Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

manta

[Arquivado] Teamspeak = Socket error#11004

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

manta    0

manta
Postado

galera.... eu to com um problemao aqui... sempre q tento conectar em algum servidor do TS da um socket error #11004 :upset:

usei o hijack e o log deu nisso:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:05:03, on 28/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\SYSTEM32\RAMASST.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {24314BB4-B790-3FC5-9D28-03FBB413591F} - C:\WINDOWS\system32\qxbtmre.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [k0UHDgJ] C:\WINDOWS\uqnwuju.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Hnqucui] C:\Program Files\Vvsq\Xgexb.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\ARQUIV~1\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Arquivos de programas\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [080acaea.exe] C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos80acaea.exe

O4 - HKCU\..\Run: [Lrap] "C:\WINDOWS\system32\MANTEC~1\regsvr32.exe" -vt yazb

O4 - HKCU\..\Run: [utss] "C:\WINDOWS\system32\CURITY~1\wuaclt.exe" -vt yazb

O4 - HKCU\..\Run: [DW4] "C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

O4 - Startup: 3DO - Might and Magic VII Registration.lnk = C:\Arquivos de programas\3DO\Might and Magic VII\Register\Remind32.exe

O4 - Startup: .protected

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: .protected

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD6CFA6-9E14-4976-8A26-4355CF434FD6}: NameServer = 200.149.55.142 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\comHost.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa manta,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

manta    0

manta
Postado

entao jgarcia... vlw pela resposta rapida =)

eu fiz tudo como recomendado... usei o vundofix q nao achou nada pra consertar =/

aqui ta o log dele:

VundoFix V6.3.18Checking Java version...Sun Java not detectedScan started at 18:27:11 28/3/2007Listing files found while scanning....No infected files were found.Beginning removal...

 

e aqui o log do hijack:

 

Logfile of HijackThis v1.99.1Scan saved at 22:47:50, on 28/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeC:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\QuickTime\qttask.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SYSTEM32\RAMASST.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\FinePixViewer\QuickDCF.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXEC:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\system32\cidaemon.exeC:\Program Files\HijackThis\HijackThis.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {24314BB4-B790-3FC5-9D28-03FBB413591F} - C:\WINDOWS\system32\qxbtmre.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dllO3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLLO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [k0UHDgJ] C:\WINDOWS\uqnwuju.exeO4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Hnqucui] C:\Program Files\Vvsq\Xgexb.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\ARQUIV~1\SYMNET~1\SNDMon.exe" /ConsumerO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Arquivos de programas\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SpySweeper] C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintrayO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [080acaea.exe] C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos80acaea.exeO4 - HKCU\..\Run: [Lrap] "C:\WINDOWS\system32\MANTEC~1\regsvr32.exe" -vt yazbO4 - HKCU\..\Run: [Utss] "C:\WINDOWS\system32\CURITY~1\wuaclt.exe" -vt yazbO4 - HKCU\..\Run: [DW4] "C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"O4 - Startup: 3DO - Might and Magic VII Registration.lnk = C:\Arquivos de programas\3DO\Might and Magic VII\Register\Remind32.exeO4 - Startup: .protectedO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Exif Launcher.lnk = ?O4 - Global Startup: .protectedO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htmO8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htmO8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htmO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)O11 - Options group: [INTERNATIONAL] International*O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AAD6CFA6-9E14-4976-8A26-4355CF434FD6}: NameServer = 200.149.55.142 200.165.132.155O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ccPwdSvc.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\comHost.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exeO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

 

e ainda nao funciona o TS =/

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa manta,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\qxbtmre.dll

C:\WINDOWS\system32\wineij32.dll

C:\WINDOWS\uqnwuju.exe

C:\Program Files\Vvsq\Xgexb.exe

C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos80acaea.exe

C:\WINDOWS\system32\MANTEC~1\regsvr32.exe

C:\WINDOWS\system32\CURITY~1\wuaclt.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {24314BB4-B790-3FC5-9D28-03FBB413591F} - C:\WINDOWS\system32\qxbtmre.dll (file missing)

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM\..\Run: [k0UHDgJ] C:\WINDOWS\uqnwuju.exe

O4 - HKLM\..\Run: [Hnqucui] C:\Program Files\Vvsq\Xgexb.exe

O4 - HKCU\..\Run: [080acaea.exe] C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos80acaea.exe

O4 - HKCU\..\Run: [Lrap] "C:\WINDOWS\system32\MANTEC~1\regsvr32.exe" -vt yazb

O4 - HKCU\..\Run: [utss] "C:\WINDOWS\system32\CURITY~1\wuaclt.exe" -vt yazb

O4 - Startup: .protected

O4 - Global Startup: .protected

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Program Files\Vvsq <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

manta    0

manta
Postado

fala ae jgarcia... vlw ae pela paciencia =)

 

olha so... foi feito tudo como indicado, porem uma coisa nao ocorreu como esperado.

no modo de segurança ao executar o hijackthis e dar o fix nos itens indicados, o item abaixo nao conseguiu ser deletado, foi dito q ele estava sendo usado.... mas nao tinha nada sendo usado no momento.... só o hijackthis :o

O4 - Startup: .protected

 

 

o resto deu tudo como esperado, porem o erro insite em aparecer =/

 

abaixo esta o log... vou fazer uns testes aqui e ver se da certo, mas da uma olhada pra mim porfavor pq eu nao saco nada desse log :thumbsup:

 

Logfile of HijackThis v1.99.1Scan saved at 01:22:59, on 30/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exeC:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exeC:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SYSTEM32\RAMASST.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\HijackThis\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dllO3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\ARQUIV~1\SYMNET~1\SNDMon.exe" /ConsumerO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Arquivos de programas\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [DW4] "C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"O4 - Startup: .protectedO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Exif Launcher.lnk = ?O4 - Global Startup: .protectedO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AAD6CFA6-9E14-4976-8A26-4355CF434FD6}: NameServer = 200.149.55.142 200.165.132.155O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ccPwdSvc.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\comHost.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exeO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa manta,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Reabilite o seu anti-vírus;

 

10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Shine    0

Shine
Postado

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito