[Resolvido!] pop-ups errorsafe,winativiruspro,mercado liv

[vinoka 0]

Me ajudem por favor,estou com um grande problema q nao consigo resolver,ja passei o norton,spybot,ad-aware,xoftspy,AVG, e nenhum desses conseguiu retirar esse maldito malware, e tambem ultimamente a barra de ferramentas some e carrega de novo em cerca de 3 segundos após abrir o IE,me ajudem POR FAVOR ! NAO SEI MAIS OQ FAZER ! :upset:

 

Aqui sege o LOG do Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 23:55:19, on 18/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\bpkrbnsr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\obncjtqb.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.webshots.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymProbe.exe -r "C:\Arquivos de programas\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\criygpjo.dll",forkonce

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[jgarcia 1]

Opa vinoka,

 

Vá em Iniciar -> Executar -> digite msconfig -> dê Ok -> aba Inicializar -> marque todas as caixas.

 

Feito isto poste um novo log.

 

Abraços.

[vinoka 0]

Opa jgarcia valew pela ajuda ae !

Aqui vai o novo log

 

Logfile of HijackThis v1.99.1

Scan saved at 17:58:42, on 19/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.webshots.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymProbe.exe -r "C:\Arquivos de programas\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sSC_UserPrompt] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cmwdticc.dll",forkonce

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Webshots.lnk = F:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Norton GoBack.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton GoBack\GBTray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[jgarcia 1]

Opa vinoka,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

[vinoka 0]

Ae aqui vai o log do vundofix

 

VundoFix V6.5.6

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:18:12 19/7/2007

 

Listing files found while scanning....

 

C:\windows\system32\aafupwme.dll

C:\windows\system32\apgnpsuj.dll

C:\windows\system32\aqeblugu.dll

C:\windows\system32\bxmgnekk.dll

C:\WINDOWS\system32\ccitdwmc.ini

C:\WINDOWS\system32\cmwdticc.dll

C:\windows\system32\cnsqvfro.dll

C:\windows\system32\cyekppun.dll

C:\windows\system32\dcbeg.bak1

C:\windows\system32\dcbeg.bak2

C:\windows\system32\dcbeg.ini

C:\windows\system32\dcbeg.ini2

C:\windows\system32\dcbeg.tmp

C:\windows\system32\deykdqix.dll

C:\windows\system32\dglpdmcq.dll

C:\windows\system32\emwpufaa.ini

C:\windows\system32\gbagtlly.dll

C:\WINDOWS\system32\gebcd.dll

C:\windows\system32\ghkcxmbb.dll

C:\windows\system32\gmqtyxiw.ini

C:\windows\system32\gppijlvu.dll

C:\windows\system32\htwrfwlp.dll

C:\windows\system32\ixorpuiq.dll

C:\windows\system32\jrrgxxow.dll

C:\windows\system32\libnulbe.dll

C:\windows\system32\llrktsvo.dll

C:\windows\system32\loqflhtx.dll

C:\windows\system32\mepostgk.dll

C:\windows\system32\mhlejgow.dll

C:\windows\system32\nruksehw.dll

C:\windows\system32\ppgvalde.dll

C:\windows\system32\qdbpcawf.dll

C:\windows\system32\qongtmvm.dll

C:\windows\system32\rcaoqurl.dll

C:\windows\system32\shpujljh.dll

C:\windows\system32\tbswwyld.dll

C:\windows\system32\tfrxvtbh.dll

C:\windows\system32\ugrpowef.dll

C:\windows\system32\umfppdmw.ini

C:\WINDOWS\system32\vtuusqr.dll

C:\windows\system32\wixytqmg.dll

C:\windows\system32\wkdomepk.dll

C:\windows\system32\wmdppfmu.dll

C:\windows\system32\wnowgrvb.dll

C:\windows\system32\xgutnebm.dll

C:\windows\system32\xpygjdcg.dll

C:\windows\system32\yxntbgus.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\aafupwme.dll

C:\windows\system32\aafupwme.dll Has been deleted!

 

Attempting to delete C:\windows\system32\apgnpsuj.dll

C:\windows\system32\apgnpsuj.dll Has been deleted!

 

Attempting to delete C:\windows\system32\aqeblugu.dll

C:\windows\system32\aqeblugu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\bxmgnekk.dll

C:\windows\system32\bxmgnekk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ccitdwmc.ini

C:\WINDOWS\system32\ccitdwmc.ini Has been deleted!

 

Attempting to delete C:\windows\system32\cnsqvfro.dll

C:\windows\system32\cnsqvfro.dll Has been deleted!

 

Attempting to delete C:\windows\system32\cyekppun.dll

C:\windows\system32\cyekppun.dll Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.bak1

C:\windows\system32\dcbeg.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.bak2

C:\windows\system32\dcbeg.bak2 Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.ini

C:\windows\system32\dcbeg.ini Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.ini2

C:\windows\system32\dcbeg.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.tmp

C:\windows\system32\dcbeg.tmp Has been deleted!

 

Attempting to delete C:\windows\system32\deykdqix.dll

C:\windows\system32\deykdqix.dll Has been deleted!

 

Attempting to delete C:\windows\system32\dglpdmcq.dll

C:\windows\system32\dglpdmcq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\emwpufaa.ini

C:\windows\system32\emwpufaa.ini Has been deleted!

 

Attempting to delete C:\windows\system32\gbagtlly.dll

C:\windows\system32\gbagtlly.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebcd.dll

C:\WINDOWS\system32\gebcd.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\ghkcxmbb.dll

C:\windows\system32\ghkcxmbb.dll Has been deleted!

 

Attempting to delete C:\windows\system32\gmqtyxiw.ini

C:\windows\system32\gmqtyxiw.ini Has been deleted!

 

Attempting to delete C:\windows\system32\gppijlvu.dll

C:\windows\system32\gppijlvu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\htwrfwlp.dll

C:\windows\system32\htwrfwlp.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ixorpuiq.dll

C:\windows\system32\ixorpuiq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jrrgxxow.dll

C:\windows\system32\jrrgxxow.dll Has been deleted!

 

Attempting to delete C:\windows\system32\libnulbe.dll

C:\windows\system32\libnulbe.dll Has been deleted!

 

Attempting to delete C:\windows\system32\llrktsvo.dll

C:\windows\system32\llrktsvo.dll Has been deleted!

 

Attempting to delete C:\windows\system32\loqflhtx.dll

C:\windows\system32\loqflhtx.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mepostgk.dll

C:\windows\system32\mepostgk.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mhlejgow.dll

C:\windows\system32\mhlejgow.dll Has been deleted!

 

Attempting to delete C:\windows\system32\nruksehw.dll

C:\windows\system32\nruksehw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ppgvalde.dll

C:\windows\system32\ppgvalde.dll Has been deleted!

 

Attempting to delete C:\windows\system32\qdbpcawf.dll

C:\windows\system32\qdbpcawf.dll Has been deleted!

 

Attempting to delete C:\windows\system32\qongtmvm.dll

C:\windows\system32\qongtmvm.dll Has been deleted!

 

Attempting to delete C:\windows\system32\rcaoqurl.dll

C:\windows\system32\rcaoqurl.dll Has been deleted!

 

Attempting to delete C:\windows\system32\shpujljh.dll

C:\windows\system32\shpujljh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tbswwyld.dll

C:\windows\system32\tbswwyld.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tfrxvtbh.dll

C:\windows\system32\tfrxvtbh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ugrpowef.dll

C:\windows\system32\ugrpowef.dll Has been deleted!

 

Attempting to delete C:\windows\system32\umfppdmw.ini

C:\windows\system32\umfppdmw.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtuusqr.dll

C:\WINDOWS\system32\vtuusqr.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\wixytqmg.dll

C:\windows\system32\wixytqmg.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wkdomepk.dll

C:\windows\system32\wkdomepk.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wmdppfmu.dll

C:\windows\system32\wmdppfmu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wnowgrvb.dll

C:\windows\system32\wnowgrvb.dll Has been deleted!

 

Attempting to delete C:\windows\system32\xgutnebm.dll

C:\windows\system32\xgutnebm.dll Has been deleted!

 

Attempting to delete C:\windows\system32\xpygjdcg.dll

C:\windows\system32\xpygjdcg.dll Has been deleted!

 

Attempting to delete C:\windows\system32\yxntbgus.dll

C:\windows\system32\yxntbgus.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\dcbeg.ini

C:\windows\system32\dcbeg.ini Has been deleted!

 

Attempting to delete C:\windows\system32\dcbeg.ini2

C:\windows\system32\dcbeg.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebcd.dll

C:\WINDOWS\system32\gebcd.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\vtuusqr.dll

C:\WINDOWS\system32\vtuusqr.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

 

e aqui vai o log do hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 18:36:18, on 19/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\bxunhhbc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\AUpdate.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Arquivos de programas\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.webshots.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymProbe.exe -r "C:\Arquivos de programas\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Webshots.lnk = F:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Norton GoBack.lnk = C:\Arquivos de programas\Norton SystemWorks\Norton GoBack\GBTray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

Valewww :thumbsup:

[jgarcia 1]

Opa vinoka,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[vinoka 0]

Jgarcia, eu ACHO q o problema ja foi resolvido, to usando IE e ateh agr nao abriu nenhuma janela e a barra de ferramentas nao da umas sumidas como costumava dar...mas aqui vai o log do Combofix

 

"usuario" - 2007-07-19 20:22:42 - ComboFix 07-07-17.8 - Service Pack 2 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\gebcd.dll

C:\WINDOWS\system32\vtuusqr.dll

C:\WINDOWS\system32\vtuusqr.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\#SharedObjects\9ZW5B8L7\www.broadcaster.com

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\usuario\Desktop.\internet explorer.lnk

C:\WINDOWS\wr.txt

 

 

((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))

 

 

2007-07-19 20:21 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-19 20:08 0 --a------ C:\WINDOWS\nsreg.dat

2007-07-19 20:08 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\Talkback

2007-07-19 18:32 127,985 --a------ C:\WINDOWS\system32\hvebyenm.dll

2007-07-19 18:18 <DIR> d-------- C:\VundoFix Backups

2007-07-13 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-07-12 19:40 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2007-07-12 19:40 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2007-07-12 19:40 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-07-12 19:40 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2007-07-12 19:40 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2007-07-12 19:40 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2007-07-12 19:40 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2007-07-12 19:40 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2007-07-12 19:40 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

2007-07-08 18:05 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-07-07 17:32 <DIR> d-------- C:\Arquivos de programas\New_P2ktools

2007-07-07 17:11 <DIR> d-------- C:\Arquivos de programas\SkiMan

2007-07-07 17:03 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-07 17:00 <DIR> d-------- C:\Arquivos de programas\Motorola

2007-07-07 16:58 36,608 --a------ C:\WINDOWS\system32\drivers\P2k.sys

2007-07-07 16:58 <DIR> d-------- C:\Arquivos de programas\rsd_lite_3_0

2007-07-07 16:58 <DIR> d-------- C:\Arquivos de programas\P2K_Drivers

2007-07-07 16:32 65,536 --a------ C:\WINDOWS\system32\a1.dll

2007-07-07 16:32 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe

2007-07-07 16:32 278,528 --a------ C:\WINDOWS\system32\ammpp.dll

2007-07-07 16:32 <DIR> d-------- C:\Arquivos de programas\AnMing

2007-07-04 19:29 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\Symantec

2007-07-04 19:22 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2007-07-04 19:22 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2007-07-01 23:14 91,177 -ra------ C:\WINDOWS\system32\drivers\P1131Vid.sys

2007-07-01 23:14 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-07-01 23:14 81,920 -ra------ C:\WINDOWS\CtDrvIns.exe

2007-07-01 23:14 69,632 -ra------ C:\WINDOWS\system32\P1131Sti.dll

2007-07-01 23:14 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll

2007-07-01 23:14 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-07-01 23:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-07-01 23:14 49,152 -ra------ C:\WINDOWS\system32\P1131Hwx.dll

2007-07-01 23:14 36,864 -ra------ C:\WINDOWS\system32\P1131Pin.dll

2007-07-01 23:14 20,480 -ra------ C:\WINDOWS\system32\P1131Srv.exe

2007-07-01 23:14 20,480 -ra------ C:\WINDOWS\P1131Cfg.exe

2007-07-01 23:14 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-07-01 23:14 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-07-01 23:14 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-07-01 23:14 126,976 -ra------ C:\WINDOWS\system32\P1131Vfw.dll

2007-07-01 23:14 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-07-01 23:14 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-07-01 23:14 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\Creative

2007-07-01 23:10 41,984 --------- C:\WINDOWS\Ctregrun.exe

2007-07-01 23:10 <DIR> d-------- C:\Media

2007-07-01 23:08 <DIR> d-------- C:\Arquivos de programas\Creative

2007-07-01 14:22 <DIR> d--h----- C:\WINDOWS\PIF

2007-06-27 21:12 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\DivX

2007-06-25 22:44 <DIR> d-------- C:\Arquivos de programas\PerformanceTest

2007-06-23 12:01 <DIR> d-------- C:\Arquivos de programas\Shareaza

2007-06-23 11:25 <DIR> d-------- C:\Arquivos de programas\Norton SystemWorks

2007-06-23 00:00 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-06-23 00:00 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-06-22 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-06-22 23:46 <DIR> d-------- C:\Arquivos de programas\Symantec

2007-06-22 23:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-06-21 20:11 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\WinRAR

2007-06-20 22:30 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\Lavasoft

2007-06-20 22:13 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-06-20 21:08 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-06-20 21:08 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-06-20 21:08 <DIR> d-------- C:\Arquivos de programas\DivX

2007-06-20 20:30 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\Apple Computer

2007-06-20 20:30 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-06-20 20:30 <DIR> d-------- C:\Arquivos de programas\iTunes

2007-06-20 20:30 <DIR> d-------- C:\Arquivos de programas\iPod

2007-06-20 20:30 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-06-20 20:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-19 22:50:58 48,846 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-19 22:50:58 344,734 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-19 20:57:43 -------- d-----w C:\Arquivos de programas\lg_fwupdate

2007-07-19 03:16:55 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\LimeWire

2007-07-16 03:08:23 -------- d-----w C:\Arquivos de programas\Google

2007-07-15 06:41:38 -------- d-----w C:\Arquivos de programas\Steam

2007-07-10 03:41:55 -------- d-----w C:\Arquivos de programas\LimeWire

2007-07-07 00:07:43 -------- d-----w C:\Arquivos de programas\Winamp

2007-07-04 22:38:47 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-07-04 22:38:47 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-07-02 02:10:14 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-06-26 02:51:05 -------- d-----w C:\Arquivos de programas\Microsoft IntelliPoint

2007-06-23 14:33:04 -------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-06-18 00:38:48 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\Webshots

2007-06-17 22:32:00 -------- d-----w C:\Arquivos de programas\Analog Devices

2007-06-16 18:10:05 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\CyberLink

2007-06-16 18:06:11 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\Google

2007-06-16 15:50:27 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\InterTrust

2007-06-16 15:48:10 -------- d-----w C:\Arquivos de programas\CyberLink

2007-06-16 15:46:29 -------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-06-16 15:06:05 -------- d-----w C:\DOCUME~1\usuario\DADOSD~1\MusicIP

2007-06-16 14:54:06 -------- d-----w C:\Arquivos de programas\Windows Live

2007-06-16 14:54:06 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-06-16 14:54:06 -------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-06-15 12:20:33 -------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-06-14 21:03:37 -------- d-----w C:\Arquivos de programas\Messenger

2007-06-14 19:24:24 -------- d-----w C:\Arquivos de programas\Ahead

2007-06-14 19:24:13 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-14 14:37:43 -------- d-----w C:\Arquivos de programas\Realtek

2007-06-14 14:33:40 -------- d-----w C:\Arquivos de programas\Intel

2007-06-14 14:27:18 -------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-06-14 14:27:06 0 --sha-r C:\MSDOS.SYS

2007-06-14 14:27:06 0 --sha-r C:\IO.SYS

2007-06-14 14:27:06 0 ----a-w C:\CONFIG.SYS

2007-06-14 14:27:06 0 ----a-w C:\AUTOEXEC.BAT

2007-06-14 14:26:04 -------- d--h--w C:\Arquivos de programas\WindowsUpdate

2007-06-14 14:26:02 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-06-14 14:25:20 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-06-14 14:25:16 -------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-06-14 14:25:07 -------- d-----w C:\Arquivos de programas\Movie Maker

2007-06-14 14:24:25 21,844 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-06-14 14:24:01 -------- d-----w C:\Arquivos de programas\MSN Gaming Zone

2007-06-14 14:23:53 -------- d-----w C:\Arquivos de programas\Windows NT

2007-06-14 11:19:50 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-06-14 11:19:48 -------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2001-04-16 16:39 37808 --------- C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]

2007-05-23 12:13 140912 --a------ C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-06-16 12:22 2423872 -ra------ c:\arquivos de programas\google\googletoolbar1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-07-09 18:54 325048 --a------ C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe" [2003-05-15 20:41]

"nwiz"="nwiz.exe" [2006-11-10 00:25 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-18 05:00]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 09:54]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"NAV CfgWiz"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymProbe.exe" []

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]

"Norton Ghost 10.0"="C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" []

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-06-16 12:51]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-03-13 23:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

"Norton SystemWorks"="C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" []

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

 

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2007-06-16 12:21:49]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

 

 

**************************************************************************

 

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-19 20:26:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-19 20:27:06 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-19 20:27

 

--- E O F ---

 

 

 

Valeww :thumbsup:

[jgarcia 1]

Opa vinoka,

 

Falta pouco agora.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\bxunhhbc.exe

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\gebcd.dll

C:\WINDOWS\system32\vtuusqr.dll

C:\WINDOWS\system32\hvebyenm.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.webshots.com/

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[vinoka 0]

Acho que agora tá limpo, soh tinha 1 arquivo pra ser deletado pelo q percebi q era o ultimo.

Aqui vai o log do hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 17:35:04, on 20/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymProbe.exe -r "C:\Arquivos de programas\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

Valeww :thumbsup:

[jgarcia 1]

Opa vinoka,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.