[Resolvido!]não sei quais as entradas q eu dou fix...

[everton leoRS 0]

:natal_sad:

OLA PESSOAL GOSTARIA Q VCS PUDESSEM ME AJUAR COM O HIJACK EU FIZ UM SCAN NO PC POR CAUSA DE UM VIRUS E ELE AXOU ISSO Q TA NO LOG!!!SÓ Q OUVI DIZER Q SE EU DER FIX EM UMA ENTRADA ERRADA POD PREJUDICAR O DESEMPENHO DO PC!!!

GRATO DESDE JÁ !!!!

FLWW

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:27:57, on 5/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\dap\PuxaRapido.exe

C:\WINDOWS\System32\cmd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\-\CONFIG~1\Temp\Rar$EX00.282\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - H:\dap\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] H:\dap\Atualiza.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

[DigRam 144]

Boa Noite everton leoRS!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

_______________________

 

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

 

Abraços!

[everton leoRS 0]

Boa Noite everton leoRS!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

_______________________

 

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

 

Abraços!

 

 

 

este e o relatorio do banker fix :

 

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 5/12/2007 - 17:19

-------------------------------------------------------

Lista de Definição: 2007-11-27-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\Prefetch\msmsgxs.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\svchosts.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\bsyys.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\svhost.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msmsgxs.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\bsyys.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

 

 

 

 

 

e este o novo do hijack:

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:50:26, on 5/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\e mule\e mule novo\eMule\emule.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\-\CONFIG~1\Temp\Rar$EX00.953\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - H:\dap\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] H:\dap\Atualiza.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

 

 

obrgado por me ajudar...

espero continuação das açoes....

[DigRam 144]

Boa Noite everton leoRS!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[everton leoRS 0]

olá!!! :natal_biggrin:

 

relatorio do combo fix:

 

ComboFix 07-12-02.7 - - 2007-12-06 1:22:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.657 [GMT -2:00]

Executando de: C:\Documents and Settings\-\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\00538B06.urr

C:\Arquivos de programas\MyWebSearch

C:\Arquivos de programas\MyWebSearch\bar\History\search2

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))

.

 

2007-12-05 18:24 . 2007-12-05 22:45 <DIR> dr-h----- C:\Documents and Settings\-\Recent

2007-12-05 18:20 . 2007-12-05 18:20 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-12-05 17:19 . 2007-12-05 22:44 <DIR> d-------- C:\LinhaDefensiva

2007-12-04 03:23 . 2007-12-04 03:23 <DIR> d-------- C:\Arquivos de programas\Instalador de Emoticons

2007-12-04 01:13 . 2007-12-04 15:53 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI

2007-12-03 19:28 . 2007-12-03 19:28 <DIR> d-------- C:\Arquivos de programas\Google

2007-12-03 11:59 . 2007-12-03 11:59 <DIR> d-------- C:\Arquivos de programas\ONGAME

2007-11-29 10:57 . 2007-12-05 19:28 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2007-11-29 10:57 . 2007-11-29 14:22 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2007-11-29 10:57 . 2007-12-05 19:28 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-11-29 10:55 . 2007-11-29 10:55 <DIR> dr-h----- C:\Documents and Settings\-\Dados de aplicativos\SecuROM

2007-11-29 10:54 . 2007-11-29 10:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-11-29 10:45 . 2007-11-29 10:45 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2007-11-27 11:56 . 2007-11-30 19:12 <DIR> d-------- C:\Documents and Settings\-\Contacts

2007-11-27 02:55 . 2007-11-27 02:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2007-11-27 02:01 . 2007-11-27 02:01 <DIR> d-------- C:\Documents and Settings\-\Incomplete

2007-11-27 02:01 . 2007-11-27 18:21 <DIR> d-------- C:\Documents and Settings\-\Dados de aplicativos\LimeWire

2007-11-27 01:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-27 01:49 . 2007-11-28 13:21 <DIR> d-------- C:\Arquivos de programas\Java

2007-11-27 01:42 . 2007-11-27 01:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-11-26 23:46 . 2007-11-26 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-11-26 23:39 . 2007-12-05 20:01 116 --a------ C:\WINDOWS\NeroDigital.ini

2007-11-26 23:29 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2007-11-26 23:29 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2007-11-26 23:29 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2007-11-26 23:29 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2007-11-26 23:29 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-11-26 23:29 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2007-11-26 23:28 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-11-26 23:28 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2007-11-26 23:28 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2007-11-26 23:28 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2007-11-26 23:28 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-11-26 23:28 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-11-26 18:47 . 2007-11-26 18:47 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-26 18:41 . 2003-07-17 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2007-11-26 18:41 . 2005-01-01 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2007-11-26 18:25 . 2007-11-26 18:25 <DIR> d-------- C:\Documents and Settings\-\Dados de aplicativos\Macromedia

2007-11-26 18:11 . 2007-11-26 18:11 <DIR> d---s---- C:\Documents and Settings\-\UserData

2007-11-25 13:28 . 2007-11-25 13:28 268 --ah----- C:\sqmdata01.sqm

2007-11-25 13:28 . 2007-11-25 13:28 244 --ah----- C:\sqmnoopt01.sqm

2007-11-25 13:26 . 2007-11-25 13:26 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2007-11-25 13:26 . 2007-11-25 13:26 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2007-11-25 13:25 . 2007-11-25 13:25 <DIR> d-------- C:\WINDOWS\system32\Lang

2007-11-25 13:24 . 2007-12-05 18:07 88,566 --a------ C:\WINDOWS\system32\nvapps.xml

2007-11-25 13:24 . 2007-11-25 13:24 268 --ah----- C:\sqmdata00.sqm

2007-11-25 13:24 . 2007-11-25 13:24 244 --ah----- C:\sqmnoopt00.sqm

2007-11-25 13:23 . 2007-11-25 13:25 <DIR> d-------- C:\WINDOWS\nview

2007-11-25 13:23 . 2007-05-21 05:31 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-11-25 13:23 . 2007-05-21 05:31 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2007-11-25 13:21 . 2007-11-25 13:30 <DIR> d-------- C:\Documents and Settings\-\Dados de aplicativos\Ahead

2007-11-25 13:20 . 2007-11-25 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2007-11-25 13:20 . 2007-11-25 13:20 <DIR> d-------- C:\Arquivos de programas\Nero

2007-11-25 13:20 . 2007-11-25 13:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-11-25 13:17 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-11-25 13:17 . 2007-11-25 13:17 421 --a------ C:\WINDOWS\ODBC.INI

2007-11-25 13:16 . 2007-11-25 13:16 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2007-11-25 13:16 . 2007-11-25 13:16 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2007-11-25 13:15 . 2007-11-25 13:16 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-11-25 13:15 . 2007-11-26 19:41 <DIR> d-------- C:\Documents and Settings\-\Dados de aplicativos\Adobe

2007-11-25 13:14 . 2007-11-25 13:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-25 13:09 . 2007-11-25 13:09 <DIR> d-------- C:\Arquivos de programas\Realtek

2007-11-25 13:09 . 2007-12-04 03:34 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-11-25 13:08 . 2007-11-25 13:08 <DIR> d-------- C:\WINDOWS\system32\Tools

2007-11-25 13:08 . 2007-11-25 13:08 <DIR> d-------- C:\Arquivos de programas\Motorola

2007-11-25 13:08 . 2007-11-28 01:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-25 13:08 . 2006-09-14 03:03 980,736 -ra------ C:\WINDOWS\system32\drivers\smserial.sys

2007-11-25 13:08 . 2006-09-14 03:00 155,648 -ra------ C:\WINDOWS\system32\sm56coin.dll

2007-11-25 13:06 . 2006-12-20 02:00 41,600 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys

2007-11-25 13:05 . 2007-11-25 13:05 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-11-25 13:05 . 2007-12-04 03:19 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-11-25 13:04 . 2007-11-25 13:04 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-11-25 13:04 . 2007-11-25 13:04 274,432 --a------ C:\WINDOWS\system32\imon.dll

2007-11-25 13:02 . 2006-12-25 18:31 4,864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys

2007-11-25 13:01 . 2007-11-25 13:01 <DIR> dr-h----- C:\Documents and Settings\-\SendTo

2007-11-25 13:01 . 2007-11-25 12:06 <DIR> d--h----- C:\Documents and Settings\-\Modelos

2007-11-25 13:01 . 2007-11-29 10:57 <DIR> dr------- C:\Documents and Settings\-\Meus documentos

2007-11-25 13:01 . 2007-11-25 10:03 <DIR> dr------- C:\Documents and Settings\-\Menu Iniciar

2007-11-25 13:01 . 2007-12-05 18:04 <DIR> dr------- C:\Documents and Settings\-\Favoritos

2007-11-25 13:01 . 2007-12-06 01:20 <DIR> d-------- C:\Documents and Settings\-\Desktop

2007-11-25 13:01 . 2007-11-26 20:01 <DIR> d---s---- C:\Documents and Settings\-\Dados de aplicativos\Microsoft

2007-11-25 13:01 . 2007-11-25 13:01 <DIR> d-------- C:\Documents and Settings\-\Dados de aplicativos\Identities

2007-11-25 13:01 . 2007-11-29 10:55 <DIR> d--h----- C:\Documents and Settings\-\Dados de aplicativos

2007-11-25 13:01 . 2007-12-06 01:18 <DIR> d---s---- C:\Documents and Settings\-\Cookies

2007-11-25 13:01 . 2007-11-25 13:01 <DIR> d--h----- C:\Documents and Settings\-\Configurações locais

2007-11-25 13:01 . 2007-11-26 20:01 <DIR> d--h----- C:\Documents and Settings\-\Ambiente de rede

2007-11-25 13:01 . 2007-11-25 10:03 <DIR> d--h----- C:\Documents and Settings\-\Ambiente de impressão

2007-11-25 13:01 . 2007-12-05 18:06 1,572,864 --ah----- C:\Documents and Settings\-\NTUSER.DAT

2007-11-25 13:00 . 2007-11-25 13:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2007-11-25 13:00 . 2007-11-25 13:00 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos

2007-11-25 13:00 . 2007-11-25 13:00 <DIR> d--h----- C:\Documents and Settings\LocalService\Configurações locais

2007-11-25 10:05 . 2004-08-03 22:36 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-11-25 10:05 . 2001-08-17 19:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-11-25 10:04 . 2004-08-03 22:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2007-11-25 10:03 . 2007-11-25 12:06 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2007-11-25 10:03 . 2007-11-25 10:03 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2007-11-25 10:03 . 2007-11-25 10:03 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2007-11-25 10:03 . 2007-11-25 10:03 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2007-11-25 10:03 . 2007-11-25 10:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Configurações locais

2007-11-25 10:03 . 2007-11-25 10:03 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-05 20:06 1,572,864 ---ha-w C:\Documents and Settings\-\NTUSER.DAT

2007-11-29 12:55 --------- d--h--r C:\Documents and Settings\-\Dados de aplicativos\SecuROM

2007-11-27 20:21 --------- d-----w C:\Documents and Settings\-\Dados de aplicativos\LimeWire

2007-11-26 22:01 --------- d-s---w C:\Documents and Settings\-\Dados de aplicativos\Microsoft

2007-11-26 21:41 --------- d-----w C:\Documents and Settings\-\Dados de aplicativos\Adobe

2007-11-26 20:25 --------- d-----w C:\Documents and Settings\-\Dados de aplicativos\Macromedia

2007-11-25 15:30 --------- d-----w C:\Documents and Settings\-\Dados de aplicativos\Ahead

2007-11-25 15:09 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-11-25 15:01 --------- d-----w C:\Documents and Settings\-\Dados de aplicativos\Identities

2007-11-25 14:10 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-11-25 14:08 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-11-25 14:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-11-25 14:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-11-25 13:04]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:45 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-05-21 05:31 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:45 C:\WINDOWS\system32\rundll32.exe]

"Atualizador - Puxa Rápido"="H:\dap\Atualiza.exe" [2006-06-23 11:53]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54]

"GlobalFlagorkutkut"="C:\WINDOWS\system32\orkutkut.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Reboot.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Reboot.exe

backup=C:\WINDOWS\pss\Reboot.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 19:04 139264 --a------ C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40 155648 --a------ C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-09-14 03:00 577536 -ra------ C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{493e56d7-9b67-11dc-b0e3-c9a503b11bf9}]

\Shell\AutoRun\command - J:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

*Newly Created Service* - HTTPFILTER

*Newly Created Service* - PNKBSTRK

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-06 01:24:42

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-12-06 1:25:04

.

--- E O F ---

 

 

hjt:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:29:59, on 6/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

H:\e mule\e mule novo\eMule\emule.exe

H:\dap\PuxaRapido.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\-\CONFIG~1\Temp\Rar$EX00.781\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - H:\dap\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] H:\dap\Atualiza.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

 

 

vlw por estar ajudando!!!

 

abraços!!

[DigRam 144]

Boa Tarde everton leoRS!

 

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\system32\orkutkut.exe

 

>@< Clique no botão X e,na pergunta sobre o reboot,confirme!

>@< O computador vai reiniciar!

>@< Aproveite êste reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis e clique em: Do a system scan only.

>@< Marque as entradas,abaixo,e clique em Fix checked!

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

>@< Reinicie em Modo Normal!

>@< Faça e poste um novo Log,do HijackThis,na sua resposta.

 

Abraços!

[everton leoRS 0]

ola digram!!!!!!

 

executei o download do killbox e markei as opcoes como você disse so q ele me da a seguinte mensagem:"Pending file rename operations registry file has been removed by external process"

quer dizer q ja foi removido de outra forma nao é???

 

sendo assim o pc nao reinicia!! aí eu tentei dar reiniciar manualmente mas ele nao entra em modo de segurança...

eu nao sei como faz pra entrar em modo de segurança!!!

 

tem algum problema se eu der fix nakelas entradas q você informou enquanto estou no modo normal???

 

 

desculpe a ignorancia....grato pela ajuda!!! :natal_w00t:

[DigRam 144]

ola digram!!!!!!

 

executei o download do killbox e markei as opcoes como você disse so q ele me da a seguinte mensagem:"Pending file rename operations registry file has been removed by external process"

quer dizer q ja foi removido de outra forma nao é???

sendo assim o pc nao reinicia!! aí eu tentei dar reiniciar manualmente mas ele nao entra em modo de segurança...

eu nao sei como faz pra entrar em modo de segurança!!!

tem algum problema se eu der fix nakelas entradas q você informou enquanto estou no modo normal???

desculpe a ignorancia....grato pela ajuda!!! :natal_w00t:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Boa Noite everton leoRS!

 

>@< Voçê pode dar Fix,nas entradas marcadas,estando em Modo Normal...mas,faça com todos os programas fechados,inclusive o navegador!

>@< Terminando,poste um nôvo Log do HijackThis.

 

Abraços!

[everton leoRS 0]

boa noite DigRam!!!

 

este e o log do HJT:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:37:16, on 7/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\DOCUME~1\-\CONFIG~1\Temp\Rar$EX00.281\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - H:\dap\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] H:\dap\Atualiza.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

 

 

flw!!!!!! :natal_biggrin:

[DigRam 144]

Bom Dia everton leoRS!

 

>@< Manualmente,faça uma busca ao arquivo,em destaque:

 

C:\WINDOWS\system32\orkutkut.exe

 

>@< Encontrando-o,pode deletar!

________________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

________________________

 

>@< Para a sua segurança,leia: < Cuidados ao navegar na Net >

________________________

 

>@< O Log está Limpo!

>@< Bom Trabalho!

 

Abraços! :natal_smile:

[everton leoRS 0]

Muito obrigado DigRam pela ajuda!!!!!!!

 

Ja removi o virus(orkutkut)manualmente...vlw

 

tudo de bom pravc e pra todos ae!!!! :natal_biggrin:

 

RESOLVIDO!!!!!!!!!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.