[Arquivado] Problema ##exmodul..entre outros...hijackthis log

[Rebellion 0]

Olá, sou nova no forum e preciso de ajuda relativamente ao meu computador...ele está com alguns problemas....agradecia que me ajudassem a remover estes virus :cry: ...obrigado,rebellion.

 

Logfile of HijackThis v1.99.1

Scan saved at 20:30:53, on 01-10-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

C:\Programas\Network Associates\Common Framework\FrameworkService.exe

c:\programas\mcafee.com\agent\mcdetect.exe

C:\Programas\Network Associates\VirusScan\Mcshield.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Programas\Network Associates\VirusScan\VsTskMgr.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programas\Java\jre1.5.0\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\D-Tools\daemon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Network Associates\VirusScan\SHSTAT.EXE

C:\Programas\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Moywcc\Fbvn.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programas\Wireless Combo\MulMouse.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programas\Wireless Combo\MagicKey.exe

C:\Programas\DataStudio\PASPortal.exe

C:\Programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\svchost.exe

C:\PENSOFT\fquick32.exe

C:\PENSOFT\Quick95.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\PROGRA~1\Webshots\webshots.scr

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programas\Wireless Combo\OSD.EXE

C:\Programas\Wireless Combo\MagicWl.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Nádia\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nádia\Application Data\Mozilla\Profiles\default\gxvcken2.slt\prefs.js)

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Programas\VSToolbar\VSToolBar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\m754\8738\WinXP\Setup.exe /SPEAKER

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [Xuixed] C:\Program Files\Moywcc\Fbvn.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\gui1.exe

O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe

O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe

O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe

O4 - Global Startup: Activar programa de Leading Scroll.lnk = C:\Programas\Wireless Combo\MulMouse.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ?

O4 - Global Startup: Media Key.lnk = C:\Programas\Wireless Combo\MagicKey.exe

O4 - Global Startup: PASPortal.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nádia\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .xml: C:\Programas\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programas\RXToolBar\sfcont.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

[Shine 0]

Olá, Rebellion!

 

Vamos aos procedimentos:

 

1. Faça o download do Deldomains.zip

 

- Agora tire o DelDomains.inf do Deldomains.zip. Clique com o botão direito nele e clique em Instalar.

 

PS: Aparentemente nada vai acontecer, mas isso é normal

 

2. Vai em Executar e digite: services.msc

 

- Localize o serviço: Windows Log

 

- Dê um duplo clique e escolha Desativado. Clique também em Parar.

 

3. Vai em Iniciar > Painel de Controle > Adicionar/Remover Programas e desinstale:

 

VSToolbar

Internet Optimizer

RXToolBar

 

4. Faça o download do Killbox, descompacte-o e execute-o.

 

- Marque a opção Delete on Reboot.

 

- Agora copie os arquivos abaixo

(selecione e clique em Editar > Copiar).

 

C:\WINDOWS\system\smss.exe

C:\WINDOWS\system32\nvsvcd.exe

 

- Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

 

- Clique no botão . Responda Não à pergunta.

 

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso, pois você não terá acesso ao seu tópico

 

5. Reinicie o PC em entre em modo seguro (pressione F8 durante a inicialização e escolha modo seguro na tela de seleção)

 

6. Abra o HijackThis e clique em Do a system scan only.

 

- Marque somente as entradas abaixo e clique

 

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Programas\VSToolbar\VSToolBar.dll

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programas\RXToolBar\sfcont.dll

 

6. Abra novamente o HijackThis, clique em Open the Misc Tools Section

 

- Em Misc Tools clique em Delete an NT Service.

 

- Coloque: Windows Log e clique em OK

 

7. Localize e delete as pastas em negrito abaixo:

 

C:\Programas\VSToolbar

C:\Program Files\Internet Optimizer

C:\Programas\RXToolBar

 

8. Reinicie em modo normal

 

9. Depois faça um novo log do HijackThis e cole-o na sua resposta

 

 

C:\Program Files\Moywcc\Fbvn.exe

Reconhece essa pasta?

 

Abraços!

[Rebellion 0]

Obrigado, Shine

 

 

QUOTE

C:\Program Files\Moywcc\Fbvn.exe

 

Reconhece essa pasta?

 

N...e n me parece coisa boa... <_<

 

O novo log do Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:20:03, on 02-10-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

C:\Programas\Network Associates\Common Framework\FrameworkService.exe

c:\programas\mcafee.com\agent\mcdetect.exe

C:\Programas\Network Associates\VirusScan\Mcshield.exe

C:\Programas\Network Associates\VirusScan\VsTskMgr.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programas\Java\jre1.5.0\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\D-Tools\daemon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Network Associates\VirusScan\SHSTAT.EXE

C:\Programas\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Moywcc\Fbvn.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programas\Wireless Combo\MulMouse.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programas\Wireless Combo\MagicKey.exe

C:\Programas\DataStudio\PASPortal.exe

C:\Programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\PENSOFT\fquick32.exe

C:\PENSOFT\Quick95.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\PROGRA~1\Webshots\webshots.scr

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\Programas\Wireless Combo\OSD.EXE

C:\Programas\Wireless Combo\MagicWl.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\Nádia\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nádia\Application Data\Mozilla\Profiles\default\gxvcken2.slt\prefs.js)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\m754\8738\WinXP\Setup.exe /SPEAKER

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [Xuixed] C:\Program Files\Moywcc\Fbvn.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\gui1.exe

O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe

O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe

O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe

O4 - Global Startup: Activar programa de Leading Scroll.lnk = C:\Programas\Wireless Combo\MulMouse.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ?

O4 - Global Startup: Media Key.lnk = C:\Programas\Wireless Combo\MagicKey.exe

O4 - Global Startup: PASPortal.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nádia\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .xml: C:\Programas\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

[Shine 0]

Opa!!

 

Seu log não apresenta entradas maliciosas? Ainda há problemas?

 

Desabilite e reabilite a Restauração do Sistema para finalizar

 

C:\Program Files\Moywcc\Fbvn.exe

 

Reconhece essa pasta?

 

 

N...e n me parece coisa boa...

Então pode desinstalar...

 

Abraços!! :thumbsup:

[Rebellion 0]

:joia: Brigado mesmo...Eu axo que tenho mais uns kuantos problemas...pr exemplo...de vez em kuando a minha net cai e formam-se umas novas ligaçoes...cm nomes user13#######...depois pra voltar a ligar tenho k apagar as ligaçoes mas elas voltam sempre...outra coisa..tenho uma ligaçao xamada Coolweb..diz k é por bluethooth se n estou em erro..mas n me lembro d ter criado nada...ja tentei apaga-la...mas ela volta sempre tambem...n sei mesmo o k se passa...outra coisa é estar sempre a aparecer uma janela para instalar um tal winantiviros pt...abre montes de janelas e até um fixeiro para faxer download..é obvio k nunka instalei nem abir... :blush: Bem, Obrigadao por tudo mesmo :D :D

[Shine 0]

Oi, Rebellion.... :)

 

Vamos verificar:

 

1. Faça um scan online com: Activescan

 

Depois copie o resultado e cole-o na sua resposta.

 

Abraços!

[Rebellion 0]

:upset: Isto ta mesmo muito muito mau....nem sequer consigo fazer esse scan até ao fim..o internet explore fecha kuando tá a meio ou mesmo no principio...mas até a esse ponto ja tinha uns 200 e kk koisa virus, uns 140 e kk koisa spywares...8 dialers e outras coisas tb :cry: :cry: :cry: :cry: N sei kmo é k as coisas xegaram a este ponto..agora de repente apareu-me um tal d spyware quake...apareceram tollbars entre outras coisa :( :(Edit: ok instalei o spyware doctor e ele retirou-me uns 2000 e tal ficheiros infectados...ja n me aparece nada de spyware quake nem ds outros popups... pr enquanto.Agora ao faxer tal scan que voce m indicou, a pagina fecha na mesma quando mando executar uma pesquisa ao meu computador....

[Shine 0]

Opa!

 

1 - Baixe o CCleaner para fazer uma boa limpeza.

 

Apos o download, proceda com a instalação, em seguida abra o programa e execute a varredura.

 

- Clique em Analisar.

 

- Ao terminar o scan clique em Executar Cleaner para finalizar.

 

2. Tente fazer um scan online com:

http://www.kaspersky.com/virusscanner

 

Depois copie o resultado e cole-o na sua resposta.

 

Abraços!

[Rebellion 0]

Bem antes de mais queria pedir desculpa por n ter dito nada neste tempo todo....tive problemas com a net e etc....

 

Penso que deva postar outro log do hijackthis...

 

Logfile of HijackThis v1.99.1

Scan saved at 20:35:01, on 23-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\SiteAdvisor\6028\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programas\Java\jre1.5.0\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\D-Tools\daemon.exe

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TBLMOUSE.EXE

C:\Programas\SiteAdvisor\6028\SiteAdv.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Programas\Steam\Steam.exe

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\Wireless Combo\MulMouse.exe

C:\Programas\PC Connectivity Solution\ServiceLayer.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programas\Wireless Combo\MagicWl.exe

C:\Programas\DataStudio\PASPortal.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Webshots\webshots.scr

C:\WINDOWS\system32\svchost.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nádia\Application Data\Mozilla\Profiles\default\gxvcken2.slt\prefs.js)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\m754\8738\WinXP\Setup.exe /SPEAKER

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [siteAdvisor] C:\Programas\SiteAdvisor\6028\SiteAdv.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINDOWS\system32\Sims 2 Pets.exe

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vncfqyaf.dll",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [steam] "C:\Programas\Steam\Steam.exe" -silent

O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe

O4 - Startup: Registration .LNK = C:\Programas\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe

O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe

O4 - Global Startup: Activar programa de Leading Scroll.lnk = C:\Programas\Wireless Combo\MulMouse.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ?

O4 - Global Startup: Media Key.lnk = C:\Programas\Wireless Combo\MagicKey.exe

O4 - Global Startup: PASPortal.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nádia\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .xml: C:\Programas\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7DE3F44-6FD4-48F2-B74C-D43A8AA4DB20}: NameServer = 194.65.100.117

O18 - Protocol: grooveLocalGWS - (no CLSID) - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programas\SiteAdvisor\6028\SAService.exe

 

 

 

Obrigada

[Shine 0]

Olá....

 

Qual é exatamente o seu problema? Diga qual arquivo seu antivirus está detectando como malicioso.

 

1. Faça um scan online com: Activescan

 

Depois copie o resultado e cole-o na sua resposta

 

Abraços!

[Rebellion 0]

O antivirus virus detecta um "vundo"...mas n o consegue apagar...n detecta mais nd...depois o antispyware é k detecta outras coisinhas...remove-as mas pouco depois voltam...a internet tá super lenta...e estao sempre a aparecer popups dum errorsafe, winantiviruspt e amaena..salvo erro..ele n abre esse scan...abre mas pouco depois muda de pagina e passa para um desses popups...isto tenta fazer transferências desses tais popups e tudo :upset:

[Shine 0]

Opa!

 

Vamos fazer o seguinte:

 

Esse trojan Vundo é um malware difícil para remover, mas irei postar ao poucos os procedimentos para a remoção, e qualquer duvida fique a vontade para perguntar ok?

 

1. Baixe:

show-vundo.vbs

 

Execute-o, copie o resultado que encontrará em C:\vundo-bho.txt e depois cole-o na sua resposta para prosseguirmos.

 

Estarei no aguardo

 

Abraços!

[Rebellion 0]

Desculpe a demora....aqui está ela=================================================Relatório | BHOs, Winlogon Notify e AppInit_DLLs=================================================AppInit_DLLs-------------------------------------------------wbsys.dll-------------------------------------------------Browser Helper Objects-------------------------------------------------[HKLM\SOFTWARE\Classes\CLSID\{089FD14D-132B-48FC-8861-0048AE113215}\][indefinido] | [indefinido]C:\Programas\SiteAdvisor\6028\SiteAdv.dll[HKLM\SOFTWARE\Classes\CLSID\{3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4}\][indefinido] | [indefinido]C:\WINDOWS\system32\jkkheeb.dll[HKLM\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\]Groove GFS Browser Helper | [indefinido]C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL[HKLM\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\]scriptproxy | scriptproxyc:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll[HKLM\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\][indefinido] | [indefinido][indefinido][HKLM\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\]Windows Live Sign-in Helper | [indefinido]C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[HKLM\SOFTWARE\Classes\CLSID\{D285E44C-8D52-406B-92C7-4F8660278D6B}\][indefinido] | [indefinido]C:\WINDOWS\system32\sstqq.dll[HKLM\SOFTWARE\Classes\CLSID\{D38439EC-4A7F-42b4-90C2-D810D7778FDD}\][indefinido] | [indefinido]C:\WINDOWS\system32\fnplqine.dll[HKLM\SOFTWARE\Classes\CLSID\{EC0B8378-3D09-4680-BF36-958BB2DB5E8C}\][indefinido] | [indefinido][indefinido][HKLM\SOFTWARE\Classes\CLSID\{FD458AFB-E5D3-4203-8BE0-80084843D9B2}\][indefinido] | [indefinido]C:\WINDOWS\system32\mljji.dll-------------------------------------------------Winlogon Notify-------------------------------------------------[Padrão] crypt32chain : crypt32.dll[Padrão] cryptnet : cryptnet.dll[Padrão] cscdll : cscdll.dll[Nova] jkkheeb : jkkheeb.dll[Nova] mljji : C:\WINDOWS\system32\mljji.dll[Nova] rpcc : C:\WINDOWS\system32\rpcc.dll[Padrão] ScCertProp : wlnotify.dll[Padrão] Schedule : wlnotify.dll[Padrão] sclgntfy : sclgntfy.dll[Padrão] SensLogn : WlNotify.dll[Padrão] termsrv : wlnotify.dll[Nova] WBSrv : C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll[Nova] WgaLogon : WgaLogon.dll[Padrão] wlballoon : wlnotify.dll[Padrão] WRNotifier : WRLogonNTF.dllEsta NÃO É uma lista de arquivos maliciosos!Obrigado

[Shine 0]

Opa

 

Vamos aos procedimentos:

 

1. Faça download do Avenger

 

PS: Extraia os arquivos para a sua área de trabalho para ter fácil acesso.

 

Salve ou imprima estas instruções, pois vai ser preciso desconectar

 

Selecione e copie o texto dentro do QUOTE:

 

Files to delete:

C:\WINDOWS\system32\jkkheeb.dll

C:\WINDOWS\system32\sstqq.dll

C:\WINDOWS\system32\fnplqine.dll

C:\WINDOWS\system32\mljji.dll

C:\WINDOWS\system32\rpcc.dll

C:\WINDOWS\system32\Sims 2 Pets.exe

C:\WINDOWS\system32\vncfqyaf.dll

 

 

registry keys to delete:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D285E44C-8D52-406B-92C7-4F8660278D6B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D38439EC-4A7F-42b4-90C2-D810D7778FDD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD458AFB-E5D3-4203-8BE0-80084843D9B2}

HKLM\SOFTWARE\Classes\CLSID\{3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4}

HKLM\SOFTWARE\Classes\CLSID\{D285E44C-8D52-406B-92C7-4F8660278D6B}

HKLM\SOFTWARE\Classes\CLSID\{D38439EC-4A7F-42b4-90C2-D810D7778FDD}

HKLM\SOFTWARE\Classes\CLSID\{FD458AFB-E5D3-4203-8BE0-80084843D9B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkheeb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljji

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc

 

Programs to launch on reboot:

C:\HiJackThis\HijackThis.exe

 

Rode o Avenger. Selecione Input script manually.

 

2. Depos clique no ícone . Irá abrir a janela View/edit script e então cole o que copiou dentro do QUOTE.

 

3. Clique em Done. Agora clique no ícone para começar a execução do script. Dê o Sim (Yes).

 

Ps: Ao acabar de rodar o script o seu computador será reiniciado normalmente.

 

Após reiniciar seu compurtador, o programa HijackThis irá abrir[/color]

 

- Clique em Do a system scan only.

 

- Marque SOMENTE as entradas abaixo e clique

 

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINDOWS\system32\Sims 2 Pets.exe

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vncfqyaf.dll",setvm

 

4. Depois faça um novo log do HijackThis e cole-o na sua resposta, juntamente com o avenger.txt que encontrará em C:\

 

Abraços!

[Rebellion 0]

Obrigada...

 

Logfile of HijackThis v1.99.1

Scan saved at 20:15:55, on 15-03-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\SiteAdvisor\6028\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programas\Java\jre1.5.0\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\D-Tools\daemon.exe

C:\Programas\Java\jre1.5.0\bin\jucheck.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\SiteAdvisor\6028\SiteAdv.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Programas\Steam\Steam.exe

C:\Programas\PC Connectivity Solution\ServiceLayer.exe

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\Wireless Combo\MulMouse.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programas\Wireless Combo\MagicWl.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\DataStudio\PASPortal.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Webshots\webshots.scr

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nádia\Application Data\Mozilla\Profiles\default\gxvcken2.slt\prefs.js)

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C802B0D6-1254-4377-A822-D906B29E6F0c} - C:\WINDOWS\system32\gpndyqxb.dll

O2 - BHO: (no name) - {EC0B8378-3D09-4680-BF36-958BB2DB5E8C} - (no file)

O2 - BHO: (no name) - {EC9170D4-5EE6-45E0-9D0D-B6C8968CA02F} - C:\WINDOWS\system32\mljji.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\m754\8738\WinXP\Setup.exe /SPEAKER

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [siteAdvisor] C:\Programas\SiteAdvisor\6028\SiteAdv.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [steam] "C:\Programas\Steam\Steam.exe" -silent

O4 - Startup: Quick StartUp.lnk = ?

O4 - Startup: Registration .LNK = C:\Programas\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Startup: Start.lnk = ?

O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe

O4 - Global Startup: Activar programa de Leading Scroll.lnk = C:\Programas\Wireless Combo\MulMouse.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ?

O4 - Global Startup: Media Key.lnk = ?

O4 - Global Startup: PASPortal.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nádia\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .xml: C:\Programas\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_br.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7DE3F44-6FD4-48F2-B74C-D43A8AA4DB20}: NameServer = 194.65.100.117

O18 - Protocol: grooveLocalGWS - (no CLSID) - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programas\SiteAdvisor\6028\SAService.exe

 

 

 

 

AVENGER

 

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\nbdxpwns

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\mfbvfcgh.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\jkkheeb.dll not found!

Deletion of file C:\WINDOWS\system32\jkkheeb.dll failed!

 

Could not process line:

C:\WINDOWS\system32\jkkheeb.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\sstqq.dll not found!

Deletion of file C:\WINDOWS\system32\sstqq.dll failed!

 

Could not process line:

C:\WINDOWS\system32\sstqq.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\fnplqine.dll deleted successfully.

 

 

File C:\WINDOWS\system32\mljji.dll not found!

Deletion of file C:\WINDOWS\system32\mljji.dll failed!

 

Could not process line:

C:\WINDOWS\system32\mljji.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\rpcc.dll deleted successfully.

 

 

File C:\WINDOWS\system32\Sims 2 Pets.exe not found!

Deletion of file C:\WINDOWS\system32\Sims 2 Pets.exe failed!

 

Could not process line:

C:\WINDOWS\system32\Sims 2 Pets.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\vncfqyaf.dll not found!

Deletion of file C:\WINDOWS\system32\vncfqyaf.dll failed!

 

Could not process line:

C:\WINDOWS\system32\vncfqyaf.dll

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D285E44C-8D52-406B-92C7-4F8660278D6B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D38439EC-4A7F-42b4-90C2-D810D7778FDD} deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD458AFB-E5D3-4203-8BE0-80084843D9B2} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD458AFB-E5D3-4203-8BE0-80084843D9B2} failed!

Status: 0xc0000034

 

Registry key HKLM\SOFTWARE\Classes\CLSID\{3AA7DDC9-10BE-4B33-ABC1-B80C3646DAD4} deleted successfully.

Registry key HKLM\SOFTWARE\Classes\CLSID\{D285E44C-8D52-406B-92C7-4F8660278D6B} deleted successfully.

Registry key HKLM\SOFTWARE\Classes\CLSID\{D38439EC-4A7F-42b4-90C2-D810D7778FDD} deleted successfully.

 

 

Registry key HKLM\SOFTWARE\Classes\CLSID\{FD458AFB-E5D3-4203-8BE0-80084843D9B2} not found!

Deletion of registry key HKLM\SOFTWARE\Classes\CLSID\{FD458AFB-E5D3-4203-8BE0-80084843D9B2} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkheeb not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkheeb failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljji not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljji failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc deleted successfully.

Program C:\HiJackThis\HijackThis.exe successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[Rebellion 0]

Ah e o scan do activescan:Incident Status Location Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6Z_0001_D19M0709NetInstaller.exe Adware:adware/searchexe Not disinfected Windows Registry Virus:Trj/BHO.A Disinfected C:\avenger\backup.zip[avenger/fnplqine.dll] Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Daia\Cookies\daia@cdfreaks[1].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Daia\Cookies\daia@club.cdfreaks[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[stats.drivecleaner.com/] Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.ig.com.br/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[server.iad.liveperson.net/hc/15527479] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nádia\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@888[3].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@adserver.terra[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@atdmt[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@azjmp[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@cassava[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@cgi-bin[2].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@clickbank[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@com[2].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@counter.hitslink[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@de.uol.com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@errorsafe[1].txt Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@fl01.ct2.comclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@ig.com[1].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@stat.onestat[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@stats.drivecleaner[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@stats1.reliablestats[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@statse.webtrendslive[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@toplist[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@uol.com[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@weborama[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@winantivirus[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@www.drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@www.errorsafe[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nádia\Cookies\nádia@xiti[1].txt Virus:W32/Polipos.A Renamed C:\Documents and Settings\Nádia\Definições locais\Application Data\Microsoft\Messenger\daia_calixto@hotmail.com\Sharing Folders\acardoso1990@hotmail.com\Photoshop 7.0\ImageReady_exe.vir Virus:W32/Polipos.A Renamed C:\Documents and Settings\Nádia\Definições locais\Application Data\Microsoft\Messenger\daia_calixto@hotmail.com\Sharing Folders\acardoso1990@hotmail.com\Photoshop 7.0\ImageReady_exe_vir0.vir Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\Cache\6F0BFF4Ad01 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Nádia\Definições locais\Application Data\Mozilla\Firefox\Profiles\cuexbf8l.default\Cache\DEC73049d01 Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\Cookies\nádia@clickbank[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\Cookies\nádia@toplist[1].txt Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\ICD1.tmp\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\ICD2.tmp\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\ICD3.tmp\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\ICD4.tmp\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\ICD5.tmp\UDC6Z_0001_D19M0709NetInstaller.exe Virus:Trj/Agent.DSO Disinfected C:\Documents and Settings\Nádia\Definições locais\Temp\~DP5EC.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Virus:W32/Polipos.A Renamed C:\Programas\Adobe\Photoshop 7.0\ImageReady_exe.vir Virus:W32/Polipos.A Renamed C:\Programas\Adobe\Photoshop 7.0\ImageReady_exe.vir0 Virus:Trj/SpaBot.AI Disinfected C:\Programas\eMule\Incoming\Daz3D Starlet Hair Ps Ac1613B For Poser-Mas.zip[DAZ3D.Starlet.Hair.ps_ac1613b.for.Poser-MAS/Daz3D - ps_ac1613b - Starlet Hair.exe] Virus:W32/Puce.F.worm Not disinfected C:\Programas\eMule\Incoming\Hide.IP.Platinum.v3.31.Multilangages.Incl-Keygen updated-fixed Release 12-2006.rar[setup.exe] Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\bmpfqqat.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\cpgamhcp.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\pvyrpdox.exe.bad Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UDC6Z_0001_D19M0709NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UERSZ_0001_N91M2407NetInstaller.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UERSZ_0001_N91M2407NetInstaller.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\dr.exe Virus:Trj/Agent.DSO Disinfected C:\WINDOWS\nvchost.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\aygewplt.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\bjpgbrky.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\cwtmcuhy.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\dernlgws.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\dxwnujvo.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\egxddejx.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\fwcagtjt.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\gjismfmj.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\gkokqjoj.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\hmxvlsnf.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\icgchpmk.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\iiwwgrww.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\imeypjkq.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\irsfsnns.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\isucnepd.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\knmsbjra.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\kubdcana.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\mkojahic.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\mktuohbe.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\nbagdhmx.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\opjcqxwh.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\pattfmhl.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\prgrgbft.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\qkrkcyry.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\sjcxcfur.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\taoffwgc.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\uesjryff.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\vavyjacw.dll Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\xkrenbfq.dll Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\user32.exe

[Shine 0]

Opa!

 

Tem um arquivo desconhecido, vamos fazer um análise para ter certeza se não é malicioso.

 

- Acesse o site Virus Total e envie o arquivo abaixo para análise:

 

C:\WINDOWS\system32\gpndyqxb.dll

 

- Clique em SEND

 

PS: Aguarde com paciencia, pois pode demorar um pouco.

 

- Copie o resultado e cole-o na sua resposta.

 

 

=======

 

 

Depois faça os procedimentos abaixo:

 

 

1. Baixe o CCleaner

 

PS: Apos o download, proceda com a instalação, mas não o execute ainda.

 

2. Execute o Killbox

 

- Marque a opção Delete on Reboot.

 

- Agora copie os arquivos abaixo

(selecione e clique em Editar > Copiar).

 

C:\WINDOWS\user32.exe

C:\WINDOWS\dr.exe

 

- Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

 

- Clique no botão . Responda Não à pergunta.

 

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso, pois você não terá acesso ao seu tópico

 

3. Reinicie o PC em entre em modo seguro (pressione F8 durante a inicialização e escolha modo seguro na tela de seleção)

 

4. Abra o HijackThis e clique em Do a system scan only.

 

- Marque SOMENTE a entrada abaixo e clique

 

O2 - BHO: (no name) - {EC9170D4-5EE6-45E0-9D0D-B6C8968CA02F} - C:\WINDOWS\system32\mljji.dll (file missing)

 

5. Execute Ccleaner

 

- Clique em Analisar.

 

- Ao terminar o scan clique em Executar Cleaner para finalizar.

 

PS: Caso não queira apagar as paginas visitadas pelo seu navegador, desmarque a opção "Historico".

 

6. Reinicie em modo normal

 

7. Depois faça um novo log do HijackThis e cole-o na sua resposta

 

Abraços!

[Rebellion 0]

STATUS: FINISHED

Complete scanning result of "gpndyqxb.dll", received in VirusTotal at 03.28.2007, 16:52:00 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.3.27.0 03.28.2007 Win-Trojan/Klone.132096

AntiVir 7.3.1.44 03.28.2007 TR/Dldr.ConHook.Gen

Authentium 4.93.8 03.28.2007 no virus found

Avast 4.7.936.0 03.28.2007 no virus found

AVG 7.5.0.447 03.27.2007 Generic3.KOE

BitDefender 7.2 03.28.2007 Trojan.BHO.AL

CAT-QuickHeal 9.00 03.27.2007 Trojan.Klone.j

ClamAV devel-20070312 03.28.2007 no virus found

DrWeb 4.33 03.28.2007 no virus found

eSafe 7.0.14.0 03.27.2007 Win32.Klone.j

eTrust-Vet 30.6.3518 03.28.2007 Win32/Vundo.CG

Ewido 4.0 03.28.2007 Adware.BHO

FileAdvisor 1 03.28.2007 Not analyzed yet

Fortinet 2.85.0.0 03.28.2007 no virus found

F-Prot 4.3.1.45 03.28.2007 no virus found

F-Secure 6.70.13030.0 03.28.2007 Packed.Win32.Klone.j

Ikarus T3.1.1.3 03.28.2007 not-a-virus:AdWare.Win32.Virtumonde

Kaspersky 4.0.2.24 03.28.2007 Packed.Win32.Klone.j

McAfee 4993 03.27.2007 no virus found

Microsoft 1.2306 03.28.2007 no virus found

NOD32v2 2150 03.28.2007 Win32/Adware.BHO.V

Norman 5.80.02 03.28.2007 W32/Vundo.gen7

Panda 9.0.0.4 03.28.2007 Bck/Diazom.AP

Prevx1 V2 03.28.2007 no virus found

Sophos 4.15.0 03.27.2007 no virus found

Sunbelt 2.2.907.0 03.24.2007 no virus found

Symantec 10 03.28.2007 Trojan Horse

TheHacker 6.1.6.080 03.23.2007 Trojan/Klone.j

UNA 1.83 03.16.2007 no virus found

VBA32 3.11.2 03.27.2007 Application.Win32.Adware.BHO.V

VirusBuster 4.3.7:9 03.27.2007 Trojan.DL.Conhook.AS

Webwasher-Gateway 6.0.1 03.28.2007 Trojan.Dldr.ConHook.Gen

 

 

Aditional Information

File size: 132116 bytes

MD5: 08de383d78522f62dd84267cc612a974

SHA1: 91269343d35b0f0d9bb857124e418557e32cfb1a

packers: MORPHINE

Bit9 info: http://fileadvisor.bit9.com/services/extin...d84267cc612a974

packers: Morphine

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:46:36, on 28-03-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programas\Java\jre1.5.0\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\D-Tools\daemon.exe

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\SiteAdvisor\6028\SiteAdv.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Programas\Wireless Combo\MulMouse.exe

C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

C:\Programas\Wireless Combo\MagicWl.exe

C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

C:\Programas\DataStudio\PASPortal.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\Webshots\webshots.scr

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Programas\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\SiteAdvisor\6028\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Nádia\Application Data\Mozilla\Profiles\default\gxvcken2.slt\prefs.js)

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C802B0D6-1254-4377-A822-D906B29E6F0c} - C:\WINDOWS\system32\gpndyqxb.dll

O2 - BHO: (no name) - {EC0B8378-3D09-4680-BF36-958BB2DB5E8C} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [C-Media Speaker Configuration] E:\m754\8738\WinXP\Setup.exe /SPEAKER

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [siteAdvisor] C:\Programas\SiteAdvisor\6028\SiteAdv.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [OM_Monitor] C:\Programas\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [steam] "C:\Programas\Steam\Steam.exe" -silent

O4 - Startup: Quick StartUp.lnk = ?

O4 - Startup: Registration .LNK = C:\Programas\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Startup: Start.lnk = ?

O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe

O4 - Global Startup: Activar programa de Leading Scroll.lnk = C:\Programas\Wireless Combo\MulMouse.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Programas\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ?

O4 - Global Startup: Media Key.lnk = ?

O4 - Global Startup: PASPortal.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nádia\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .xml: C:\Programas\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_br.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7DE3F44-6FD4-48F2-B74C-D43A8AA4DB20}: NameServer = 194.65.100.117

O18 - Protocol: grooveLocalGWS - (no CLSID) - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programas\SiteAdvisor\6028\SiteAdv.dll

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: McAfee Application Installer Cleanup (0119201174947008) (0119201174947008mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP11920~1.EXE (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHEI~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programas\Ficheiros comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programas\ficheiros comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programas\SiteAdvisor\6028\SAService.exe

[Shine 0]

Olá!

 

Vamos aos procedimentos:

 

1. Baixe o VundoFix para sua área de trabalho:

http://www.atribune.org/public-beta/VundoFix.exe

 

- Execute o Vundofix.exe

 

- Assim que reabrir, clique no botão Scan for Vundo.

 

Ao final do scan, clique no botão Remove Vundo. Quando aparecer o aviso perguntando se quer remover os arquivos, clique em Sim (Yes).

 

PS: O desktop poderá sumir, mas é normal.

 

Quando acabar a remoção, aparecerá um aviso para desligar o computador, clique em OK.

 

2. Depois gere um novo log do HijackThis e cole-o na sua resposta.

 

PS: Localize o log do VundoFix no C:\ arquivo chamado vundofix.txt e cole na sua resposta.

 

Abraços!

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.