Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ieca

[Resolvido!]Meu computador está ruim

Recommended Posts

Olá,

estou mandando meu log file. O meu computador está muito lento, e além disso, eu nao consigo clicar no menu iniciar, ou em nada na mesma barra. Eu consigo pelo teclado, mas nao pelo mouse. Fora da barra do menu Iniciar, o meu mouse funciona perfeitamente, inclusive clica nos itens do desktop.

 

Desde já agradeco.

 

Logfile of HijackThis v1.99.1

Scan saved at 04:01:07, on 10/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\Windows32.exe

O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe

O4 - HKLM\..\Run: [bright] C:\WINDOWS\ldssv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows32.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{50E72595-BC87-4ADA-BD24-52C0A1E62FC2}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ieca!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

segue o relatório do BankerFix e o novo logfile do HijackThis.

 

Grata

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 13/10/2007 - 10:28

-------------------------------------------------------

Lista de Definição: 2007-10-07-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\System\sistema.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:30:31, on 13/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\mngrss.exe

C:\WINDOWS\ldssv.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{50E72595-BC87-4ADA-BD24-52C0A1E62FC2}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ieca!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão.Não use o mouse ou teclado!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Já fiz tudinho...

 

ComboFix 07-10-12.4 - Helaine 2007-10-13 15:44:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.145 [GMT -3:00]

Executando de: C:\Documents and Settings\Helaine\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com

C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Helaine\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\system32\drivers\dmcpl.exe

C:\WINDOWS\system32\drivers\nwiz.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-13 to 2007-10-13 ))))))))))))))))))))))))))))))))

.

 

2007-10-13 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-13 12:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\Image Zone Express

2007-10-13 11:51 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2007-10-13 11:45 126,123 --a------ C:\WINDOWS\HPHins12.dat

2007-10-13 11:45 14,916 --------- C:\WINDOWS\hphmdl12.dat

2007-10-13 10:27 <DIR> d-------- C:\LinhaDefensiva

2007-10-10 15:17 14 --a------ C:\Documents and Settings\Helaine\getfile.dat

2007-10-06 22:06 13 --a------ C:\iphist.dat

2007-10-05 23:35 921,088 --a------ C:\WINDOWS\ldssv.exe

2007-10-05 23:34 2,256,896 --a------ C:\WINDOWS\mngrss.exe

2007-10-05 23:34 921,088 --a------ C:\WINDOWS\system32\ldssv.exe

2007-10-05 23:32 2,256,896 --a------ C:\WINDOWS\system32\mngrss.exe

2007-10-04 23:11 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\ArcSoft

2007-10-04 23:08 18,560 --a------ C:\WINDOWS\system32\drivers\vtcdrv.sys

2007-10-04 23:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\InstallShield

2007-10-04 23:05 <DIR> d-------- C:\Arquivos de programas\Philips

2007-10-02 03:20 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-10-01 20:02 4,953,088 --a------ C:\WINDOWS\system\oxi.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-13 15:15 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2007-10-13 15:08 --------- d-----w C:\Arquivos de programas\HP

2007-10-10 19:39 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Stop Bows Coal

2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\show acid draw ante

2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol

2007-10-05 02:07 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-10-03 23:15 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Screenshot Sender

2007-09-03 06:42 --------- d-----w C:\Arquivos de programas\gnubg

2007-08-26 21:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SIZE RDR GRID 4

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsru.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsptb.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsit.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrses.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsde.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvrsja.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsnl.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfr.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfi.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvrsko.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrssv.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsno.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsda.dll

2002-11-12 21:53 86,016 -c--a-w C:\WINDOWS\inf\nvwrseng.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvwrsar.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszht.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszhc.dll

2002-11-12 21:53 622,592 -c--a-w C:\WINDOWS\inf\nvqtwk.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsko.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsja.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvsvc32.exe

2002-11-12 21:53 548,933 -c--a-w C:\WINDOWS\inf\nview.dll

2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszht.dll

2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszhc.dll

2002-11-12 21:53 372,736 -c--a-w C:\WINDOWS\inf\nwiz.exe

2002-11-12 21:53 340,039 -c--a-w C:\WINDOWS\inf\nvshell.dll

2002-11-12 21:53 3,545,674 -c--a-w C:\WINDOWS\inf\nv4_disp.dll

2002-11-12 21:53 278,528 -c--a-w C:\WINDOWS\inf\dmcpl.exe

2002-11-12 21:53 2,932,736 -c--a-w C:\WINDOWS\inf\nvoglnt.dll

2002-11-12 21:53 2,060,288 -c--a-w C:\WINDOWS\inf\nvcpl.dll

2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrsit.dll

2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrses.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsru.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsptb.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsnl.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsfr.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsde.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrssv.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsfi.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsda.dll

2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrsno.dll

2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrseng.dll

2002-11-12 21:53 118,784 -c--a-w C:\WINDOWS\inf\nvrsar.dll

2002-11-12 21:53 114,688 -c--a-w C:\WINDOWS\inf\nvinstnt.dll

2002-11-12 21:53 1,004,650 -c--a-w C:\WINDOWS\inf\nv4_mini.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2005-04-18 15:27]

"vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2005-05-25 15:32]

"NvCplDaemon"="NvQTwk" []

"nwiz"="nwiz.exe" [2002-11-12 18:53 C:\WINDOWS\system32\nwiz.exe]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-02-24 05:00]

"Loud Idol Setup Grid"="C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe" []

"mngrss"="C:\WINDOWS\mngrss.exe" [2007-10-05 23:34]

"BDMCon"="C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]

"BDNewsAgent"="C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

 

R3 WBSD;Winbond Secure Digital Storage Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS

S3 VtcDrv;Philips SA60xx Recovery Device;C:\WINDOWS\system32\Drivers\vtcdrv.sys

S3 WINIO;WINIO;\??\C:\WINDOWS\system32\winio.sys

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-13 18:00:00 C:\WINDOWS\Tasks\B027524A93ACC39E.job"

- c:\docume~1\helaine\dadosd~1\stopbo~1\aimelseplatform.exe

"2007-10-13 18:44:05 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-13 15:46:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

Tempo para conclusão: 2007-10-13 15:47:57

.

--- E O F ---

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:51:32, on 13/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\mngrss.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

c:\arquivos de programas\softwin\bitdefender8\bdmcon.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe

O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ieca!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol\data readme.exe

C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1\aimelseplatform.exe

C:\WINDOWS\mngrss.exe

C:\WINDOWS\win32config.exe

C:\WINDOWS\System32\taskmon.exe

C:\WINDOWS\win32apps3.txt

C:\WINDOWS\kernel32.dll

C:\WINDOWS\System32\shimgapi.dll

C:\WINDOWS\ntbtlog.txt

C:\iphist.dat

C:\WINDOWS\ldssv.exe

C:\WINDOWS\system32\ldssv.exe

C:\WINDOWS\system32\mngrss.exe

C:\WINDOWS\Tasks\B027524A93ACC39E.job

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Loud Idol Setup Grid"=""

"mngrss"=""

 

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol

C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1

C:\LinhaDefensiva

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

já fiz tudo o que você pediu...

 

Depois de ter seguido esses procedimentos, os problemas aparentemente desapareceram.

Estou mandando os logs como você pediu.

Desde já agradeço.

 

2002-11-12 18:53	  278528	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dmcpl.exe.vir2002-11-12 18:53	  372736	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\nwiz.exe.vir2003-04-15 22:09	  49152	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\md5.exe.vir2005-09-14 11:19	  167936	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\unzip.exe.vir2005-09-14 11:19	  61440	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\download.exe.vir2006-03-02 23:42	  73728	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\pv.exe.vir2007-05-27 19:38	  4416	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\Iniciar-BankerFix.vbs.vir2007-08-02 23:18	  1060	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\STOPBO~1.vir2007-08-10 04:02	  80	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol.vir2007-08-24 02:34	  5826	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\banker.bat.vir2007-09-09 06:02	  14820	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\bankerfix.vbs.vir2007-10-06 18:54	  145	--a------	C:\Qoobox\Quarantine\C\Documents and Settings\Helaine\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\4KMKBYA5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol.vir2007-10-07 05:34	  701	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-reg.vir2007-10-07 05:37	  1515	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-md5.vir2007-10-13 10:28	  12	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\VERSION.vir2007-10-13 11:40	  12	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\webversion.info.vir2007-10-13 11:40	  1360	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\backup.reg.vir2007-10-13 11:40	  1360	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\RegKeys.txt.vir2007-10-13 11:41	  17	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\regremove.vir2007-10-13 11:41	  18600	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\reft-startup.vir2007-10-13 11:41	  512	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\relatorio.txt.vir2038-01-18 23:14	  0	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-mydoc.vir2038-01-18 23:14	  1009	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-programfiles.vir2038-01-18 23:14	  1014	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-hosts.vir2038-01-18 23:14	  10600	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\fx.reg.vir2038-01-18 23:14	  12	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-allu.vir2038-01-18 23:14	  2018	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-sysdrive.vir2038-01-18 23:14	  28	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-tasks.vir2038-01-18 23:14	  47	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-start.vir2038-01-18 23:14	  500	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-temp.vir2038-01-18 23:14	  525	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-wincommon.vir2038-01-18 23:14	  58	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-system.vir2038-01-18 23:14	  6637	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-system32.vir2038-01-18 23:14	  6929	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-windows.vir2038-01-18 23:14	  8	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-profile.vir2038-01-18 23:14	  818	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-startup.vir2038-01-18 23:14	  82	--a------	C:\Qoobox\Quarantine\C\LinhaDefensiva\ref-commonfiles.virListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 047A-13C9C:\QOOBOX\QUARANTINE+---C|   +---Documents and Settings|   |   \---Helaine|   |	   \---Dados de aplicativos|   |		   +---Macromedia|   |		   |   \---Flash Player|   |		   |	   +---#SharedObjects|   |		   |	   |   \---4KMKBYA5|   |		   |	   |	   \---iforex.com|   |		   |	   |		   \---Emerp|   |		   |	   |			   \---Events|   |		   |	   |				   \---flash_object.swf|   |		   |	   |						   user_data.sol.vir|   |		   |	   |						   |   |		   |	   \---macromedia.com|   |		   |		   \---support|   |		   |			   \---flashplayer|   |		   |				   \---sys|   |		   |					   \---#iforex.com|   |		   |							   settings.sol.vir|   |		   |							   |   |		   \---STOPBO~1|   |				   0.vir|   |				   |   +---LinhaDefensiva|   |	   backup.reg.vir|   |	   banker.bat.vir|   |	   bankerfix.vbs.vir|   |	   download.exe.vir|   |	   fx.reg.vir|   |	   Iniciar-BankerFix.vbs.vir|   |	   md5.exe.vir|   |	   pv.exe.vir|   |	   ref-allu.vir|   |	   ref-commonfiles.vir|   |	   ref-hosts.vir|   |	   ref-md5.vir|   |	   ref-mydoc.vir|   |	   ref-profile.vir|   |	   ref-programfiles.vir|   |	   ref-reg.vir|   |	   ref-start.vir|   |	   ref-startup.vir|   |	   ref-sysdrive.vir|   |	   ref-system.vir|   |	   ref-system32.vir|   |	   ref-tasks.vir|   |	   ref-temp.vir|   |	   ref-wincommon.vir|   |	   ref-windows.vir|   |	   reft-startup.vir|   |	   RegKeys.txt.vir|   |	   regremove.vir|   |	   relatorio.txt.vir|   |	   unzip.exe.vir|   |	   VERSION.vir|   |	   webversion.info.vir|   |	   |   \---WINDOWS|	   \---system32|		   \---drivers|				   dmcpl.exe.vir|				   nwiz.exe.vir|				   \---Registry_backups

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:33:25, on 14/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Grata.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde ieca!

 

>@< Faça o download do HostsXpert.

>@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop.

>@< Feche todas as janelas e o navegador!

>@< Clique em Restore Microsoft's Hosts file >> Ok.

>@< Finalize o programa!

>@< Reinicie o computador!

_____________________

 

>@< Amiga!O relatório que voçê postou,não é o ComboFix.txt e sim,a quarentena da ferramenta.

>@< Por favor,procure postá-lo,pois dele dependerá outro procedimento.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Putz, foi mal. Vou postar o arquivo certo.

Já fiz o que você disse.

To postando tbm o logfile do HJT atualizado.

 

ComboFix 07-10-12.4 - Helaine 2007-10-14 12:20:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.114 [GMT -3:00]

Executando de: C:\Documents and Settings\Helaine\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Helaine\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Dados de aplicativos\4 Curb Loud Idol

C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1

C:\Documents and Settings\Helaine\Dados de aplicativos\stopbo~1\0

C:\LinhaDefensiva

C:\LinhaDefensiva\backup.reg

C:\LinhaDefensiva\banker.bat

C:\LinhaDefensiva\bankerfix.vbs

C:\LinhaDefensiva\download.exe

C:\LinhaDefensiva\fx.reg

C:\LinhaDefensiva\Iniciar-BankerFix.vbs

C:\LinhaDefensiva\md5.exe

C:\LinhaDefensiva\pv.exe

C:\LinhaDefensiva\ref-allu

C:\LinhaDefensiva\ref-commonfiles

C:\LinhaDefensiva\ref-hosts

C:\LinhaDefensiva\ref-md5

C:\LinhaDefensiva\ref-mydoc

C:\LinhaDefensiva\ref-profile

C:\LinhaDefensiva\ref-programfiles

C:\LinhaDefensiva\ref-reg

C:\LinhaDefensiva\ref-start

C:\LinhaDefensiva\ref-startup

C:\LinhaDefensiva\ref-sysdrive

C:\LinhaDefensiva\ref-system

C:\LinhaDefensiva\ref-system32

C:\LinhaDefensiva\ref-tasks

C:\LinhaDefensiva\ref-temp

C:\LinhaDefensiva\ref-wincommon

C:\LinhaDefensiva\ref-windows

C:\LinhaDefensiva\reft-startup

C:\LinhaDefensiva\RegKeys.txt

C:\LinhaDefensiva\regremove

C:\LinhaDefensiva\relatorio.txt

C:\LinhaDefensiva\unzip.exe

C:\LinhaDefensiva\VERSION

C:\LinhaDefensiva\webversion.info

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))))

.

 

2007-10-13 15:43 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-13 12:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\Image Zone Express

2007-10-13 11:51 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2007-10-13 11:45 126,123 --a------ C:\WINDOWS\HPHins12.dat

2007-10-13 11:45 14,916 --------- C:\WINDOWS\hphmdl12.dat

2007-10-10 15:17 14 --a------ C:\Documents and Settings\Helaine\getfile.dat

2007-10-06 22:06 13 --a------ C:\iphist.dat

2007-10-05 23:35 921,088 --a------ C:\WINDOWS\ldssv.exe

2007-10-05 23:34 2,256,896 --a------ C:\WINDOWS\mngrss.exe

2007-10-05 23:34 921,088 --a------ C:\WINDOWS\system32\ldssv.exe

2007-10-05 23:32 2,256,896 --a------ C:\WINDOWS\system32\mngrss.exe

2007-10-04 23:11 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\ArcSoft

2007-10-04 23:08 18,560 --a------ C:\WINDOWS\system32\drivers\vtcdrv.sys

2007-10-04 23:05 <DIR> d-------- C:\Documents and Settings\Helaine\Dados de aplicativos\InstallShield

2007-10-04 23:05 <DIR> d-------- C:\Arquivos de programas\Philips

2007-10-02 03:20 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-10-01 20:02 4,953,088 --a------ C:\WINDOWS\system\oxi.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-14 14:58 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2007-10-13 15:08 --------- d-----w C:\Arquivos de programas\HP

2007-10-10 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\show acid draw ante

2007-10-05 02:07 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-10-03 23:15 --------- d-----w C:\Documents and Settings\Helaine\Dados de aplicativos\Screenshot Sender

2007-09-03 06:42 --------- d-----w C:\Arquivos de programas\gnubg

2007-08-26 21:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SIZE RDR GRID 4

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsru.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsptb.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsit.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrses.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvwrsde.dll

2002-11-12 21:53 98,304 -c--a-w C:\WINDOWS\inf\nvrsja.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsnl.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfr.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvwrsfi.dll

2002-11-12 21:53 94,208 -c--a-w C:\WINDOWS\inf\nvrsko.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrssv.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsno.dll

2002-11-12 21:53 90,112 -c--a-w C:\WINDOWS\inf\nvwrsda.dll

2002-11-12 21:53 86,016 -c--a-w C:\WINDOWS\inf\nvwrseng.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvwrsar.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszht.dll

2002-11-12 21:53 81,920 -c--a-w C:\WINDOWS\inf\nvrszhc.dll

2002-11-12 21:53 622,592 -c--a-w C:\WINDOWS\inf\nvqtwk.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsko.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvwrsja.dll

2002-11-12 21:53 61,440 -c--a-w C:\WINDOWS\inf\nvsvc32.exe

2002-11-12 21:53 548,933 -c--a-w C:\WINDOWS\inf\nview.dll

2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszht.dll

2002-11-12 21:53 49,152 -c--a-w C:\WINDOWS\inf\nvwrszhc.dll

2002-11-12 21:53 372,736 -c--a-w C:\WINDOWS\inf\nwiz.exe

2002-11-12 21:53 340,039 -c--a-w C:\WINDOWS\inf\nvshell.dll

2002-11-12 21:53 3,545,674 -c--a-w C:\WINDOWS\inf\nv4_disp.dll

2002-11-12 21:53 278,528 -c--a-w C:\WINDOWS\inf\dmcpl.exe

2002-11-12 21:53 2,932,736 -c--a-w C:\WINDOWS\inf\nvoglnt.dll

2002-11-12 21:53 2,060,288 -c--a-w C:\WINDOWS\inf\nvcpl.dll

2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrsit.dll

2002-11-12 21:53 135,168 -c--a-w C:\WINDOWS\inf\nvrses.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsru.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsptb.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsnl.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsfr.dll

2002-11-12 21:53 131,072 -c--a-w C:\WINDOWS\inf\nvrsde.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrssv.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsfi.dll

2002-11-12 21:53 126,976 -c--a-w C:\WINDOWS\inf\nvrsda.dll

2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrsno.dll

2002-11-12 21:53 122,880 -c--a-w C:\WINDOWS\inf\nvrseng.dll

2002-11-12 21:53 118,784 -c--a-w C:\WINDOWS\inf\nvrsar.dll

2002-11-12 21:53 114,688 -c--a-w C:\WINDOWS\inf\nvinstnt.dll

2002-11-12 21:53 1,004,650 -c--a-w C:\WINDOWS\inf\nv4_mini.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2005-04-18 15:27]

"vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2005-05-25 15:32]

"NvCplDaemon"="NvQTwk" []

"nwiz"="nwiz.exe" [2002-11-12 18:53 C:\WINDOWS\system32\nwiz.exe]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-02-24 05:00]

"Loud Idol Setup Grid"="" []

"mngrss"="" []

"BDMCon"="C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]

"BDNewsAgent"="C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

 

R3 WBSD;Winbond Secure Digital Storage Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS

S3 VtcDrv;Philips SA60xx Recovery Device;C:\WINDOWS\system32\Drivers\vtcdrv.sys

S3 WINIO;WINIO;\??\C:\WINDOWS\system32\winio.sys

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-14 15:00:00 C:\WINDOWS\Tasks\B027524A93ACC39E.job"

- c:\docume~1\helaine\dadosd~1\stopbo~1\aimelseplatform.exe

"2007-10-13 20:44:27 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-14 12:23:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

Tempo para conclusão: 2007-10-14 12:24:39

.

--- E O F ---

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:45:08, on 14/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde ieca!

 

>@< Abra o Bloco de Notas e copie/cole,todo o conteúdo da área do quote.(...menos a palavra quote)

 

@echo off

DEL /Q /S C:\iphist.dat

DEL /Q /S C:\WINDOWS\ldssv.exe

DEL /Q /S C:\WINDOWS\mngrss.exe

DEL /Q /S C:\WINDOWS\system32\ldssv.exe

DEL /Q /S C:\WINDOWS\system32\mngrss.exe

@pause

>@< Salve-o,no Desktop,como "Del.bat"

>@< É importante que o nome fique,entre aspas.

>@< Reinicie,o computador,em Modo de Segurança.

>@< Dê um duplo clique em "Del.bat",para executá-lo.

______________________

 

>@< Abra o HijackThis,e dê Fix,nestas entradas:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

 

>@< Apague a pasta C:\QooBox <!>

>@< Reinicie em Modo Normal.

>@< Poste um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

aqui está o log do HJT.

 

Valeu por estar ajudando.

 

Logfile of HijackThis v1.99.1

Scan saved at 21:47:39, on 15/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Symantec AntiVirus\DoScan.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ieca!

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

_____________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

_____________________

 

>@< Tudo Ok,com o computador?

>@< Pois o Log,está Limpo!

>@< Bom trabalho!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.