;
6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

- Faça o download do CCleaner:
  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
Continua aparecer essas mensagens?



#8 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 10/12/2008, 21:16

Baixe o ComboFix em: ComboFix

1) Desabilite o seu anti-vírus temporariamente;
2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
5) Reabilite o seu anti-vírus;
6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

- Faça o download do CCleaner:

  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
Continua aparecer essas mensagens?






Boa Noite, baixei o ComboFix, porem antes de usa-lo informo que, baixei um programa chamado Malwarebytes Anti-Malware e ele me gerou um log, vou postar após a sua analise se achar necessário passo o ComboFix, se fiz errado me desculpe :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:49, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\PSIService.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe
E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
E:\Arquivos de programas\TOPRO\TPPOLL.EXE
E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
E:\Arquivos de programas\Java\jre6\bin\jusched.exe
E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Arquivos de programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - E:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - E:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SmartRAM] E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [hpqSRMon] E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TPPOLL] E:\Arquivos de programas\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [avast!] "E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] E:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] "E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] E:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DF59E5-B60F-4A82-92B6-C60354138115}: NameServer = 189.84.80.35,189.84.80.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - E:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - E:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\system32\PSIService.exe

--
End of file - 11183 bytes



Malwarebytes' Anti-Malware 1.31
Versão do banco de dados: 1483
Windows 5.1.2600 Service Pack 3

10/12/2008 21:37:04
mbam-log-2008-12-10 (21-37-04).txt

Tipo de Verificação: Rápida
Objetos verificados: 48304
Tempo decorrido: 2 minute(s), 31 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 1
Chaves do Registro infectadas: 5
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 1

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
E:\WINDOWS\system32\gzo.dll (Trojan.FakeAlert) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\lnmd7s (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93811b7d-621d-4230-a7d2-851bf93cbbaf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93811b7d-621d-4230-a7d2-851bf93cbbaf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93811b7d-621d-4230-a7d2-851bf93cbbaf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lnmd7s.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
E:\WINDOWS\system32\gzo.dll (Trojan.FakeAlert) -> Delete on reboot.


Vou verificar se continua com o problema.
Grata

#9 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 11/12/2008, 06:59

Você tomou uma atitude precipitada, deveria ter seguido o que eu pedi.

Reinicie o PC em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha Modo Seguro).

Dê um fix checked nas entradas:

[?] - O4 - HKLM\..\Run: [Corel File Shell Monitor] E:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[?] - O4 - HKLM\..\Run: [Corel Photo Downloader] "E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
[?] - O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
[?] - O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
[?] - O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
[?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{63DF59E5-B60F-4A82-92B6-C60354138115}: NameServer = 189.84.80.35,189.84.80.36
[?] - O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - E:\Arquivos de programas\Scpad\scpLIB.dll
[?] - O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - E:\Arquivos de programas\Scpad\scpLIB.dll
[?] - O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
[?] - O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe

Agora faça o que se pede abaixo:

Baixe o ComboFix em: ComboFix

1) Desabilite o seu anti-vírus temporariamente;
2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
5) Reabilite o seu anti-vírus;
6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.



#10 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 14/12/2008, 20:56

Boa noite, desculpe a demora em responde, entrei no Modo Seguro, apareceu meu desktop depois não sabia como fazer fix checked.Pode me informar melhor.
Grata

#11 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 15/12/2008, 08:58

Quando você faz o scan com o Hijackthis ele mostra várias entradas, certo?
Ai antes dela aparecer tem um quadradinho antes, você seleciona e aperta o botão Posted Image.

Faça o que eu te pedi na mensagem anterior. (Postado 11/12/2008, 07:59)

Aguardo a sua resposta.



#12 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 15/12/2008, 15:50

segue os log's espero que estejam corretos:
ComboFix 08-12-14.04 - Administrador 2008-12-15 12:09:50.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.958.545 [GMT -2:00]
Executando de: e:\documents and settings\Administrador\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))
.

2009-11-27 11:20 . 2008-09-12 08:44 206,256 --a------ e:\windows\system32\idmmbc.dll
2008-12-13 23:58 . 2008-12-13 23:58 <DIR> d-------- e:\arquivos de programas\AskBarDis
2008-12-13 23:58 . 2008-12-13 23:58 249,592 --a------ e:\windows\system32\cssdll32.dll
2008-12-13 18:00 . 2008-12-13 18:01 1,393 --a------ e:\windows\imsins.BAK
2008-12-10 21:28 . 2008-12-10 21:28 <DIR> d-------- e:\arquivos de programas\Malwarebytes' Anti-Malware
2008-12-10 21:28 . 2008-12-03 19:59 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 21:28 . 2008-12-03 19:59 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-12-10 14:47 . 2007-04-17 07:32 2,455,488 -----c--- e:\windows\system32\dllcache\ieapfltr.dat
2008-12-10 14:47 . 2007-03-08 03:12 1,024,000 -----c--- e:\windows\system32\dllcache\ieframe.dll.mui
2008-12-09 20:22 . 2008-12-09 23:15 <DIR> d-------- e:\windows\BDOSCAN8
2008-12-08 15:35 . 2008-12-08 18:59 23,392 --a------ e:\windows\system32\nscompat.tlb
2008-12-08 15:35 . 2008-12-08 18:59 16,832 --a------ e:\windows\system32\amcompat.tlb
2008-12-08 08:26 . 2008-12-08 08:26 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2008-12-08 08:25 . 2008-12-08 08:25 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2008-12-07 16:28 . 2008-12-07 16:29 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\DeepBurner Pro
2008-12-04 17:37 . 2008-12-04 17:37 <DIR> d-------- e:\arquivos de programas\Unity
2008-12-04 15:17 . 2008-12-04 15:17 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\Meridian93
2008-11-30 18:39 . 2008-12-04 15:19 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo
2008-11-30 09:06 . 2008-11-30 09:06 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9
2008-11-30 09:06 . 2008-11-30 09:06 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\GameHouse
2008-11-30 09:06 . 2008-12-07 23:25 <DIR> d-------- e:\arquivos de programas\GameHouse
2008-11-30 09:05 . 2008-11-30 09:05 <DIR> d--h----- e:\windows\PIF
2008-11-27 16:19 . 2008-11-27 16:31 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\Ancient Quest of Saqqarah__gamehouse
2008-11-26 15:39 . 2008-11-26 15:39 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\Mysteryville2
2008-11-25 09:47 . 2008-11-25 09:47 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2008-11-25 09:41 . 2008-11-25 09:41 <DIR> d-------- e:\arquivos de programas\Bonjour
2008-11-24 23:40 . 2008-11-24 23:40 <DIR> d-------- e:\arquivos de programas\Arquivos comuns\Macrovision Shared
2008-11-21 21:26 . 2008-11-21 21:26 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\BloodTies
2008-11-18 16:56 . 2008-11-18 16:56 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\SpinTop Games
2008-11-16 23:41 . 2008-11-16 23:41 <DIR> d-------- e:\arquivos de programas\Azada 2 Ancient Magic
2008-11-16 23:37 . 2008-11-16 23:37 <DIR> d-------- e:\documents and settings\Administrador\Dados de aplicativos\Big Fish Games
2008-11-16 23:35 . 2008-11-16 23:35 <DIR> d-------- e:\windows\Azada 2 Ancient Magic

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 13:58 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\DMCache
2008-12-15 01:57 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Google Updater
2008-12-14 17:21 --------- d-----w e:\arquivos de programas\Puxa Rápido
2008-12-13 22:30 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-12-10 16:28 --------- d-----w e:\arquivos de programas\Sploidz
2008-12-08 20:00 --------- d-----w e:\arquivos de programas\Unlocker
2008-12-08 17:56 --------- d-----w e:\arquivos de programas\IObit
2008-12-08 17:33 --------- d-----w e:\arquivos de programas\Windows Media Connect 2
2008-12-08 17:21 --------- d-----w e:\arquivos de programas\Arquivos comuns\Real
2008-12-08 11:13 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Desktopicon
2008-12-08 01:16 --------- d-----w e:\arquivos de programas\Astonsoft
2008-12-04 17:17 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Zylom
2008-12-04 14:31 --------- d-----w e:\arquivos de programas\Internet Download Manager
2008-12-04 14:20 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\IDM
2008-12-03 12:08 --------- d-----w e:\arquivos de programas\Java
2008-12-01 23:20 --------- d-----w e:\arquivos de programas\Corel
2008-11-30 21:33 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Corel
2008-11-30 19:53 --------- d-----w e:\arquivos de programas\Arquivos comuns\Corel
2008-11-25 18:03 --------- d-----w e:\arquivos de programas\Plugin Commander Light
2008-11-25 13:04 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Corel
2008-11-25 11:41 --------- d-----w e:\arquivos de programas\Arquivos comuns\Adobe
2008-11-24 16:28 --------- d-----w e:\arquivos de programas\Google
2008-11-15 02:59 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\PlayFirst
2008-11-15 02:59 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\PlayFirst
2008-11-13 16:44 --------- d-----w e:\arquivos de programas\Spybot - Search & Destroy
2008-11-10 21:28 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\RealArcade
2008-11-10 20:26 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\MythPeople
2008-11-10 07:43 410,984 ----a-w e:\windows\system32\deploytk.dll
2008-11-07 03:32 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\IObit
2008-11-06 02:38 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Alien Skin
2008-11-06 02:13 --------- d-----w e:\arquivos de programas\Alien Skin
2008-11-06 02:02 --------- d-----w e:\arquivos de programas\PhotoFiltre Studio
2008-11-05 02:58 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\XnView
2008-11-05 02:58 --------- d-----w e:\arquivos de programas\XnView
2008-11-01 02:58 --------- d-----w e:\arquivos de programas\Windows Defender
2008-10-30 22:19 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\InstallShield
2008-10-30 22:19 --------- d-----w e:\arquivos de programas\Arquivos comuns\InstallShield
2008-10-30 02:25 --------- d---a-w e:\documents and settings\All Users\Dados de aplicativos\TEMP
2008-10-29 14:03 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express
2008-10-29 01:07 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\ImgBurn
2008-10-29 00:38 --------- d-----w e:\arquivos de programas\ImgBurn
2008-10-28 23:43 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\DeepBurner
2008-10-27 16:58 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY
2008-10-27 16:58 --------- d-----w e:\arquivos de programas\HP
2008-10-26 22:39 --------- d-----w e:\arquivos de programas\byLight
2008-10-25 00:00 --------- d-----w e:\arquivos de programas\Sony
2008-10-24 23:52 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\Sony Corporation
2008-10-24 23:51 --------- d--h--w e:\arquivos de programas\InstallShield Installation Information
2008-10-24 23:39 --------- d-----w e:\documents and settings\Administrador\Dados de aplicativos\InstallShield
2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:37 286,720 ----a-w e:\windows\system32\gdi32.dll
2008-10-16 20:23 826,368 ----a-w e:\windows\system32\wininet.dll
2008-10-16 16:13 202,776 ----a-w e:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w e:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w e:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w e:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w e:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w e:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w e:\windows\system32\wups.dll
2008-10-16 16:06 268,648 ----a-w e:\windows\system32\mucltui.dll
2008-10-16 16:06 208,744 ----a-w e:\windows\system32\muweb.dll
2008-10-12 01:34 158,456 ------w e:\windows\system32\pxwma.dll
2008-10-03 10:04 247,326 ----a-w e:\windows\system32\strmdll.dll
2008-09-30 18:43 1,286,152 ----a-w e:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w e:\windows\system32\win32k.sys
2008-07-28 17:17 32 ----a-w e:\documents and settings\All Users\Dados de aplicativos\ezsid.dat
2008-07-06 23:26 122,880 ----a-w e:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-12 21:47 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
2008-05-12 21:47 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008051220080513\index.dat
2008-05-12 21:47 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
2008-05-12 21:47 16,384 --sha-w e:\windows\system32\config\systemprofile\Cookies\index.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ e:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "e:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="e:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="e:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 68856]
"IDMan"="e:\arquivos de programas\Internet Download Manager\IDMan.exe" [2008-11-24 2741680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"SmartRAM"="e:\arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"UnlockerAssistant"="e:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Google Desktop Search"="e:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-06 29744]
"hpqSRMon"="e:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"TPPOLL"="e:\arquivos de programas\TOPRO\TPPOLL.EXE" [2005-03-02 24576]
"avast!"="e:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="e:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="e:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2006-10-31 e:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 e:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 e:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 e:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

e:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - e:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-10-24 376832]

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - e:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-05 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= e:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpg4"= e:\windows\mpg4c32.dll
"vidc.mpg2"= e:\windows\mpg4c32.dll
"vidc.mpg3"= e:\windows\mpg4c32.dll
"vidc.GEOX"= e:\windows\system32\GeoCodec.dll
"vidc.GEOV"= e:\windows\system32\GeoCodec.dll
"vidc.G264"= e:\windows\system32\GX264.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"e:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"e:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"e:\\Arquivos de programas\\Internet Download Manager\\IDMan.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12382:TCP"= 12382:TCP:emule

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-11-07 111184]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-07 20560]
R2 WinDefend;Windows Defender;"e:\arquivos de programas\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 DCamUSBIntel;USB Video Camera;e:\windows\system32\Drivers\TP6800.sys [2008-09-25 202640]
S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;"e:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-06 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc75a1e-0332-11dd-9949-f92a6c0c43f3}]
\shell\verb1\command - desktop.exe
.
Conteúdo da pasta 'Tarefas Agendadas'

2008-12-15 e:\windows\Tasks\GoogleUpdateTaskUser.job
- e:\documents and settings\Administrador\Configura []

2008-12-15 e:\windows\Tasks\MP Scheduled Scan.job
- e:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\he9yalqb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR1.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR2.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR3.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR4.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR5.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NP_PR6.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\arquivos de programas\Picasa2\npPicasa2.dll
FF - plugin: e:\arquivos de programas\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: e:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: e:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll
FF - plugin: e:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: e:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 12:11:28
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(588)
e:\windows\system32\cssdll32.dll

- - - - - - - > 'lsass.exe'(644)
e:\windows\system32\cssdll32.dll
.
Tempo para conclusão: 2008-12-15 12:12:10
ComboFix-quarantined-files.txt 2008-12-15 14:11:58

Pré-execução: 10 pasta(s) 85.781.831.680 bytes disponíveis
Pós execução: 10 pasta(s) 85,782,638,592 bytes disponíveis

247 --- E O F --- 2008-12-13 20:01:11


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:26, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe
E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
E:\Arquivos de programas\TOPRO\TPPOLL.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
E:\Arquivos de programas\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\PSIService.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\explorer.exe
E:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Arquivos de programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - E:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - E:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SmartRAM] E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [hpqSRMon] E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TPPOLL] E:\Arquivos de programas\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [avast!] "E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] E:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: E:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\system32\PSIService.exe

--
End of file - 9643 byte

#13 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 17/12/2008, 17:58

Desculpe a demora, tive um problema pessoal.

Dê um Posted Image nas entradas:

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe

Baixe o Killbox em:
Killbox

Execute o KillBox:
1) Selecione Delete on reboot;
2) Full path of file to delete;
3) Coloque:
E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe
E:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

- Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

Gere um novo log do hijackthis e cole em sua resposta.



#14 pepenha

pepenha

    Novato no fórum

  • Usuários
  • 9 posts
  • Sexo:Não informado

Posted 17/12/2008, 21:52

Fiz o que solicitou, assinalei o que pediu depois usei Killbox (ele não fez a seg pergunta e desligou o pc). Gerei um Log do Hijack. Pergunto: Qual a finalidade de assinaler os itens no Hijack.E para remove-los? Pois eles continuam na relação.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:54, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe
E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
E:\Arquivos de programas\TOPRO\TPPOLL.EXE
E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Arquivos de programas\Java\jre6\bin\jusched.exe
E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\PSIService.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Arquivos de programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - E:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - E:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SmartRAM] E:\Arquivos de programas\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [hpqSRMon] E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TPPOLL] E:\Arquivos de programas\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [avast!] "E:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] E:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DF59E5-B60F-4A82-92B6-C60354138115}: NameServer = 189.84.80.35,189.84.80.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: E:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - E:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\WINDOWS\system32\PSIService.exe

--
End of file - 10235 bytes :unsure: :unsure: :unsure:

#15 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 18/12/2008, 08:11

Leia esse artigo: Hijackthis Completo

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [hpqSRMon] E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "E:\Arquivos de programas\Arquivos comuns\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O17 - HKLM\System\CCS\Services\Tcpip\..\{63DF59E5-B60F-4A82-92B6-C60354138115}: NameServer = 189.84.80.35,189.84.80.36
O20 - AppInit_DLLs: E:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe


O moça o seu 1º problema já foi resolvido, mais você continua pegando vírus.

Rode o Bankerfix:

Siga essas instruções para rodar a ferramenta bankerfix
http://www.linhadefe...a.org/bankerfix

Atualiza o Java
http://www.java.com/...nload/index.jsp

Faça um scan online:
BitDefender Online Scanner.
http://www.bitdefend...m/scan8/ie.html

Veja como fazer o scan e postar o relatório do BitDefener aqui.
http://www.linhadefe...showtopic=56378






1 user(s) are reading this topic

0 membro(s), 1 visitante(s) e 0 membros anônimo(s)

IPB Skin By Virteq