ieca 0 Denunciar post Postado Outubro 10, 2007 Olá, estou mandando meu log file. O meu computador está muito lento, e além disso, eu nao consigo clicar no menu iniciar, ou em nada na mesma barra. Eu consigo pelo teclado, mas nao pelo mouse. Fora da barra do menu Iniciar, o meu mouse funciona perfeitamente, inclusive clica nos itens do desktop. Desde já agradeco. Logfile of HijackThis v1.99.1 Scan saved at 04:01:07, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Windows32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\Windows32.exe O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe O4 - HKLM\..\Run: [bright] C:\WINDOWS\ldssv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows32.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{50E72595-BC87-4ADA-BD24-52C0A1E62FC2}: NameServer = 200.165.132.154 200.149.55.142 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 12, 2007 Bom Dia ieca! >@< Faça o download do BankerFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares. >@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente. >@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt >@< Poste,também,um nôvo Log do HijackThis,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 13, 2007 Olá, segue o relatório do BankerFix e o novo logfile do HijackThis. Grata BankerFix 2.4 - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 13/10/2007 - 10:28 ------------------------------------------------------- Lista de Definição: 2007-10-07-1 ======================================================= Arquivo infectado detectado: C:\WINDOWS\System\sistema.exe Arquivo infectado removido com sucesso! Killando arquivos em Help ----------------------------------- Killing '*' Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:30:31, on 13/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\mngrss.exe C:\WINDOWS\ldssv.exe C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\wscntfy.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{50E72595-BC87-4ADA-BD24-52C0A1E62FC2}: NameServer = 200.165.132.154 200.149.55.142 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 13, 2007 Bom Dia ieca! >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e execute a ferramenta! >@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado. >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar < Enter > >@< Aguarde a conclusão.Não use o mouse ou teclado! >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 13, 2007 Já fiz tudinho... ComboFix 07-10-12.4 - Helaine 2007-10-13 15:44:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.145 [GMT -3:00] Executando de: C:\Documents and Settings\Helaine\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\WINDOWS\system32\drivers\dmcpl.exe C:\WINDOWS\system32\drivers\nwiz.exe . ((((((((((((((((((((((( Ficheiros criados de 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))) . 2007-10-13 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-13 12:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\Image Zone Express 2007-10-13 11:51 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard 2007-10-13 11:45 126,123 --a------ C:\WINDOWS\HPHins12.dat 2007-10-13 11:45 14,916 --------- C:\WINDOWS\hphmdl12.dat 2007-10-13 10:27 <DIR> d-------- C:\LinhaDefensiva 2007-10-10 15:17 14 --a------ C:\Documents and Settings\Helaine\getfile.dat 2007-10-06 22:06 13 --a------ C:\iphist.dat 2007-10-05 23:35 921,088 --a------ C:\WINDOWS\ldssv.exe 2007-10-05 23:34 2,256,896 --a------ C:\WINDOWS\mngrss.exe 2007-10-05 23:34 921,088 --a------ C:\WINDOWS\system32\ldssv.exe 2007-10-05 23:32 2,256,896 --a------ C:\WINDOWS\system32\mngrss.exe 2007-10-04 23:11 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\ArcSoft 2007-10-04 23:08 18,560 --a------ C:\WINDOWS\system32\drivers\vtcdrv.sys 2007-10-04 23:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\InstallShield 2007-10-04 23:05 <DIR> d-------- C:\Arquivos de programas\Philips 2007-10-02 03:20 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-10-01 20:02 4,953,088 --a------ C:\WINDOWS\system\oxi.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-13 15:15 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus 2007-10-13 15:08 --------- d-----w C:\Arquivos de programas\HP 2007-10-10 19:39 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Stop Bows Coal 2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\show acid draw ante 2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol 2007-10-05 02:07 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-10-03 23:15 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Screenshot Sender 2007-09-03 06:42 --------- d-----w C:\Arquivos de programas\gnubg 2007-08-26 21:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SIZE RDR GRID 4 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsru.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsptb.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsit.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrses.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsde.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvrsja.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsnl.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfr.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfi.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvrsko.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrssv.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsno.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsda.dll 2002-11-12 21:53 86,016 -c--a-w C:\WINDOWS\inf\nvwrseng.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvwrsar.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszht.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszhc.dll 2002-11-12 21:53 622,592 -c--a-w C:\WINDOWS\inf\nvqtwk.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsko.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsja.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvsvc32.exe 2002-11-12 21:53 548,933 -c--a-w C:\WINDOWS\inf\nview.dll 2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszht.dll 2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszhc.dll 2002-11-12 21:53 372,736 -c--a-w C:\WINDOWS\inf\nwiz.exe 2002-11-12 21:53 340,039 -c--a-w C:\WINDOWS\inf\nvshell.dll 2002-11-12 21:53 3,545,674 -c--a-w C:\WINDOWS\inf\nv4_disp.dll 2002-11-12 21:53 278,528 -c--a-w C:\WINDOWS\inf\dmcpl.exe 2002-11-12 21:53 2,932,736 -c--a-w C:\WINDOWS\inf\nvoglnt.dll 2002-11-12 21:53 2,060,288 -c--a-w C:\WINDOWS\inf\nvcpl.dll 2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrsit.dll 2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrses.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsru.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsptb.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsnl.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsfr.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsde.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrssv.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsfi.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsda.dll 2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrsno.dll 2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrseng.dll 2002-11-12 21:53 118,784 -c--a-w C:\WINDOWS\inf\nvrsar.dll 2002-11-12 21:53 114,688 -c--a-w C:\WINDOWS\inf\nvinstnt.dll 2002-11-12 21:53 1,004,650 -c--a-w C:\WINDOWS\inf\nv4_mini.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2005-04-18 15:27] "vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2005-05-25 15:32] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [2002-11-12 18:53 C:\WINDOWS\system32\nwiz.exe] "Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-02-24 05:00] "Loud Idol Setup Grid"="C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe" [] "mngrss"="C:\WINDOWS\mngrss.exe" [2007-10-05 23:34] "BDMCon"="C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24] R3 WBSD;Winbond Secure Digital Storage Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS S3 VtcDrv;Philips SA60xx Recovery Device;C:\WINDOWS\system32\Drivers\vtcdrv.sys S3 WINIO;WINIO;\??\C:\WINDOWS\system32\winio.sys *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' "2007-10-13 18:00:00 C:\WINDOWS\Tasks\B027524A93ACC39E.job" - c:\docume~1\helaine\dadosd~1\stopbo~1\aimelseplatform.exe "2007-10-13 18:44:05 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-13 15:46:36 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... ************************************************************************** . Tempo para conclusão: 2007-10-13 15:47:57 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 15:51:32, on 13/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\mngrss.exe C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe c:\arquivos de programas\softwin\bitdefender8\bdmcon.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 14, 2007 Bom Dia ieca! Delete: C:\QooBox C:\ComboFix.txt << Log do ComboFix. __________________ >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1\aimelseplatform.exe C:\WINDOWS\mngrss.exe C:\WINDOWS\win32config.exe C:\WINDOWS\System32\taskmon.exe C:\WINDOWS\win32apps3.txt C:\WINDOWS\kernel32.dll C:\WINDOWS\System32\shimgapi.dll C:\WINDOWS\ntbtlog.txt C:\iphist.dat C:\WINDOWS\ldssv.exe C:\WINDOWS\system32\ldssv.exe C:\WINDOWS\system32\mngrss.exe C:\WINDOWS\Tasks\B027524A93ACC39E.job Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Loud Idol Setup Grid"="" "mngrss"="" Folder:: C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1 C:\LinhaDefensiva >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 14, 2007 Olá, já fiz tudo o que você pediu... Depois de ter seguido esses procedimentos, os problemas aparentemente desapareceram. Estou mandando os logs como você pediu. Desde já agradeço. 2002-11-12 18:53 278528 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dmcpl.exe.vir2002-11-12 18:53 372736 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\nwiz.exe.vir2003-04-15 22:09 49152 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\md5.exe.vir2005-09-14 11:19 167936 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\unzip.exe.vir2005-09-14 11:19 61440 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\download.exe.vir2006-03-02 23:42 73728 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\pv.exe.vir2007-05-27 19:38 4416 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\Iniciar-BankerFix.vbs.vir2007-08-02 23:18 1060 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\STOPBO~1.vir2007-08-10 04:02 80 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol.vir2007-08-24 02:34 5826 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\banker.bat.vir2007-09-09 06:02 14820 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\bankerfix.vbs.vir2007-10-06 18:54 145 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol.vir2007-10-07 05:34 701 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-reg.vir2007-10-07 05:37 1515 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-md5.vir2007-10-13 10:28 12 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\VERSION.vir2007-10-13 11:40 12 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\webversion.info.vir2007-10-13 11:40 1360 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\backup.reg.vir2007-10-13 11:40 1360 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\RegKeys.txt.vir2007-10-13 11:41 17 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\regremove.vir2007-10-13 11:41 18600 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\reft-startup.vir2007-10-13 11:41 512 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\relatorio.txt.vir2038-01-18 23:14 0 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-mydoc.vir2038-01-18 23:14 1009 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-programfiles.vir2038-01-18 23:14 1014 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-hosts.vir2038-01-18 23:14 10600 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\fx.reg.vir2038-01-18 23:14 12 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-allu.vir2038-01-18 23:14 2018 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-sysdrive.vir2038-01-18 23:14 28 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-tasks.vir2038-01-18 23:14 47 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-start.vir2038-01-18 23:14 500 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-temp.vir2038-01-18 23:14 525 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-wincommon.vir2038-01-18 23:14 58 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-system.vir2038-01-18 23:14 6637 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-system32.vir2038-01-18 23:14 6929 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-windows.vir2038-01-18 23:14 8 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-profile.vir2038-01-18 23:14 818 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-startup.vir2038-01-18 23:14 82 --a------ C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-commonfiles.virListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 047A-13C9C:\QOOBOX\QUARANTINE+---C| +---Documents and Settings| | \---Helaine| | \---Dados de aplicativos| | +---Macromedia| | | \---Flash Player| | | +---#SharedObjects| | | | \---4KMKBYA5| | | | \---iforex.com| | | | \---Emerp| | | | \---Events| | | | \---flash_object.swf| | | | user_data.sol.vir| | | | | | | \---macromedia.com| | | \---support| | | \---flashplayer| | | \---sys| | | \---#iforex.com| | | settings.sol.vir| | | | | \---STOPBO~1| | 0.vir| | | +---LinhaDefensiva| | backup.reg.vir| | banker.bat.vir| | bankerfix.vbs.vir| | download.exe.vir| | fx.reg.vir| | Iniciar-BankerFix.vbs.vir| | md5.exe.vir| | pv.exe.vir| | ref-allu.vir| | ref-commonfiles.vir| | ref-hosts.vir| | ref-md5.vir| | ref-mydoc.vir| | ref-profile.vir| | ref-programfiles.vir| | ref-reg.vir| | ref-start.vir| | ref-startup.vir| | ref-sysdrive.vir| | ref-system.vir| | ref-system32.vir| | ref-tasks.vir| | ref-temp.vir| | ref-wincommon.vir| | ref-windows.vir| | reft-startup.vir| | RegKeys.txt.vir| | regremove.vir| | relatorio.txt.vir| | unzip.exe.vir| | VERSION.vir| | webversion.info.vir| | | \---WINDOWS| \---system32| \---drivers| dmcpl.exe.vir| nwiz.exe.vir| \---Registry_backups Logfile of HijackThis v1.99.1 Scan saved at 12:33:25, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Grata. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 14, 2007 Boa Tarde ieca! >@< Faça o download do HostsXpert. >@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop. >@< Feche todas as janelas e o navegador! >@< Clique em Restore Microsoft's Hosts file >> Ok. >@< Finalize o programa! >@< Reinicie o computador! _____________________ >@< Amiga!O relatório que voçê postou,não é o ComboFix.txt e sim,a quarentena da ferramenta. >@< Por favor,procure postá-lo,pois dele dependerá outro procedimento. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 15, 2007 Putz, foi mal. Vou postar o arquivo certo. Já fiz o que você disse. To postando tbm o logfile do HJT atualizado. ComboFix 07-10-12.4 - Helaine 2007-10-14 12:20:30.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.114 [GMT -3:00] Executando de: C:\Documents and Settings\Helaine\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Helaine\Desktop\CFScript.txt * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1 C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1\0 C:\LinhaDefensiva C:\LinhaDefensiva\backup.reg C:\LinhaDefensiva\banker.bat C:\LinhaDefensiva\bankerfix.vbs C:\LinhaDefensiva\download.exe C:\LinhaDefensiva\fx.reg C:\LinhaDefensiva\Iniciar-BankerFix.vbs C:\LinhaDefensiva\md5.exe C:\LinhaDefensiva\pv.exe C:\LinhaDefensiva\ref-allu C:\LinhaDefensiva\ref-commonfiles C:\LinhaDefensiva\ref-hosts C:\LinhaDefensiva\ref-md5 C:\LinhaDefensiva\ref-mydoc C:\LinhaDefensiva\ref-profile C:\LinhaDefensiva\ref-programfiles C:\LinhaDefensiva\ref-reg C:\LinhaDefensiva\ref-start C:\LinhaDefensiva\ref-startup C:\LinhaDefensiva\ref-sysdrive C:\LinhaDefensiva\ref-system C:\LinhaDefensiva\ref-system32 C:\LinhaDefensiva\ref-tasks C:\LinhaDefensiva\ref-temp C:\LinhaDefensiva\ref-wincommon C:\LinhaDefensiva\ref-windows C:\LinhaDefensiva\reft-startup C:\LinhaDefensiva\RegKeys.txt C:\LinhaDefensiva\regremove C:\LinhaDefensiva\relatorio.txt C:\LinhaDefensiva\unzip.exe C:\LinhaDefensiva\VERSION C:\LinhaDefensiva\webversion.info . ((((((((((((((((((((((( Ficheiros criados de 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))) . 2007-10-13 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-13 12:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\Image Zone Express 2007-10-13 11:51 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard 2007-10-13 11:45 126,123 --a------ C:\WINDOWS\HPHins12.dat 2007-10-13 11:45 14,916 --------- C:\WINDOWS\hphmdl12.dat 2007-10-10 15:17 14 --a------ C:\Documents and Settings\Helaine\getfile.dat 2007-10-06 22:06 13 --a------ C:\iphist.dat 2007-10-05 23:35 921,088 --a------ C:\WINDOWS\ldssv.exe 2007-10-05 23:34 2,256,896 --a------ C:\WINDOWS\mngrss.exe 2007-10-05 23:34 921,088 --a------ C:\WINDOWS\system32\ldssv.exe 2007-10-05 23:32 2,256,896 --a------ C:\WINDOWS\system32\mngrss.exe 2007-10-04 23:11 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\ArcSoft 2007-10-04 23:08 18,560 --a------ C:\WINDOWS\system32\drivers\vtcdrv.sys 2007-10-04 23:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\InstallShield 2007-10-04 23:05 <DIR> d-------- C:\Arquivos de programas\Philips 2007-10-02 03:20 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-10-01 20:02 4,953,088 --a------ C:\WINDOWS\system\oxi.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 14:58 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus 2007-10-13 15:08 --------- d-----w C:\Arquivos de programas\HP 2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\show acid draw ante 2007-10-05 02:07 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-10-03 23:15 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Screenshot Sender 2007-09-03 06:42 --------- d-----w C:\Arquivos de programas\gnubg 2007-08-26 21:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SIZE RDR GRID 4 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsru.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsptb.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsit.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrses.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsde.dll 2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvrsja.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsnl.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfr.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfi.dll 2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvrsko.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrssv.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsno.dll 2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsda.dll 2002-11-12 21:53 86,016 -c--a-w C:\WINDOWS\inf\nvwrseng.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvwrsar.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszht.dll 2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszhc.dll 2002-11-12 21:53 622,592 -c--a-w C:\WINDOWS\inf\nvqtwk.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsko.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsja.dll 2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvsvc32.exe 2002-11-12 21:53 548,933 -c--a-w C:\WINDOWS\inf\nview.dll 2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszht.dll 2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszhc.dll 2002-11-12 21:53 372,736 -c--a-w C:\WINDOWS\inf\nwiz.exe 2002-11-12 21:53 340,039 -c--a-w C:\WINDOWS\inf\nvshell.dll 2002-11-12 21:53 3,545,674 -c--a-w C:\WINDOWS\inf\nv4_disp.dll 2002-11-12 21:53 278,528 -c--a-w C:\WINDOWS\inf\dmcpl.exe 2002-11-12 21:53 2,932,736 -c--a-w C:\WINDOWS\inf\nvoglnt.dll 2002-11-12 21:53 2,060,288 -c--a-w C:\WINDOWS\inf\nvcpl.dll 2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrsit.dll 2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrses.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsru.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsptb.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsnl.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsfr.dll 2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsde.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrssv.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsfi.dll 2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsda.dll 2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrsno.dll 2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrseng.dll 2002-11-12 21:53 118,784 -c--a-w C:\WINDOWS\inf\nvrsar.dll 2002-11-12 21:53 114,688 -c--a-w C:\WINDOWS\inf\nvinstnt.dll 2002-11-12 21:53 1,004,650 -c--a-w C:\WINDOWS\inf\nv4_mini.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2005-04-18 15:27] "vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2005-05-25 15:32] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [2002-11-12 18:53 C:\WINDOWS\system32\nwiz.exe] "Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-02-24 05:00] "Loud Idol Setup Grid"="" [] "mngrss"="" [] "BDMCon"="C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19] "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24] R3 WBSD;Winbond Secure Digital Storage Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS S3 VtcDrv;Philips SA60xx Recovery Device;C:\WINDOWS\system32\Drivers\vtcdrv.sys S3 WINIO;WINIO;\??\C:\WINDOWS\system32\winio.sys . Conteúdo da pasta 'Tarefas Agendadas' "2007-10-14 15:00:00 C:\WINDOWS\Tasks\B027524A93ACC39E.job" - c:\docume~1\helaine\dadosd~1\stopbo~1\aimelseplatform.exe "2007-10-13 20:44:27 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 12:23:23 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... ************************************************************************** . Tempo para conclusão: 2007-10-14 12:24:39 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 21:45:08, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 15, 2007 Boa Tarde ieca! >@< Abra o Bloco de Notas e copie/cole,todo o conteúdo da área do quote.(...menos a palavra quote) @echo offDEL /Q /S C:\iphist.dat DEL /Q /S C:\WINDOWS\ldssv.exe DEL /Q /S C:\WINDOWS\mngrss.exe DEL /Q /S C:\WINDOWS\system32\ldssv.exe DEL /Q /S C:\WINDOWS\system32\mngrss.exe @pause >@< Salve-o,no Desktop,como "Del.bat" >@< É importante que o nome fique,entre aspas. >@< Reinicie,o computador,em Modo de Segurança. >@< Dê um duplo clique em "Del.bat",para executá-lo. ______________________ >@< Abra o HijackThis,e dê Fix,nestas entradas: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O11 - Options group: [iNTERNATIONAL] International* >@< Apague a pasta C:\QooBox <!> >@< Reinicie em Modo Normal. >@< Poste um nôvo Log do HijackThis,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 16, 2007 Olá, aqui está o log do HJT. Valeu por estar ajudando. Logfile of HijackThis v1.99.1 Scan saved at 21:47:39, on 15/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\ARQUIV~1\SYMANT~1\VPTray.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 16, 2007 Bom Dia ieca! >@< Faça o download do CCleaner. >@< Baixe-o para o Desktop! >@< Abra o programa e clique em Executar cleaner. >@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros. _____________________ Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > _____________________ >@< Tudo Ok,com o computador? >@< Pois o Log,está Limpo! >@< Bom trabalho! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
ieca 0 Denunciar post Postado Outubro 16, 2007 Está tudo ok com o pc sim. Já fiz os procedimentos finais.Valeu pela ajuda.Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 15, 2007 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites