[Arquivado] Navegadores não abrem depois que me conecto a internet

[x_confused 0]

Boa tarde pessoal

 

Estou com o seguinte prolema. Quando ligo meu computador, ele inicializa normalmente, abro todos os aplicativos normalmente, inclusive os navegadores.

 

No entanto, quando ligo o modem da Telefonica e efetuo uma conexao, ao tentar abrir os navegadores nada acontece, a ampulheta aparece por um tempo, depois some.

 

Ao desligar o modem, os navegadores abrem normalmente novamente.

 

Não tenho a mínima idéia do que pode estar ocorrendo.

 

Não sei se é necessário um log do HiJack, mas aí vai:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:49:27, on 20/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\mysql\bin\mysqld-nt.exe

c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE

C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe

C:\WINDOWS\system32\tcpsvcs.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\HiJack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204548787566

O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC27457-48B3-4777-AB33-8EA01A024F5D}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{E87464E7-5BDA-4CB9-B251-83E11D3A80DA}: NameServer = 200.176.2.12,200.176.2.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe

O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE

O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe

O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe

 

 

 

Grato pela atenção!

[jgarcia 1]

Opa x_confused,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[x_confused 0]

Boa Tarde jgarcia, obrigado pela resposta.

 

Segue log gerado pelo combofix

 

ComboFix 08-04-27.3 - User 2008-04-28 13:24:32.1 - NTFSx86

Executando de: C:\Giu\Softwares\Protecao\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\Cache

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_6TO4

-------\Legacy_IPRIP

-------\Service_6to4

-------\Service_Iprip

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))

.

 

2008-04-28 13:30 . 2008-04-28 13:30 268 --ah----- C:\sqmdata09.sqm

2008-04-28 13:30 . 2008-04-28 13:30 244 --ah----- C:\sqmnoopt09.sqm

2008-04-28 13:24 . 2008-04-28 13:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-04-28 12:16 . 2008-04-28 12:16 268 --ah----- C:\sqmdata08.sqm

2008-04-28 12:16 . 2008-04-28 12:16 244 --ah----- C:\sqmnoopt08.sqm

2008-04-28 12:07 . 2008-04-28 12:07 268 --ah----- C:\sqmdata07.sqm

2008-04-28 12:07 . 2008-04-28 12:07 244 --ah----- C:\sqmnoopt07.sqm

2008-04-28 11:59 . 2008-04-28 11:59 268 --ah----- C:\sqmdata06.sqm

2008-04-28 11:59 . 2008-04-28 11:59 244 --ah----- C:\sqmnoopt06.sqm

2008-04-27 17:52 . 2008-04-27 17:52 268 --ah----- C:\sqmdata05.sqm

2008-04-27 17:52 . 2008-04-27 17:52 244 --ah----- C:\sqmnoopt05.sqm

2008-04-27 16:05 . 2008-04-28 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-04-27 12:10 . 2008-04-27 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-04-27 12:10 . 2008-04-27 12:10 268 --ah----- C:\sqmdata04.sqm

2008-04-27 12:10 . 2008-04-27 12:10 244 --ah----- C:\sqmnoopt04.sqm

2008-04-27 12:02 . 2008-04-27 12:02 268 --ah----- C:\sqmdata03.sqm

2008-04-27 12:02 . 2008-04-27 12:02 244 --ah----- C:\sqmnoopt03.sqm

2008-04-26 18:08 . 2008-04-26 18:08 268 --ah----- C:\sqmdata02.sqm

2008-04-26 18:08 . 2008-04-26 18:08 244 --ah----- C:\sqmnoopt02.sqm

2008-04-26 11:11 . 2008-04-26 11:11 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-04-26 08:43 . 2008-04-27 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-26 08:43 . 2008-04-26 08:48 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-26 00:50 . 2008-04-26 00:50 <DIR> d-------- C:\Arquivos de programas\Business Objects

2008-04-26 00:45 . 2008-04-26 00:45 <DIR> d-------- C:\Arquivos de programas\Microsoft Device Emulator

2008-04-26 00:43 . 2008-04-26 00:44 <DIR> d-------- C:\Arquivos de programas\Windows Mobile 5.0 SDK R2

2008-04-26 00:41 . 2008-04-26 00:41 <DIR> d-------- C:\Arquivos de programas\Microsoft Synchronization Services

2008-04-26 00:41 . 2008-04-26 00:41 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-04-25 23:55 . 2008-04-26 00:50 <DIR> d-------- C:\Arquivos de programas\Microsoft Visual Studio 9.0

2008-04-25 23:55 . 2008-04-25 23:55 <DIR> d-------- C:\Arquivos de programas\Microsoft SDKs

2008-04-25 23:55 . 2008-04-26 00:04 <DIR> d-------- C:\Arquivos de programas\HTML Help Workshop

2008-04-25 23:52 . 2008-04-25 23:53 <DIR> d-------- C:\Arquivos de programas\Microsoft Web Designer Tools

2008-04-25 23:45 . 2008-04-25 23:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-04-25 23:45 . 2008-04-25 23:45 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2008-04-25 23:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-04-24 22:26 . 2008-04-26 11:20 <DIR> d-------- C:\Arquivos de programas\eMule

2008-04-20 15:48 . 2008-04-20 15:49 <DIR> d-------- C:\HiJack

2008-04-14 18:24 . 2008-04-14 18:24 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-04-11 19:31 . 2008-04-11 19:31 268 --ah----- C:\sqmdata01.sqm

2008-04-11 19:31 . 2008-04-11 19:31 244 --ah----- C:\sqmnoopt01.sqm

2008-04-03 15:02 . 2008-04-03 15:02 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Motive

2008-04-03 15:01 . 2008-04-03 15:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Motive

2008-04-03 15:00 . 2008-04-03 15:00 <DIR> d-------- C:\WINDOWS\Motive

2008-04-03 14:59 . 2008-04-03 15:05 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-04-03 14:58 . 2008-04-03 15:06 <DIR> d-------- C:\Arquivos de programas\Assistente Tecnico Speedy

2008-04-03 14:53 . 2003-02-28 18:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2008-04-03 14:52 . 2003-03-18 15:02 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-04-03 14:52 . 2003-03-18 15:02 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-03-29 09:50 . 2008-04-09 13:05 <DIR> dr-h----- C:\$VAULT$.AVG

2008-03-28 17:52 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-03-28 17:25 . 2001-10-28 15:07 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll

2008-03-28 17:24 . 2001-10-28 15:06 640,512 --a------ C:\WINDOWS\system32\getuname.dll

2008-03-28 14:28 . 2008-03-28 14:28 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files

2008-03-28 14:27 . 2004-08-04 00:45 332,800 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll

2008-03-28 14:27 . 2001-09-05 23:50 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll

2008-03-28 14:27 . 2001-09-05 23:50 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-26 03:36 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-04-26 03:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-04-26 03:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Merge Modules

2008-04-26 03:03 --------- d-----w C:\Arquivos de programas\MSBuild

2008-04-14 22:57 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-03-25 21:33 --------- d-----w C:\Arquivos de programas\IB EXPERT

2008-03-25 21:30 --------- d-----w C:\Arquivos de programas\Tarifador

2008-03-13 17:16 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server

2008-03-10 20:41 --------- d-----w C:\Arquivos de programas\Windows Media Components

2008-03-10 17:28 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-07 21:22 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-03-04 18:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-04 18:50 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-04 18:49 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-04 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-03 15:29 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-03-03 15:25 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-01 11:43 --------- d-----w C:\Arquivos de programas\Microsoft ASP.NET

2008-02-29 18:47 --------- d-----w C:\Arquivos de programas\WS_FTP

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2008-01-18 15:47 56 --sh--r C:\WINDOWS\system32\E02B60ADB4.sys

2008-01-18 15:47 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27 126976]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 16:01 761946]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-12-03 13:24 290816 C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 06:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-07-21 13:06 20036648 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\WS_FTP\\WS_FTP95.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Tarifador\\Tarifador.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows

"3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Arquivos de programas\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 16:53]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 13:34:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 13

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:\mysql\bin\mysqld-nt"

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Apache\Apache.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Apache\Apache.exe

C:\mysql\bin\mysqld-nt.exe

C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe

C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-28 13:43:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-28 16:43:14

 

Pre-Run: 16,092,864,512 bytes disponíveis

Post-Run: 16,120,819,712 bytes dispon¡veis

 

191 --- E O F --- 2008-04-26 18:06:02

[jgarcia 1]

Opa x_confused,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.