[Resolvido!] Análise de Log Hijackthis

[Paraense 0]

Olá,

 

Gostaria que fosse feita uma análise no log do Hijackthis da minha maquina... ela está com alguns problemas...

vlw...

 

Logfile of HijackThis v1.99.1

Scan saved at 05:45:39, on 24/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Google\Update\1.0.91.0\GoogleUpdate.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\Limpeza\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: SMS Power View.lnk = C:\sms\SmsPowerView.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190012309703

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eriko-verissimo.spaces.live.com/Pho...ad/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\1.0.91.0\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[jgarcia 1]

Opa Paraense,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Paraense 0]

Aqui está o ComboFix.txt

 

ComboFix 07-11-19.3 - Eriko Verissimo 2007-11-25 3:57:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.476 [GMT -3:00]

Executando de: C:\Limpeza\ComboFix.exe

* Criado um novo ponto de restauro

.

 

Incapaz de adquirir Privilégios de Sistema

 

Aqui está o novo Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 04:12, on 2007-11-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.0.91.0\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\java.exe

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\java.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Limpeza\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: SMS Power View.lnk = C:\sms\SmsPowerView.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer.1.54.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190012309703

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eriko-verissimo.spaces.live.com/Pho...ad/MsnPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Serviço 'Gateway de camada de aplicativo' (ALG) - Unknown owner - cmd.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\1.0.91.0\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[jgarcia 1]

Opa Paraense,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Paraense 0]

Log Active Scan Panda:

 

 

Incidência Estado Localização

 

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\ComboFix\nircmd.cfexe

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko verissimo@atdmt[2].txt

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@ad.yieldmanager[2].txt

Spyware:Cookie/Adrevolver Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@adrevolver[2].txt

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@ads.pointroll[1].txt

Spyware:Cookie/Adserver Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@adserver.filefront[1].txt

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@adtech[2].txt

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@advertising[2].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@bs.serving-sys[2].txt

Spyware:Cookie/Casalemedia Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@casalemedia[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@com[1].txt

Spyware:Cookie/Hitslink Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@counter.hitslink[1].txt

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@doubleclick[1].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@ehg.hitbox[2].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@fastclick[1].txt

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@fl01.ct2.comclick[2].txt

Spyware:Cookie/Hitbox Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@hg1.hitbox[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@ig.com[1].txt

Spyware:Cookie/DomainSponsor Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@landing.domainsponsor[1].txt

Spyware:Cookie/Adrevolver Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@media.adrevolver[2].txt

Spyware:Cookie/Outster Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@outster[2].txt

Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@overture[1].txt

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@questionmarket[2].txt

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@realmedia[1].txt

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@revenue[2].txt

Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@searchportal.information[1].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@serving-sys[2].txt

Spyware:Cookie/Sextracker Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@sextracker[1].txt

Spyware:Cookie/onestat.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@stat.onestat[1].txt

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@statcounter[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@terra.com[2].txt

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@tribalfusion[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@uol.com[2].txt

Spyware:Cookie/Cgi-bin Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@www2.addfreestats[2].txt

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@yadro[1].txt

Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\Eriko Verissimo\Cookies\eriko_verissimo@zedo[2].txt

Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.overture.com/]

Spyware:Cookie/MediaTickets Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.kinghost.com/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/SexList Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\Eriko Verissimo\Dados de aplicativos\Mozilla\Firefox\Profiles\p02r1wx0.default\cookies.txt[.advertising.com/]

Adware:Adware/SaveNow Não desinfectado C:\Eriko\Arquivos\bsplayer221.950_clip.exe[bSplayer_WhenUSave_InstallerInst.exe]

Adware:Adware/SecurityError Não desinfectado C:\Eriko\Programação\Marina2_s2.rar[divxcodec.exe][bmxknd.exe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Limpeza\ComboFix.exe[nircmd.exe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Limpeza\ComboFix.exe[nircmd.cfexe]

Ferramenta potencialmente indesejada:Application/Psshutdown.A Não desinfectado C:\sms\xml\shutdown\shutdown.exe

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\WINDOWS\NirCmd.exe

[jgarcia 1]

Opa Paraense,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Eriko\Arquivos\bsplayer221.950_clip.exe

C:\Eriko\Programação\Marina2_s2.rar

C:\sms\xml\shutdown\shutdown.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da seguinte pasta:

 

C:\!Killbox

 

Execute o CCleaner e clique em Executar Limpeza.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[Paraense 0]

tudo ok já....

[jgarcia 1]

tudo ok já....

Problema resolvido?

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.