[Arquivado] retirar pop-up CID

[FeLiPeScO 0]

ola, estou tendo problemas com um pop-up chamado CID, creio q seja o alguma coisa haver com o patrocinador instalado pelo msn plus, já fiz de tudo para resolver esse problema, não teve efeito nem um, gostaria de uma ajudinha ^^:

 

meu log do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:12:57, on 2/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Felipe\Meus documentos\xxx\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CHICSAFE] C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

O4 - HKCU\..\Run: [bPS Spyware Remover] C:\Arquivos de programas\BPS Remover\BPSRem.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188604239328

O17 - HKLM\System\CCS\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

grato desde já.

[DigRam 144]

Bom Dia FeLiPeScO!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[FeLiPeScO 0]

Bom Dia DigRam!!!!

 

aqui esta o log do ComboFix:

 

ComboFix 07-08-30.3 - "Felipe" 2007-09-03 7:49:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.131 [GMT -3:00]

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Felipe\DADOSD~1\macromedia\Flash Player\#SharedObjects\C6HT3JJK\iforex.com

C:\DOCUME~1\Felipe\DADOSD~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

 

 

((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))

 

 

2007-09-03 07:46 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-09-03 07:18 <DIR> d-------- C:\WINDOWS\LastGood

2007-09-02 19:30 <DIR> d-------- C:\Arquivos de programas\MP3Gain

2007-09-02 19:10 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\Ahead

2007-09-02 13:56 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll

2007-09-02 13:56 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll

2007-09-02 13:56 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll

2007-09-02 13:56 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll

2007-09-02 13:56 24,360 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll

2007-09-02 13:56 2,835,752 --a------ C:\WINDOWS\system32\BCGCBPRO860un71.dll

2007-09-02 13:56 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll

2007-09-02 13:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2007-09-02 13:56 1,053,184 --a------ C:\WINDOWS\system32\mfc71u.dll

2007-09-02 13:56 <DIR> d-------- C:\Arquivos de programas\Nero

2007-09-02 13:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-09-02 11:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\SlySoft

2007-09-02 11:25 <DIR> d-------- C:\Arquivos de programas\SlySoft

2007-09-02 11:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Elaborate Bytes

2007-09-02 11:22 <DIR> d-------- C:\Arquivos de programas\Elaborate Bytes

2007-09-02 09:45 <DIR> d-------- C:\Arquivos de programas\Crawler

2007-09-02 09:39 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2007-09-02 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Spyware Terminator

2007-09-02 09:39 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2007-09-02 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\DFX

2007-09-02 09:29 <DIR> d-------- C:\Arquivos de programas\DFX

2007-09-02 09:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-09-02 09:01 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2007-09-01 23:57 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2007-09-01 23:52 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\COWON

2007-09-01 23:51 <DIR> d-------- C:\Arquivos de programas\JetAudio

2007-09-01 23:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\COWON

2007-09-01 19:03 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-09-01 19:03 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-09-01 08:37 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-09-01 08:36 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2007-09-01 08:35 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-09-01 08:25 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-09-01 08:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Microsoft Help

2007-09-01 08:24 <DIR> dr-h----- C:\MSOCache

2007-09-01 08:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-09-01 07:27 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-09-01 07:26 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\uTorrent

2007-09-01 00:13 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-08-31 23:55 <DIR> d-------- C:\DOCUME~1\Felipe\Shared

2007-08-31 23:55 <DIR> d-------- C:\DOCUME~1\Felipe\Incomplete

2007-08-31 23:55 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\LimeWire

2007-08-31 23:49 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-08-31 23:40 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll

2007-08-31 23:40 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll

2007-08-31 23:40 118,784 --a------ C:\WINDOWS\system32\msstdfmt.dll

2007-08-31 23:40 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-08-31 23:17 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\Media Player Classic

2007-08-31 23:05 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2007-08-31 22:56 <DIR> d-------- C:\Arquivos de programas\DaemonTools_WhenUSave_Installer

2007-08-31 22:56 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-08-31 22:47 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-31 22:43 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\Ashampoo

2007-08-31 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\ashampoo

2007-08-31 22:42 <DIR> d-------- C:\Arquivos de programas\Ashampoo

2007-08-31 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\DVD Shrink

2007-08-31 22:34 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2007-08-31 22:04 <DIR> d-------- C:\Temp

2007-08-31 21:40 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2007-08-31 21:38 1,188 --a------ C:\WINDOWS\mozver.dat

2007-08-31 21:35 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-31 21:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Jump Poll Poke Mp3

2007-08-31 21:29 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\fragnew

2007-08-31 21:29 <DIR> d-------- C:\Arquivos de programas\fragnew

2007-08-31 21:27 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-31 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\SRSLabs

2007-08-31 21:15 <DIR> d-------- C:\Arquivos de programas\SRSLabs

2007-08-31 21:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SRS

2007-08-31 21:03 <DIR> d-------- C:\Arquivos de programas\DVDlabPro2

2007-08-31 21:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Apple Computer

2007-08-31 21:01 <DIR> d-------- C:\Arquivos de programas\QuickTime Alternative

2007-08-31 21:01 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-31 21:00 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\Real

2007-08-31 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Real

2007-08-31 21:00 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2007-08-31 21:00 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2007-08-31 21:00 <DIR> d-------- C:\Arquivos de programas\Media Player Classic

2007-08-31 20:52 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-08-31 20:50 <DIR> d--hs---- C:\DOCUME~1\Felipe\UserData

2007-08-31 20:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-31 20:38 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-31 20:34 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-08-31 20:34 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-08-31 20:34 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-08-31 20:18 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-08-31 20:15 <DIR> d-------- C:\DOCUME~1\Felipe\DADOSD~1\MxBoost

2007-08-31 20:13 <DIR> d-------- C:\DOCUME~1\Felipe\Contacts

2007-08-31 20:13 <DIR> d-------- C:\Arquivos de programas\Maxthon2

2007-08-31 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Messenger Plus!

2007-08-31 20:10 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll

2007-08-31 20:10 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-08-31 20:10 <DIR> d-------- C:\Arquivos de programas\Telefonica

2007-08-31 20:10 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-31 20:10 <DIR> d-------- C:\Arquivos de programas\Adverts

2007-08-31 20:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-31 20:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Windows Live Toolbar

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-16 23:23]

"nwiz"="nwiz.exe" [2006-01-16 23:23 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-16 23:23]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-08-31 20:34]

"poke mp3 cdrom meta"="C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe" [2007-09-03 07:16]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-02 09:49]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"CloneCDTray"="C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 16:21]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CHICSAFE"="C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe" [2007-08-31 21:28]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

 

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

S3 PciCon;PciCon;\??\D:\PciCon.sys

S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Felipe\CONFIG~1\Temp\s3chipid.sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-09-03 02:12:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-03 07:50:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-03 7:50:34

C:\ComboFix-quarantined-files.txt ... 2007-09-03 07:50

 

--- E O F ---

 

Aqui esta o log atualizado do HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:51:54, on 3/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\ARQUIV~1\SPYWAR~1\STServer.Exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Felipe\Meus documentos\Downloads\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CHICSAFE] C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188604239328

O17 - HKLM\System\CCS\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

 

obrigado, esperando resposta.

[DigRam 144]

Boa Tarde FeLiPeScO!

 

>@< Faça o download do HostsXpert.

>@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop.

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe

C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

 

Registry values to replace with dummy:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|poke mp3 cdrom meta

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CHICSAFE

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Aproveite êste reboot e entre em Modo de Segurança.

>@< Abra o HostsXpert.exe e clique em: Restore Microsoft's Hosts file >> Ok.

>@< Finalize o programa!

>@< Reinicie,normalmente,o computador!

>@< Faça e poste um nôvo log,do HijackThis + Avenger.txt,na sua resposta.

 

Abraços!

[FeLiPeScO 0]

Bom Dia DigRam!

 

aqui esta o Avenger.txt:

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.

Error code: 0

Line: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CHICSAFE

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\^yymybvs

 

*******************

 

Script file located at: \??\C:\Documents and Settings\xmcexcwg.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe not found!

Deletion of file C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe failed!

 

Could not process line:

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Jump Poll Poke Mp3\meet error.exe

Status: 0xc0000034

 

 

 

File C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe not found!

Deletion of file C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe failed!

 

Could not process line:

C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|poke mp3 cdrom meta replaced with dummy successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

------------------------------------------------------------------------------------------------------------------------

 

aqui esta o log do HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:37:34, on 5/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Maxthon2\Maxthon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\Documents and Settings\Felipe\Meus documentos\Downloads\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [^_WYU^\P] C:\gihrxhbj.bat

O4 - HKCU\..\Run: [CHICSAFE] C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188604239328

O17 - HKLM\System\CCS\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{63B9CABA-2BE4-45AC-8589-E23216414C84}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

Abraços!

[DigRam 144]

Bom Dia FeLiPeScO!

 

>@< Faça o download do FindLop.

>@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!Digite os números e,confirme!

________________________

 

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\gihrxhbj.bat

 

>@< Clique no botão X e,na pergunta sobre o reboot,diga Não!

>@< Coloque,agora,o ficheiro:

 

C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

 

>@< Clique no botão X e,na pergunta,confirme!

>@< O computador,vai reiniciar!

>@< Aproveite êste reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis,e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [^_WYU^\P] C:\gihrxhbj.bat

O4 - HKCU\..\Run: [CHICSAFE] C:\DOCUME~1\Felipe\DADOSD~1\fragnew\Meta Amok Program.exe

O11 - Options group: [iNTERNATIONAL] International*

 

>@< Ainda em Modo de Segurança,apague a pasta: C:\DOCUME~1\Felipe\DADOS~1\fragnew << A pasta!

________________________

 

>@< Reinicie,em Modo Normal e,execute o findlop.bat <!>

>@< Será gerado um relatório ( findlop.txt ),no Disco Local-C.

>@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório ( findlop.txt ) que está em C:\xxx..

 

Abraços!

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.