Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

magalhaesrj

[Arquivado] Secure32.html

Recommended Posts

Como retiro. andei fazendo algumas coisa que li no forum... mas nao consegui

vejam o log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:33:53 PM, on 1/11/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\explorer.exe

C:\WINNT\system32\MsgSys.EXE

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\WINNT\system32\pctspk.exe

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\paytime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\banmanpro.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe

C:\Program Files\Velox\Discador\discador.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - C:\WINNT\system32\wnmedehk.dll (file missing)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - C:\WINNT\system32\hdlczzmr.dll (file missing)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - C:\WINNT\system32\heydconx.dll

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - C:\WINNT\system32\jrouqucv.dll (file missing)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - C:\WINNT\system32\vbwmrbjm.dll

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - C:\WINNT\system32\xihihjpj.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [online defy second info] C:\Documents and Settings\All Users\Application Data\bias audio online defy\fordate.exe

O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe

O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a

O4 - HKCU\..\Run: [Rdr up] C:\DOCUME~1\ADMINI~1\APPLIC~1\ERRORE~1\bindrvshim.exe

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{59054060-0BE8-47BD-BC7E-69D4003D1D4F}: NameServer = 200.149.55.142 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: msctl32.dll - C:\WINNT\

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: Nls - C:\WINNT\system32\f6j2lg1o16.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro magalhaesrj,

 

Baixe o SmitfraudFix.

 

Desabilite a proteção do seu anti-vírus (temporariamente).

 

Extraia o arquivo SmitFraudFix para o seu desktop.

 

duplo-clique no smitfraudfix.cmd.

 

Escolha a opção 1, aguarde o scan acabar e poste o log gerado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui vai o log:SmitFraudFix v2.14Rapport fait à 13:31:01.79 le Wed 01/11/2006Executé à partir de C:\Documents and Settings\Administrator\Desktop\SmitfraudFixOS: Microsoft Windows 2000 [Version 5.00.2195]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\C:\drsmartloadb.exe PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNTC:\WINNT\kl.exe PRESENT !C:\WINNT\icont.exe PRESENT !C:\WINNT\tool1.exe PRESENT !C:\WINNT\tool2.exe PRESENT !C:\WINNT\tool3.exe PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32C:\WINNT\system32\paytime.exe PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Administrator\Application DataC:\Documents and Settings\Administrator\Application Data\Install.dat PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro magalhaesrj,

 

Agora você deve:

 

1. Reiniciar em Modo Seguro;

 

2. Executar o SmitfraudFix --> Opção 2;

 

3. Responder sim (o) à pergunta sobre a limpeza do registro;

 

4. Aguardar o término do scan e a geração do log;

 

5. Reiniciar em Modo Normal;

 

6. Postar o log do SmitfraudFix (opção 2) + log HijackThis (em Modo Normal).

 

Ok. :wink:

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui vai o Report da opcao 2

 

SmitFraudFix v2.14

 

Rapport fait à 10:47:51.73 le Thu 01/12/2006

Executé à partir de C:\Documents and Settings\Administrator\Desktop\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195]

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\drsmartloadb.exe supprimé

C:\WINNT\icont.exe supprimé

C:\WINNT\kl.exe supprimé

C:\WINNT\tool1.exe supprimé

C:\WINNT\tool2.exe supprimé

C:\WINNT\tool3.exe supprimé

C:\WINNT\system32\paytime.exe supprimé

C:\Documents and Settings\Administrator\Application Data\Install.dat supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

 

 

aqui vai o log do HijackThis em modo normal:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:04:09 AM, on 1/12/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\explorer.exe

C:\WINNT\system32\MsgSys.EXE

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\WINNT\system32\pctspk.exe

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Velox\Discador\discador.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\banmanpro.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\rundll32.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - C:\WINNT\system32\wnmedehk.dll (file missing)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - C:\WINNT\system32\hdlczzmr.dll (file missing)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - C:\WINNT\system32\heydconx.dll

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - C:\WINNT\system32\jrouqucv.dll (file missing)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - C:\WINNT\system32\vbwmrbjm.dll

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - C:\WINNT\system32\xihihjpj.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [online defy second info] C:\Documents and Settings\All Users\Application Data\bias audio online defy\fordate.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a

O4 - HKCU\..\Run: [Rdr up] C:\DOCUME~1\ADMINI~1\APPLIC~1\ERRORE~1\bindrvshim.exe

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{59054060-0BE8-47BD-BC7E-69D4003D1D4F}: NameServer = 200.149.55.142 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\o0660ajsedo60.dll

O20 - Winlogon Notify: msctl32.dll - C:\WINNT\

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro magalhaesrj,

 

Quanta praga cara! :devil:

 

Vamos ao ataque.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Baixe o WinsockFix.

 

Em algumas ocasiões a remoção do webHancer ocasiona a perda de conexão à internet (talvez não ocorra com você).

 

Se, após desinstalar o webHancer, você perder a conexão, execute o WinsockFix.exe e então clique em Fix.

 

Desinstale:

--> webHancer

--> MessengerPlus! 3

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-los desinstalado.

 

OBS.: Caso não encontre algum(ns) do(s) programa(s) apenas passe para o próximo e/ou para a próxima etapa.

 

Você poderá reinstalar o MessengerPlus! 3, mas sem o patrocinador.

 

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

Atenção --> Coloque o HijackThis em uma pasta prórpia, por exemplo: C:\HTJ\HijackThis.exe.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

2ª Etapa

 

Faça o seguinte:

 

Iniciar -->Executar --> digite services.msc e dê OK.

 

Procure o serviço ieblrckpsmas.

 

Dê um clique direito nele e vá para Propriedades.

 

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

 

1) Execute o Killbox, clique em Delete on Reboot.

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Program Files\webHancer

C:\Documents and Settings\All Users\Application Data\bias audio online defy

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

C:\WINNT\system32\msupd6.exe

C:\windows\enewsletterpro.exe

C:\windows\banmanpro.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\ERRORE~1

C:\WINNT\system32\wnmedehk.dll

C:\WINNT\system32\hdlczzmr.dll

C:\WINNT\system32\heydconx.dll

C:\WINNT\system32\jrouqucv.dll

C:\WINNT\system32\vbwmrbjm.dll

C:\WINNT\system32\xihihjpj.dll

C:\WINNT\system32\o0660ajsedo60.dll

C:\WINNT\system32\msctl32.dll

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Open the Misc Tools section.

 

Clique em Delete an NT service.

 

Coloque:

ieblrckpsmas

 

Elimine o serviço.

 

Execute o HijackThis novamente, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - C:\WINNT\system32\wnmedehk.dll (file missing)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - C:\WINNT\system32\hdlczzmr.dll (file missing)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - C:\WINNT\system32\heydconx.dll

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - C:\WINNT\system32\jrouqucv.dll (file missing)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - C:\WINNT\system32\vbwmrbjm.dll

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - C:\WINNT\system32\xihihjpj.dll

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [online defy second info] C:\Documents and Settings\All Users\Application Data\bias audio online defy\fordate.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe

O4 - HKCU\..\Run: [Rdr up] C:\DOCUME~1\ADMINI~1\APPLIC~1\ERRORE~1\bindrvshim.exe

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\o0660ajsedo60.dll

O20 - Winlogon Notify: msctl32.dll - C:\WINNT\

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Execute uma verificação completa com o SpySweeper.

 

5ª Etapa

 

Reinicie em modo normal.

 

Vou precisar de um log do L2MFix. Clique aqui e baixe.

 

Extraia os arquivos e rode o l2mfix.bat --> opção "run find log". Depois de alguns minutos o bloco de notas deve abrir com um log. É o conteúdo deste log que você deverá colar em sua próxima resposta, bem como o novo log do Hijack.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o post do L2MFIX

 

L2MFIX find log 010406

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

"DllName"="C:\\WINNT\\system32\\NavLogon.dll"

"Logoff"="NavLogoffEvent"

"StartShell"="NavStartShellEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINNT\\system32\\f2l02c3mgf.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

"Asynchronous"=dword:00000000

"DllName"="WRLogonNTF.dll"

"Impersonate"=dword:00000001

"Lock"="WRLock"

"StartScreenSaver"="WRStartScreenSaver"

"StartShell"="WRStartShell"

"Startup"="WRStartup"

"StopScreenSaver"="WRStopScreenSaver"

"Unlock"="WRUnlock"

"Shutdown"="WRShutdown"

"Logoff"="WRLogoff"

"Logon"="WRLogon"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

"DLLName"="wzcdlg.dll"

"Logon"="WZCEventLogon"

"Logoff"="WZCEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000000

 

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{BA9559DA-86EF-4770-7923-A873EAB78405}"=""

 

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"

"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extention"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"

"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"

"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"

"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"

"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"

"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"

"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"

"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"

"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"

"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"

"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"

"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"

"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"

"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"

"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"

"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"

"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"

"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"

"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"

"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"

"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"

"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"

"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"

"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"

"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

@="CorelDRAW Shell Extension Component"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas da Web"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"

"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"

"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"

"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"

"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"

"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"

"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"

"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{733624F4-E5C2-4AB0-B133-A9184BCDE29B}"=""

"{4E084DE2-ED81-4CC9-A0CB-A110EC13947A}"=""

"{EB8A60F0-EECD-4C45-AF77-9469FC844626}"=""

"{5398668A-D4B1-4A4C-A3AC-01C91FF36F04}"=""

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

 

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{733624F4-E5C2-4AB0-B133-A9184BCDE29B}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{733624F4-E5C2-4AB0-B133-A9184BCDE29B}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{733624F4-E5C2-4AB0-B133-A9184BCDE29B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{733624F4-E5C2-4AB0-B133-A9184BCDE29B}\InprocServer32]

@="C:\\WINNT\\system32\\mxndex.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{4E084DE2-ED81-4CC9-A0CB-A110EC13947A}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4E084DE2-ED81-4CC9-A0CB-A110EC13947A}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4E084DE2-ED81-4CC9-A0CB-A110EC13947A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4E084DE2-ED81-4CC9-A0CB-A110EC13947A}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{EB8A60F0-EECD-4C45-AF77-9469FC844626}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{EB8A60F0-EECD-4C45-AF77-9469FC844626}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{EB8A60F0-EECD-4C45-AF77-9469FC844626}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{EB8A60F0-EECD-4C45-AF77-9469FC844626}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{5398668A-D4B1-4A4C-A3AC-01C91FF36F04}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5398668A-D4B1-4A4C-A3AC-01C91FF36F04}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5398668A-D4B1-4A4C-A3AC-01C91FF36F04}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5398668A-D4B1-4A4C-A3AC-01C91FF36F04}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

********************************************************************************

**

Files Found are not all bad files:

 

C:\WINNT\SYSTEM32\

cnamsp.dll Thu Jan 12 2006 3:14:04p ..S.R 236,143 230.61 K

dractx.dll Thu Jan 12 2006 4:05:36p ..S.R 236,143 230.61 K

f2l02c~1.dll Thu Jan 12 2006 3:18:04p ..S.R 236,143 230.61 K

fp4403~1.dll Thu Jan 12 2006 4:20:00p ..S.R 236,586 231.04 K

j4l4le~1.dll Thu Jan 12 2006 4:00:20p ..S.R 234,897 229.39 K

loghtmsg.dll Thu Jan 12 2006 2:37:52p ..S.R 234,897 229.39 K

mqxlegih.dll Thu Jan 12 2006 1:46:02p ..S.R 235,310 229.79 K

mxndex.dll Thu Jan 12 2006 4:20:00p ..S.R 236,143 230.61 K

ndevtmsg.dll Wed Jan 11 2006 11:12:06a ..S.R 235,310 229.79 K

pachdprf.dll Thu Jan 12 2006 2:05:52p ..S.R 234,897 229.39 K

teappcmp.dll Thu Jan 12 2006 3:25:20p ..S.R 234,897 229.39 K

wrlogo~1.dll Wed Dec 14 2005 7:17:20p A.... 492,544 481.00 K

wrlzma.dll Wed Dec 14 2005 7:17:16p A.... 17,920 17.50 K

 

13 items found: 13 files (11 H/S), 0 directories.

Total of file sizes: 3,101,830 bytes 2.96 M

Locate .tmp files:

 

No matches found.

********************************************************************************

**

Directory Listing of system files:

Volume in drive C has no label.

Volume Serial Number is 2850-76A4

 

Directory of C:\WINNT\System32

 

01/12/2006 04:19p 236,143 mxndex.dll

01/12/2006 04:19p 236,586 fp4403hqe.dll

01/12/2006 04:05p 236,143 dractx.dll

01/12/2006 04:00p 234,897 j4l4le3q1h.dll

01/12/2006 03:25p 234,897 teappcmp.dll

01/12/2006 03:18p 236,143 f2l02c3mgf.dll

01/12/2006 03:14p 236,143 cnamsp.dll

01/12/2006 02:37p 234,897 LoghtMsg.dll

01/12/2006 02:05p 234,897 pachdprf.dll

01/12/2006 01:46p 235,310 mqxlegih.dll

01/11/2006 11:12a 235,310 ndevtmsg.dll

12/01/2005 10:07a <DIR> dllcache

08/11/2003 07:11a 235,461 kndno.dll

12 File(s) 2,826,827 bytes

1 Dir(s) 15,154,368,512 bytes free

 

 

Agora o log do HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:39:26 PM, on 1/12/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe

C:\Program Files\Velox\Discador\discador.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{59054060-0BE8-47BD-BC7E-69D4003D1D4F}: NameServer = 200.149.55.142 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: RunOnceEx - C:\WINNT\system32\f2l02c3mgf.dll

O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro magalhaesrj,

 

Vamos lá.

 

1ª Etapa

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

Clique em Fix Checked.

 

2ª Etapa

 

Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Depois disso, você deverá apertar qualquer tecla e o computador será reiniciado.

 

Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Anexe este log na sua resposta como você fez antes, junto com um novo log do HijackThis.

 

Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\

 

Clique em Iniciar --> Executar, digite cmd e clique em OK. Um prompt de comando vai aparecer.

 

Digite o seguinte:

 

cd c:\

Enter. Agora digite o seguinte comando:

 

ntrights -u Administradores +r SeDebugPrivilege > log.txt

Atenção --> Certifique-se digitar este comando corretamente.

 

Enter novamente. Agora deverá existir um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui vai o log do L2mfix:

 

L2mfix 010406

Creating Account.

The command completed successfully.

 

 

Adding Administrative privleges.

The command completed successfully.

 

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

zip warning: name not matched: dlls\*.*

 

zip error: Nothing to do! (backup.zip)

adding: backregs/notibac.reg (152 bytes security) (deflated 87%)

 

NOVO LOG DO HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 3:05:12 PM, on 1/13/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\system32\MsgSys.EXE

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe

C:\Program Files\Velox\Discador\discador.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{59054060-0BE8-47BD-BC7E-69D4003D1D4F}: NameServer = 200.149.55.142 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\f2l02c3mgf.dll

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

 

log do C:\log.txt

 

NTRights.Exe - Beta Version by Georg Zanzen

Grants/Revokes NT-Rights to a user/group

usage: -u xxx User/Group

-m \\xxx machine to perform the operation on (default local machine)

-e xxxxx Add xxxxx to the event log

-r xxx revokes the xxx right

+r xxx grants the xxx right

valid NTRights are:

SeCreateTokenPrivilege

SeAssignPrimaryTokenPrivilege

SeLockMemoryPrivilege

SeIncreaseQuotaPrivilege

SeUnsolicitedInputPrivilege

SeMachineAccountPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeSystemProfilePrivilege

SeSystemtimePrivilege

SeProfileSingleProcessPrivilege

SeIncreaseBasePriorityPrivilege

SeCreatePagefilePrivilege

SeCreatePermanentPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeShutdownPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeChangeNotifyPrivilege

SeRemoteShutdownPrivilege

Compartilhar este post


Link para o post
Compartilhar em outros sites

Qual operação, todo seu ultimo post?O programinha nao esta conseguindo apagar essas linhasO2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Qual operação, todo seu ultimo post?

Sim.

 

O programinha nao esta conseguindo apagar essas linhas

 

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

Fixe-as novamente. Se não sair faremos a limpeza via registro.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Não consegui, elas teima em ficar, não seria legal eu tentar pelo modo seguro?

Não esquenta com isto. Passe para a próxima etapa.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Um log C:\ deu isso:

Granting SedebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332

 

 

Logfile of HijackThis v1.99.1

Scan saved at 7:19:19 PM, on 1/13/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\system32\MsgSys.EXE

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Velox\Discador\discador.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\cmd.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{59054060-0BE8-47BD-BC7E-69D4003D1D4F}: NameServer = 200.149.55.142 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\f2l02c3mgf.dll

O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

 

OBS: isso aqui não aconteceu... bom acho que não

 

"Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log"

Compartilhar este post


Link para o post
Compartilhar em outros sites

Repita a operação com o L2MFix.

 

Executa uma verificação completa com o SpySweeper novamente.

 

O Look2Me é chato mesmo cara.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do L2L2mfix 010406Creating Account.The command completed successfully.Adding Administrative privleges. The command completed successfully.Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successfulChecking for L2MFix account(0=no 1=yes): 0Zipping up files for submission: zip warning: name not matched: dlls\*.*zip error: Nothing to do! (backup.zip) adding: backregs/notibac.reg (152 bytes security) (deflated 87%)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa magalhaesrj,

 

Parece que agora foi.

 

Poste o novo log do HijackThis para que eu possa avaliar.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 11:51:05 AM, on 1/16/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\Symantec\Ghost\ngserver.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\dns.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\PV92Tray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\NavNT\vptray.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe

C:\Program Files\Symantec\Ghost\bin\dbserv.exe

C:\Program Files\Symantec\Ghost\bin\rteng7.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {095B0124-84B6-4B66-B339-D99CEAF7780E} - (no file)

O2 - BHO: (no name) - {6FFBE86C-3BEA-5289-E43F-662126D90D84} - (no file)

O2 - BHO: (no name) - {77BF5339-C3D8-78C2-64BB-FFA438C04103} - (no file)

O2 - BHO: (no name) - {7807B77E-8EAD-B3C8-6165-C1D441DD994E} - (no file)

O2 - BHO: (no name) - {BFC92FA2-0CB2-581A-7035-0ED289C1F1CE} - (no file)

O2 - BHO: (no name) - {D0EF6BE8-048C-E346-5CC5-30BEA0AB3CE6} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a

O4 - Startup: Adobe Gamma.lnk = Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127329941641

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127330451424

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF985B-72C4-462F-92A4-A961AF228664}: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6458284-B3FA-4DC4-8825-8304B81F468A}: NameServer = 200.255.242.4

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdweb.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdweb.com.br

O20 - Winlogon Notify: App Paths - C:\WINNT\system32\mvlql9351.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: Welcome - C:\WINNT\

O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: UPnPMonitor - {1B890729-821B-5E83-7743-61486334561C} - C:\WINNT\help\S3Gm2WST.hlp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ieblrckpsmas (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe (file missing)

O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe

O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

EU RODEI O: Spy Sweeper

 

veja as imagens

spy1.jpg

 

spy2.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.