[Arquivado]Analise de Log! Preciso de

[claramaria 0]

Boa tarde amigos... Estou com problemas aqui, estou com virus, removo e eles retornam ao iniciar o pc. Se não os removo, consigo entrar na net, se os removo, não consegui conectar.

Aguardo a ajuda de vcs.

 

Eis o log do hijackthis:

 

Logfile of HijackThis v1.97.7

Scan saved at 20:05:43, on 5/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\DOCUME~1\FÁTIMA\CONFIG~1\Temp\winlogon.exe

C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\FÁTIMA\CONFIG~1\Temp\Rar$EX01.485\auto runs.exe

F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.narutoproject.com.br/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\FÁTIMA\CONFIG~1\Temp\winlogon.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Skype (HKLM)

O9 - Extra button: Pesquisar (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

 

 

 

Também tenho o log do autorun:

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer (Not verified) Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ avast! avast! service GUI component (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashdisp.exe

+ InCD InCD (Not verified) Ahead Software AG c:\arquivos de programas\ahead\incd\incd.exe

+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ nwiz NVIDIA nView Wizard, Version 56.55 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe

+ RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\arquivos de programas\cyberlink dvd solution\powerdvd\pdvdserv.exe

+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre1.6.0_02\bin\jusched.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe

+ Adobe Reader Synchronizer.lnk (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\reader 8.0\reader\adobecollabsync.exe

+ Image Transfer.lnk c:\arquivos de programas\sony corporation\image transfer\sonytray.exe

C:\Documents and Settings\Fátima\Menu Iniciar\Programas\Inicializar

+ Yahoo! Widget Engine.lnk File not found: C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Firewall auto setup c:\documents and settings\fátima\configurações locais\temp\winlogon.exe

+ MSMSGS Windows Messenger (Not verified) Microsoft Corporation c:\arquivos de programas\messenger\msmsgs.exe

+ Skype Skype. Take a deep breath (Verified) Skype Technologies SA c:\arquivos de programas\skype\phone\skype.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ Class Install Handler Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ deflate Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ gzip Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ lzdhtml Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ text/webviewhtml DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ about Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

+ cdl Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ file Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ ftp Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ gopher Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ http Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ https Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ its Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\windows\system32\itss.dll

+ javascript Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

+ local Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ mailto Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

+ mk Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ ms-its Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\windows\system32\itss.dll

+ res Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\arquivos de programas\arquivos comuns\skype\skype4com.dll

+ sysimage Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

+ vbscript Visualizador de HTML da Microsoft ® (Not verified) Microsoft Corporation c:\windows\system32\mshtml.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: about:Home

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler

+ Daemon de cache de categorias de componente Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Pré-carregador Browseui Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad

+ CDBurn DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Objeto de serviço do shell de Systray (Not verified) Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks

+ shell32.dll DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved

+ %DESC_PublishDropTarget% Assistente para impressão de fotos (Not verified) Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Pessoas... Localizar pessoas (Not verified) Microsoft Corporation c:\arquivos de programas\outlook express\wabfind.dll

+ .CAB file viewer Extensão shell do 'Visualizador de arquivos de gabinete' (Not verified) Microsoft Corporation c:\windows\system32\cabview.dll

+ Acessível Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Ajuda e suporte Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Ajuda e suporte Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Arquivo de canal Visualizador de arquivos de definição de canais (Not verified) Microsoft Corporation c:\windows\system32\cdfview.dll

+ Assistente para publicação na Web Assistente para mapear unidades e locais de rede (Not verified) Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Assistência ao usuário Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Atalho para o canal Visualizador de arquivos de definição de canais (Not verified) Microsoft Corporation c:\windows\system32\cdfview.dll

+ Auto Update Property Sheet Extension Painel de Controle de Atualizações Automáticas (Not verified) Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ avast avast! Shell Extension (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashshell.dll

+ BandProxy Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Barra de ferramentas do Microsoft Internet Explorer Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Barra de tarefas e menu Iniciar DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ Barra Popup de controle Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Caixa de edição de endereço Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ CDF Extension Copy Hook Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Channel Menu Visualizador de arquivos de definição de canais (Not verified) Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Properties Visualizador de arquivos de definição de canais (Not verified) Microsoft Corporation c:\windows\system32\cdfview.dll

+ Code Download Agent Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compressed (zipped) Folder Right Drag Handler Pastas compactadas (zipadas) (Not verified) Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Pastas compactadas (zipadas) (Not verified) Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Conexões de rede Shell de conexões de rede (Not verified) Microsoft Corporation c:\windows\system32\netshell.dll

+ Conexões de rede Shell de conexões de rede (Not verified) Microsoft Corporation c:\windows\system32\netshell.dll

+ Configurações de pasta globais Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ ConnectionAgent Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ Contas de usuário Assistente para mapear unidades e locais de rede (Not verified) Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 56.55 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 56.55 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Directory Context Menu Verbs Interface de usuário comum do serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Localização de serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Interface de usuário comum do serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Localização de serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Localização de serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Quota UI DLL da interface de usuário da cota de disco do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display TroubleShoot CPL Extension Propriedades avançadas de desempenho de vídeo (Not verified) Microsoft Corporation c:\windows\system32\deskperf.dll

+ E&ndereço Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Editor de aplicativo Darwin Gerenciador de aplicativos do shell (Not verified) Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Email Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Enumerador de aplicativos instalado Gerenciador de aplicativos do shell (Not verified) Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Executar... Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Extensão de cópia de disco DiskCopy do Windows (Not verified) Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Extensão de ícone do HyperTerminal HyperTerminal Applet Library (Not verified) Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ Extensão do 'Painel de controle' para adaptador de vídeo Propriedades avançadas de adaptador de vídeo (Not verified) Microsoft Corporation c:\windows\system32\deskadp.dll

+ Extensão do 'Painel de controle' para monitor de vídeo Propriedades avançadas de monitor (Not verified) Microsoft Corporation c:\windows\system32\deskmon.dll

+ Extensão do 'Painel de controle' para panorâmica de vídeo File not found: deskpan.dll

+ Extensão do shell de impressora na Web Print UI DLL (Not verified) Microsoft Corporation c:\windows\system32\printui.dll

+ Extensões do Shell para compartilhamento Extensões do Shell para compartilhamento (Not verified) Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Extensões do Shell para compartilhamento Extensões do Shell para compartilhamento (Not verified) Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Extensões do shell para objetos Microsoft Windows Network Objeto de rede do shell da interface de usuário (Not verified) Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Extrator de miniaturas de arquivo GDI+ Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Extrator de miniaturas HTML Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Faixa de pesquisa Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Faixa do Explorer Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Favorites Band Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Ferramentas administrativas Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Folha de propriedades de arquivo de multimídia Aplicativo para drivers do 'Painel de controle' (Not verified) Microsoft Corporation c:\windows\system32\mmsys.cpl

+ Fontes Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Fonts Pasta de fontes do Windows (Not verified) Microsoft Corporation c:\windows\system32\fontext.dll

+ FTP Folders Webview Extensão shell da pasta FTP do Microsoft Internet Explorer (Not verified) Microsoft Corporation c:\windows\system32\msieftp.dll

+ Gerenciador de aplicativos do shell Gerenciador de aplicativos do shell (Not verified) Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Gerenciamento de impressora ICM DLL da interface com o usuário do sistema de correspondência de cores Microsoft (Not verified) Microsoft Corporation c:\windows\system32\icmui.dll

+ Gerenciamento de monitor ICM DLL da interface com o usuário do sistema de correspondência de cores Microsoft (Not verified) Microsoft Corporation c:\windows\system32\icmui.dll

+ Gerenciamento de scanner ICM DLL da interface com o usuário do sistema de correspondência de cores Microsoft (Not verified) Microsoft Corporation c:\windows\system32\icmui.dll

+ Histórico Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Identificador de informações de resumo de miniaturas (DOCFILES) Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ IE4 Suite Splash Screen Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ InternetShortcut Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ ISFBand OC Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Lista de preenchimento automático de histórico da Microsoft Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Lista de preenchimento automático de pastas do Shell da Microsoft Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Lista de preenchimento automático MRU Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Lista personalizada MRU preenchida automaticamente Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Manipulador de dados de recorte do shell Manipulador de objeto de recorte do Shell (Not verified) Microsoft Corporation c:\windows\system32\shscrap.dll

+ Menu de site de faixa do Shell Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url Search Hook Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ MMC Icon Handler MMC Shell Extension DLL (Not verified) Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MyDocs Copy Hook Interface de usuário da pasta 'Meus documentos' (Not verified) Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target Interface de usuário da pasta 'Meus documentos' (Not verified) Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties Interface de usuário da pasta 'Meus documentos' (Not verified) Microsoft Corporation c:\windows\system32\mydocs.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 56.55 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Objeto do assistente para publicação do shell Assistente para mapear unidades e locais de rede (Not verified) Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Objeto manipulador de canais Visualizador de arquivos de definição de canais (Not verified) Microsoft Corporation c:\windows\system32\cdfview.dll

+ Obter um Assistente do Passport Assistente para mapear unidades e locais de rede (Not verified) Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Offline Files Folder Options Interface de usuário de cache do cliente (Not verified) Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Interface de usuário de cache do cliente (Not verified) Microsoft Corporation c:\windows\system32\cscui.dll

+ Pasta cache de ActiveX Visualizador de controles de objetos (Not verified) Microsoft Corporation c:\windows\system32\occache.dll

+ Pasta compactada (zipada) Pastas compactadas (zipadas) (Not verified) Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Pasta de arquivos off-line Interface de usuário de cache do cliente (Not verified) Microsoft Corporation c:\windows\system32\cscui.dll

+ Pasta de inscrições Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ Pasta do shell aumentada Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Pasta do shell aumentada 2 Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Pastas da Web Microsoft Web Folders (Not verified) Microsoft Corporation c:\arquivos de programas\arquivos comuns\microsoft shared\web folders\msonsext.dll

+ Pedido de impressão via Web Assistente para mapear unidades e locais de rede (Not verified) Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Perfil ICC DLL da interface com o usuário do sistema de correspondência de cores Microsoft (Not verified) Microsoft Corporation c:\windows\system32\icmui.dll

+ Pesquisa na Web Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Pesquisa no painel Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Pesquisar Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ PlusPack CPL Extension API de tema do Windows (Not verified) Microsoft Corporation c:\windows\system32\themeui.dll

+ Porta-arquivos Porta-arquivos do Windows (Not verified) Microsoft Corporation c:\windows\system32\syncui.dll

+ PostAgent Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ Preenchimento automático da Microsoft Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Recipiente de lista de preenchimento automático múltiplo da Microsoft Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Extensão CPL de sessões remotas (Not verified) Microsoft Corporation c:\windows\system32\remotepg.dll

+ Scanners & câmeras Interface de usuário da pasta do shell de dispositivos de imagens (Not verified) Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & câmeras Interface de usuário da pasta do shell de dispositivos de imagens (Not verified) Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & câmeras Interface de usuário da pasta do shell de dispositivos de imagens (Not verified) Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & câmeras Interface de usuário da pasta do shell de dispositivos de imagens (Not verified) Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & câmeras Interface de usuário da pasta do shell de dispositivos de imagens (Not verified) Microsoft Corporation c:\windows\system32\wiashext.dll

+ Search Assistant OC Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Sendmail service Enviar mensagem (Not verified) Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Enviar mensagem (Not verified) Microsoft Corporation c:\windows\system32\sendmail.dll

+ Serviço de histórico de URLs da Microsoft Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Set Program Access and Defaults Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Automation Inproc Service Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell DeskBar Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Extension for CDRW UDF Shell Extension DLL (Not verified) Ahead Software AG c:\arquivos de programas\ahead\incd\incdshx.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\arquivos de programas\real\realone player\rpshell.dll

+ Shell Image Data Factory Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Visualizador de imagens e fax do Windows (Not verified) Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Localização de serviço de diretório (Not verified) Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Rebar BandSite Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Status do download Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Subscription Mgr Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ Tarefas agendadas DLL da interface do agendador de tarefas (Not verified) Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Icon Handler DLL da interface do agendador de tarefas (Not verified) Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension DLL da interface do agendador de tarefas (Not verified) Microsoft Corporation c:\windows\system32\mstask.dll

+ Temporary Internet Files Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

+ TrayAgent Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Utilitário de opções de árvore do Registro Biblioteca da interface de usuário do navegador do Shell (Not verified) Microsoft Corporation c:\windows\system32\browseui.dll

+ Vinculação de dados Microsoft Microsoft Data Access - OLE DB Core Services (Not verified) Microsoft Corporation c:\arquivos de programas\arquivos comuns\system\ole db\oledb32.dll

+ WebCheck Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Monitor de sites da Web (Not verified) Microsoft Corporation c:\windows\system32\webcheck.dll

+ WinRAR shell extension c:\arquivos de programas\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\arquivos de programas\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\arquivos de programas\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\arquivos de programas\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\arquivos de programas\winzip\wzshlstb.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandler s

+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\pdfshell.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects

+ Facilitador de Leitor de Link Adobe PDF Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelper.dll

+ Skype add-on (mastermind) Skype add-on for IE (Verified) Skype Technologies SA c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre1.6.0_02\bin\ssv.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dll Biblioteca Shell de controles e objetos-documento (Not verified) Microsoft Corporation c:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Windows Messenger Windows Messenger (Not verified) Microsoft Corporation c:\arquivos de programas\messenger\msmsgs.exe

Task Scheduler

+ At1.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At10.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At11.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At12.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At13.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At14.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At15.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At16.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At17.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At18.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At19.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At2.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At20.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At21.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At22.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At23.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At24.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At25.job c:\windows\system32\u2d1s4cr.exe

+ At26.job c:\windows\system32\u2d1s4cr.exe

+ At27.job c:\windows\system32\u2d1s4cr.exe

+ At28.job c:\windows\system32\u2d1s4cr.exe

+ At29.job c:\windows\system32\u2d1s4cr.exe

+ At3.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At30.job c:\windows\system32\u2d1s4cr.exe

+ At31.job c:\windows\system32\u2d1s4cr.exe

+ At32.job c:\windows\system32\u2d1s4cr.exe

+ At33.job c:\windows\system32\u2d1s4cr.exe

+ At34.job c:\windows\system32\u2d1s4cr.exe

+ At35.job c:\windows\system32\u2d1s4cr.exe

+ At36.job c:\windows\system32\u2d1s4cr.exe

+ At37.job c:\windows\system32\u2d1s4cr.exe

+ At38.job c:\windows\system32\u2d1s4cr.exe

+ At39.job c:\windows\system32\u2d1s4cr.exe

+ At4.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At40.job c:\windows\system32\u2d1s4cr.exe

+ At41.job c:\windows\system32\u2d1s4cr.exe

+ At42.job c:\windows\system32\u2d1s4cr.exe

+ At43.job c:\windows\system32\u2d1s4cr.exe

+ At44.job c:\windows\system32\u2d1s4cr.exe

+ At45.job c:\windows\system32\u2d1s4cr.exe

+ At46.job c:\windows\system32\u2d1s4cr.exe

+ At47.job c:\windows\system32\u2d1s4cr.exe

+ At48.job c:\windows\system32\u2d1s4cr.exe

+ At5.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At6.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At7.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At8.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

+ At9.job File not found: C:\WINDOWS\system32\PseKjSqm.exe

HKLM\System\CurrentControlSet\Services

+ aswUpdSv Fornece atualização automática para o antivírus avast!. (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\aswupdsv.exe

+ avast! Antivirus Gerencia e executa os serviços do antivírus avast! neste computador. Isto inclui a Proteção residente, a Quarentena e o Agendador. (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashserv.exe

+ ICF c:\windows\system32\icf.exe

+ InCDsrv Helper service for the InCD filesystem driver (Not verified) Ahead Software AG c:\arquivos de programas\ahead\incd\incdsrv.exe

HKLM\System\CurrentControlSet\Services

+ fwdrv.sys File not found: C:\fwdrv.sys

+ InCDPass Ahead RW Filter Driver (Not verified) Ahead Software AG c:\windows\system32\drivers\incdpass.sys

+ kprof File not found: C:\WINDOWS\system32\kprof

+ npkcrypt nProtect KeyCrypt Driver (Not verified) INCA Internet Co., Ltd. c:\arquivos de programas\aero gaming\aero full\npkcrypt.sys

+ pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys

+ poof File not found: C:\WINDOWS\system32\poof

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ runtime File not found: C:\WINDOWS\System32\drivers\runtime.sys

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 (Not verified) Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ comdlg32 DLL de diálogos comuns (Not verified) Microsoft Corporation c:\windows\system32\comdlg32.dll

+ shell32 DLL comum do Shell do Windows (Not verified) Microsoft Corporation c:\windows\system32\shell32.dll

+ url DLL de extensões Shell de atalhos da Internet (Not verified) Microsoft Corporation c:\windows\system32\url.dll

+ urlmon Extensões OLE32 para Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll

+ wininet Internet Extensions para Win32 (Not verified) Microsoft Corporation c:\windows\system32\wininet.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

+ LogonUI.EXE Interface de logon do Windows (Not verified) Microsoft Corporation c:\windows\system32\logonui.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Agente de rede off-line (Not verified) Microsoft Corporation c:\windows\system32\cscdll.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\system32\aurora.scr Aurora Screen Saver (Not verified) Microsoft Corporation c:\windows\system32\aurora.scr

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs

+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\SecurityProviders

+ digest.dll Digest SSPI Authentication Package (Not verified) Microsoft Corporation c:\windows\system32\digest.dll

 

 

Será que tem solução??? conto com a ajuda de vcs.

Obrigado!!

[jgarcia 1]

Opa claramaria,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[claramaria 0]

Logfile of HijackThis v1.97.7

Scan saved at 18:26:38, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\DOCUME~1\FÁTIMA\CONFIG~1\Temp\winlogon.exe

C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe

C:\Nova pasta\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.narutoproject.com.br/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\FÁTIMA\CONFIG~1\Temp\winlogon.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Skype (HKLM)

O9 - Extra button: Pesquisar (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\cjdlmob.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

Relatorio do bankerfix:

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 6/8/2007 - 18:22

-------------------------------------------------------

Lista de Definição: 2007-08-05-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

----- Fim -------------------------

[jgarcia 1]

Opa claramaria,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.