[Resolvido!]Páginas abrem sozinhas...

[Ricardo José 0]

Boa dia pessoal

 

Estou com um problema no meu PC anda aparecendo varias páginas que nunca vi.. algumas estao vendindo antivirus, ja passei Antivirus - cclenear - Windows defender mais meu problema continua estou encaminhando meu log para analise agradeco desde já a ajuda ...

Vlw ..

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:49:41, on 9/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 108.112.42.206 ad.doubleclick.net

O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com

O1 - Hosts: 106.62.59.13 report.bitdefender.com

O1 - Hosts: 178.95.95.213 ad.fastclick.net

O1 - Hosts: 107.116.117.138 ads.fastclick.net

O1 - Hosts: 174.15.27.94 ar.atwola.com

O1 - Hosts: 115.27.183.221 atdmt.com

O1 - Hosts: 183.97.110.57 avp.ch

O1 - Hosts: 114.153.7.176 avp.com

O1 - Hosts: 179.51.181.210 avp.ru

O1 - Hosts: 108.15.197.227 awaps.net

O1 - Hosts: 180.66.164.240 banner.fastclick.net

O1 - Hosts: 112.56.109.230 banners.fastclick.net

O1 - Hosts: 177.137.61.67 ca.com

O1 - Hosts: 111.18.29.102 www.ca.com

O1 - Hosts: 180.140.140.115 click.atdmt.com

O1 - Hosts: 104.148.31.185 clicks.atdmt.com

O1 - Hosts: 100.96.64.129 dispatch.mcafee.com

O1 - Hosts: 183.2.101.136 download.mcafee.com

O1 - Hosts: 104.210.98.148 download. microsoft.com

O1 - Hosts: 181.159.189.68 downloads.microsoft.com

O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com

O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com

O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com

O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com

O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com

O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com

O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com

O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com

O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com

O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com

O1 - Hosts: 111.57.62.146 engine.awaps.net

O1 - Hosts: 179.113.96.3 f-secure.com

O1 - Hosts: 100.178.73.135 fastclick.net

O1 - Hosts: 182.38.71.88 ftp.avp.ch

O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 186.39.46.12 ftp.f-secure.com

O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru

O1 - Hosts: 174.100.75.218 ftp.sophos.com

O1 - Hosts: 111.138.97.30 go.microsoft.com

O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com

O1 - Hosts: 110.101.147.64 kaspersky-labs.com

O1 - Hosts: 182.218.134.18 kaspersky.com

O1 - Hosts: 115.84.151.31 mast.mcafee.com

O1 - Hosts: 185.0.220.131 mcafee.com

O1 - Hosts: 109.92.142.185 media.fastclick.net

O1 - Hosts: 176.171.191.233 msdn.microsoft.com

O1 - Hosts: 103.113.37.211 my-etrust.com

O1 - Hosts: 180.172.202.29 nai.com

O1 - Hosts: 115.89.143.98 networkassociates.com

O1 - Hosts: 174.46.37.27 office.microsoft.com

O1 - Hosts: 109.188.51.100 phx.corporate-ir.net

O1 - Hosts: 185.45.204.116 rads.mcafee.com

O1 - Hosts: 109.120.41.223 secure.nai.com

O1 - Hosts: 109.170.21.186 spd.atdmt.com

O1 - Hosts: 187.58.188.136 support.microsoft.com

O1 - Hosts: 176.188.88.223 trendmicro.com

O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com

O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com

O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com

O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com

O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com

O1 - Hosts: 177.164.21.164 us.mcafee.com

O1 - Hosts: 104.191.68.232 vil.nai.com

O1 - Hosts: 178.104.12.229 viruslist.com

O1 - Hosts: 115.45.29.170 viruslist.ru

O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com

O1 - Hosts: 101.14.104.106 www.avp.ch

O1 - Hosts: 187.220.183.234 www.avp.com

O1 - Hosts: 106.32.32.175 www.avp.ru

O1 - Hosts: 186.54.74.45 www.awaps.net

O1 - Hosts: 101.143.19.123 www.ca.com

O1 - Hosts: 174.32.86.13 www.f-secure.com

O1 - Hosts: 105.116.161.207 www.fastclick.net

O1 - Hosts: 181.161.67.179 www.grisoft.com

O1 - Hosts: 112.172.26.189 www.kaspersky-labs.com

O1 - Hosts: 184.209.149.39 www.kaspersky.com

O1 - Hosts: 101.182.189.240 www.kaspersky.ru

O1 - Hosts: 173.37.26.35 www.mcafee.com

O1 - Hosts: 112.46.139.229 www.my-etrust.com

O1 - Hosts: 178.225.214.176 www.nai.com

O1 - Hosts: 108.150.114.26 www.networkassociates.com

O1 - Hosts: 178.182.181.42 www.sophos.com

O1 - Hosts: 185.128.102.236 www.trendmicro.com

O1 - Hosts: 106.65.196.108 www.viruslist.com

O1 - Hosts: 179.223.125.67 www.viruslist.ru

O1 - Hosts: 103.38.35.138 www3.ca.com

O1 - Hosts: 175.24.52.173 avp.ch

O1 - Hosts: 112.167.176.41 avp.com

O1 - Hosts: 181.132.72.29 avp.ru

O1 - Hosts: 108.51.94.92 awaps.net

O1 - Hosts: 184.196.64.44 f-secure.com

O1 - Hosts: 102.35.134.158 fastclick.net

O1 - Hosts: 175.33.199.87 grisoft.com

O1 - Hosts: 105.9.199.125 kaspersky-labs.com

O1 - Hosts: 175.26.38.236 kaspersky.com

O1 - Hosts: 113.214.19.103 kaspersky.ru

O1 - Hosts: 181.92.116.12 mcafee.com

O1 - Hosts: 110.211.91.110 my-etrust.com

O1 - Hosts: 185.156.136.247 nai.com

O1 - Hosts: 113.44.133.254 networkassociates.com

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\vxmcaaup.dll",forkonce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.com.br/erv2/vagas/activex/smsx.cab

O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

Ricardo

[jgarcia 1]

Opa Ricardo José,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

[Ricardo José 0]

Boa noite José Garcia

 

Muito obrigado pela ajuda segue os logs como solicitado:

 

 

VundoFix V6.5.4

 

Checking Java version...

 

Sun Java not detected

Scan started at 20:13:27 10/7/2007

 

Listing files found while scanning....

 

C:\windows\system32\aawhlisv.ini

C:\windows\system32\gebbxyw.dll

C:\WINDOWS\system32\ijllm.bak2

C:\WINDOWS\system32\ijllm.ini

C:\WINDOWS\system32\ijllm.ini2

C:\WINDOWS\system32\ijllm.tmp

C:\WINDOWS\system32\mdeobbth.dll

C:\WINDOWS\system32\mllji.dll

C:\WINDOWS\system32\vsilhwaa.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\aawhlisv.ini

C:\windows\system32\aawhlisv.ini Has been deleted!

 

Attempting to delete C:\windows\system32\gebbxyw.dll

C:\windows\system32\gebbxyw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijllm.bak2

C:\WINDOWS\system32\ijllm.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijllm.ini

C:\WINDOWS\system32\ijllm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijllm.ini2

C:\WINDOWS\system32\ijllm.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ijllm.tmp

C:\WINDOWS\system32\ijllm.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mdeobbth.dll

C:\WINDOWS\system32\mdeobbth.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mllji.dll

C:\WINDOWS\system32\mllji.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vsilhwaa.dll

C:\WINDOWS\system32\vsilhwaa.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:04:58, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 178.73.132.50 trendmicro.com

O1 - Hosts: 104.152.134.206 viruslist.com

O1 - Hosts: 174.25.193.182 viruslist.ru

O1 - Hosts: 100.58.33.218 www3.ca.com

O1 - Hosts: 102.158.3.18 akamai.net

O1 - Hosts: 179.147.199.183 www.antivir.de

O1 - Hosts: 105.108.119.104 antivir.de

O1 - Hosts: 181.87.27.164 drweb.com

O1 - Hosts: 110.60.112.152 www.drweb.com

O1 - Hosts: 173.72.89.247 drweb.ru

O1 - Hosts: 111.44.59.160 www.ravantivirus.com

O1 - Hosts: 177.51.6.174 ravantivirus.com

O1 - Hosts: 105.20.84.201 bitdefender.com

O1 - Hosts: 184.57.115.18 www.bitdefender.com

O1 - Hosts: 111.9.106.84 www.clamav.net

O1 - Hosts: 179.134.219.18 clamav.net

O1 - Hosts: 113.105.150.225 pandasoftware.com

O1 - Hosts: 184.14.192.135 www.pandasoftware.com

O1 - Hosts: 104.26.34.150 ftpav.ca.com

O1 - Hosts: 178.40.61.175 upgrade.bitdefender.com

O1 - Hosts: 104.145.107.4 www.bitdefender.ru

O1 - Hosts: 186.223.18.161 bitdefender.ru

O1 - Hosts: 100.125.216.116 open.by

O1 - Hosts: 175.210.118.4 vba32.de

O1 - Hosts: 106.43.202.48 www.open.by

O1 - Hosts: 114.221.90.151 lavasoft.de

O1 - Hosts: 187.158.9.42 lavasoft.com

O1 - Hosts: 176.168.161.132 rs01.avast.com

O1 - Hosts: 113.196.23.53 sm01.avast.com

O1 - Hosts: 173.85.201.82 rs02.avast.com

O1 - Hosts: 100.83.75.234 sm02.avast.com

O1 - Hosts: 178.94.124.98 rs03.avast.com

O1 - Hosts: 115.115.189.31 sm03.avast.com

O1 - Hosts: 179.82.30.213 rs04.avast.com

O1 - Hosts: 108.6.5.208 sm04.avast.com

O1 - Hosts: 184.166.75.163 rs05.avast.com

O1 - Hosts: 109.98.190.168 sm05.avast.com

O1 - Hosts: 185.166.221.212 rs06.avast.com

O1 - Hosts: 101.71.169.118 sm06.avast.com

O1 - Hosts: 183.68.192.179 rs07.avast.com

O1 - Hosts: 113.156.186.65 sm07.avast.com

O1 - Hosts: 173.216.20.157 rs08.avast.com

O1 - Hosts: 115.25.97.195 sm08.avast.com

O1 - Hosts: 185.172.91.117 rs09.avast.com

O1 - Hosts: 103.56.26.4 sm09.avast.com

O1 - Hosts: 187.21.191.24 rs10.avast.com

O1 - Hosts: 106.135.126.37 sm10.avast.com

O1 - Hosts: 186.92.191.182 rs11.avast.com

O1 - Hosts: 101.151.218.40 sm11.avast.com

O1 - Hosts: 182.12.173.157 rs12.avast.com

O1 - Hosts: 102.44.86.6 sm12.avast.com

O1 - Hosts: 187.177.109.41 rs13.avast.com

O1 - Hosts: 100.135.39.7 sm13.avast.com

O1 - Hosts: 183.4.26.28 rs14.avast.com

O1 - Hosts: 109.152.56.132 sm14.avast.com

O1 - Hosts: 174.22.52.47 rs15.avast.com

O1 - Hosts: 112.44.76.101 sm15.avast.com

O1 - Hosts: 176.24.2.108 rs16.avast.com

O1 - Hosts: 104.88.100.68 sm16.avast.com

O1 - Hosts: 175.209.96.55 rs17.avast.com

O1 - Hosts: 108.136.54.58 sm17.avast.com

O1 - Hosts: 182.81.75.62 rs18.avast.com

O1 - Hosts: 100.132.172.31 sm18.avast.com

O1 - Hosts: 183.224.68.115 rs19.avast.com

O1 - Hosts: 103.144.191.113 sm19.avast.com

O1 - Hosts: 184.193.195.14 rs20.avast.com

O1 - Hosts: 103.69.72.110 sm20.avast.com

O1 - Hosts: 176.169.145.194 rs21.avast.com

O1 - Hosts: 105.200.223.248 sm21.avast.com

O1 - Hosts: 176.72.49.72 rs22.avast.com

O1 - Hosts: 105.200.136.24 sm22.avast.com

O1 - Hosts: 184.106.33.253 rs23.avast.com

O1 - Hosts: 112.106.95.4 sm23.avast.com

O1 - Hosts: 176.15.175.146 rs24.avast.com

O1 - Hosts: 115.172.124.52 sm24.avast.com

O1 - Hosts: 174.173.108.253 rs25.avast.com

O1 - Hosts: 111.199.132.183 sm25.avast.com

O1 - Hosts: 181.141.199.236 rs26.avast.com

O1 - Hosts: 108.110.4.67 sm26.avast.com

O1 - Hosts: 187.38.57.188 rs27.avast.com

O1 - Hosts: 110.153.170.218 sm27.avast.com

O1 - Hosts: 184.120.97.180 rs28.avast.com

O1 - Hosts: 104.221.204.97 sm28.avast.com

O1 - Hosts: 184.87.84.126 rs29.avast.com

O1 - Hosts: 113.158.156.12 sm29.avast.com

O1 - Hosts: 175.137.116.58 rs30.avast.com

O1 - Hosts: 106.89.171.42 sm30.avast.com

O1 - Hosts: 181.63.155.14 downloadhosting.core.ignum.cz

O1 - Hosts: 108.171.61.165 download25.avast.com

O1 - Hosts: 180.78.122.242 www.avast.com

O1 - Hosts: 105.94.46.61 avast.com

O1 - Hosts: 177.128.188.27 avira.com

O1 - Hosts: 104.119.33.105 www.avira.com

O1 - Hosts: 100.89.152.164 zak.avira.com

O1 - Hosts: 183.81.157.57 downloads.avira.com

O1 - Hosts: 101.219.196.161 www.clamwin.com

O1 - Hosts: 177.93.131.172 clamwin.com

O1 - Hosts: 113.178.206.30 213.219.245.4

O1 - Hosts: 178.169.49.160 files.referats.net

O1 - Hosts: 104.83.9.105 database.clamav.net

O1 - Hosts: 173.153.208.24 213.248.60.121

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE2875FF-313A-4005-B5F4-78949C988181} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.com.br/erv2/vagas/activex/smsx.cab

O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Uma pergunta de leigo o sao esse monte de hosts?

Agradeço a ajuda..

 

Ricardo

[jgarcia 1]

Opa Ricardo José,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o HostsXpert em:

HostsXpert

 

Execute o HostsXpert, por meio do arquivo HostsXpert.exe, clique em Restore Microsoft's Hosts File e aperte em OK. Depois disso, finalize o programa.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\System32\drivers\svchost.exe

C:\WINDOWS\SYSTEM32\winzdn32.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {0D46FB99-84E0-4A6A-82A6-F512C2163E09} - (no file)

O2 - BHO: (no name) - {BE2875FF-313A-4005-B5F4-78949C988181} - (no file)

O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[Ricardo José 0]

Boa noite José Garcia

 

Segue o log gerado pelo HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:42:32, on 11/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

E:\eMule\emule.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.com.br/erv2/vagas/activex/smsx.cab

O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Ricardo

[jgarcia 1]

Opa Ricardo José,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[Ricardo José 0]

Opa José .. Esta feito !!Muito Obrigado pela ajuda.. ficou perfeito o pc !!!Tks Ricardo

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.