Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

edinhorox

[Arquivado] Downloads parando do nada/Megaclick

Recommended Posts

É isso: meus downloads do nada param, mesmo se eu estiver navegando. Além disso, às vezes, quando estou navegando, algum site trava e aparece na barra de endereços o site do megaclick, mais "a pg. nao pode ser exibida".

Detalhe: uso o firefox

 

 

Segue o log do ComboFix

 

ComboFix 08-05-29.1 - connect 2008-05-31 11:13:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.93 [GMT -3:00]

Executando de: C:\Documents and Settings\connect\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))

.

 

2008-05-31 11:02 . 2008-05-31 11:02 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-25 22:35 . 2008-05-25 22:35 <DIR> d-------- C:\Documents and Settings\connect\Dados de aplicativos\Media Player Classic

2008-05-25 15:34 . 2008-05-25 15:34 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-05-25 15:34 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-05-24 10:35 . 2008-05-25 10:56 <DIR> d-------- C:\Documents and Settings\connect\Contacts

2008-05-24 10:00 . 2008-05-24 10:00 <DIR> d-------- C:\Arquivos de programas\Ares

2008-05-24 09:48 . 2008-05-24 09:54 <DIR> d-------- C:\Documents and Settings\connect\Dados de aplicativos\Winamp

2008-05-24 09:48 . 2008-05-24 09:54 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-05-23 23:39 . 2008-05-23 23:42 <DIR> d-------- C:\Arquivos de programas\SystemRequirementsLab

2008-05-23 23:38 . 2008-05-23 23:38 <DIR> d-------- C:\WINDOWS\Sun

2008-05-23 23:38 . 2008-05-23 23:39 <DIR> d-------- C:\Documents and Settings\connect\SystemRequirementsLab

2008-05-23 20:31 . 2008-05-23 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-05-23 19:49 . 2008-05-23 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-05-23 19:49 . 2008-05-23 19:49 268 --ah----- C:\sqmdata05.sqm

2008-05-23 19:49 . 2008-05-23 19:49 244 --ah----- C:\sqmnoopt05.sqm

2008-05-23 19:47 . 2008-05-23 19:47 <DIR> d-------- C:\Arquivos de programas\Sun

2008-05-23 19:46 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-23 19:42 . 2008-05-23 19:46 <DIR> d-------- C:\Arquivos de programas\Java

2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-05-23 19:24 . 2008-05-23 19:24 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-05-23 19:24 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-05-23 19:24 . 2003-03-18 17:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-05-23 19:24 . 2003-02-21 01:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-05-23 18:49 . 2008-05-23 18:49 1,192 --a------ C:\WINDOWS\mozver.dat

2008-05-23 18:47 . 2008-05-23 18:47 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-23 18:16 . 2008-05-23 18:16 268 --ah----- C:\sqmdata04.sqm

2008-05-23 18:16 . 2008-05-23 18:16 244 --ah----- C:\sqmnoopt04.sqm

2008-05-23 16:08 . 2008-05-23 16:08 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-05-23 15:55 . 2008-05-23 18:14 <DIR> d-------- C:\WINDOWS\nview

2008-05-23 15:55 . 2008-05-31 09:54 89,134 --a------ C:\WINDOWS\system32\nvapps.xml

2008-05-23 15:55 . 2006-11-17 17:29 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-23 15:54 . 2008-05-23 15:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-05-23 15:54 . 2006-11-17 19:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-05-23 15:54 . 2006-11-17 17:29 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-05-23 15:32 . 2008-05-23 15:32 <DIR> d-------- C:\Arquivos de programas\AVG

2008-05-23 12:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-05-23 12:04 . 2008-05-23 12:04 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-05-23 12:03 . 2008-05-23 12:03 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-05-23 11:50 . 2008-05-23 12:02 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-23 11:50 . 2008-05-23 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-05-23 11:49 . 2008-05-23 11:49 <DIR> dr-h----- C:\MSOCache

2008-05-23 11:47 . 2008-05-23 11:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-05-23 11:47 . 2008-05-23 11:47 <DIR> d-------- C:\Arquivos de programas\D-Tools

2008-05-23 11:47 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2008-05-23 11:47 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2008-05-23 11:47 . 2008-05-23 11:47 268 --ah----- C:\sqmdata03.sqm

2008-05-23 11:47 . 2008-05-23 11:47 268 --ah----- C:\sqmdata02.sqm

2008-05-23 11:47 . 2008-05-23 11:47 244 --ah----- C:\sqmnoopt03.sqm

2008-05-23 11:47 . 2008-05-23 11:47 244 --ah----- C:\sqmnoopt02.sqm

2008-05-23 08:30 . 2008-05-23 08:30 27,262,976 --a------ C:\VIRTPART.DAT

2008-05-23 08:30 . 2008-05-23 08:30 268 --ah----- C:\sqmdata01.sqm

2008-05-23 08:30 . 2008-05-23 08:30 244 --ah----- C:\sqmnoopt01.sqm

2008-05-23 08:27 . 2008-05-23 08:27 <DIR> d-------- C:\Documents and Settings\connect\Dados de aplicativos\Symantec

2008-05-23 08:27 . 2002-08-14 15:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-05-23 08:27 . 2002-08-14 15:03 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-05-23 08:27 . 2002-08-14 15:03 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2008-05-23 08:27 . 2002-08-14 15:03 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2008-05-23 08:25 . 2008-05-23 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-05-23 08:11 . 2008-05-23 08:11 268 --ah----- C:\sqmdata00.sqm

2008-05-23 08:11 . 2008-05-23 08:11 244 --ah----- C:\sqmnoopt00.sqm

2008-05-23 07:59 . 2008-05-23 08:00 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-05-17 12:24 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-17 12:24 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-05-17 12:23 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-17 12:23 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-17 12:09 . 2008-05-23 08:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-17 12:09 . 2007-07-28 16:10 483,968 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-05-17 12:09 . 2008-05-17 12:09 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-05-17 12:08 . 2008-05-17 12:08 <DIR> d-------- C:\Documents and Settings\connect\Dados de aplicativos\InstallShield

2008-05-17 12:08 . 2008-05-17 12:09 <DIR> d-------- C:\Arquivos de programas\RALINK

2008-05-17 12:08 . 2008-05-17 12:08 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-05-17 08:07 . 2004-08-03 19:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2008-05-17 08:07 . 2001-08-17 19:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-05-17 08:07 . 2004-08-03 20:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-05-17 08:07 . 2004-08-03 20:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2008-05-17 08:06 . 2004-08-03 20:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2008-05-17 08:06 . 2004-08-03 20:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-05-17 08:06 . 2004-08-03 20:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-05-17 08:06 . 2004-08-03 20:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-05-17 08:06 . 2004-08-03 19:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-05-17 08:06 . 2004-08-03 19:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-05-17 08:06 . 2004-08-03 19:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2008-05-17 08:06 . 2001-08-17 18:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-05-17 08:05 . 2001-09-05 20:49 252,032 --a------ C:\WINDOWS\system32\sis300iv.dll

2008-05-17 08:05 . 2001-08-17 17:50 101,760 --a------ C:\WINDOWS\system32\drivers\sis300ip.sys

2008-05-17 08:05 . 2004-08-03 21:36 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-05-17 08:05 . 2004-08-03 20:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-05-17 08:05 . 2001-08-17 19:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2008-05-17 08:04 . 2006-11-17 17:29 4,541,824 --a------ C:\WINDOWS\system32\nv4_disp.dll

2008-05-17 08:04 . 2006-11-17 17:29 3,994,688 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-05-17 08:04 . 2001-08-17 17:20 297,728 --a------ C:\WINDOWS\system32\drivers\ac97sis.sys

2008-05-17 08:04 . 2004-08-03 20:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2008-05-17 08:04 . 2004-08-03 21:45 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-05-17 08:04 . 2004-08-03 21:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-05-17 08:04 . 2004-08-03 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-05-17 08:04 . 2004-08-03 20:07 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS

2008-05-17 08:04 . 2004-08-03 19:31 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys

2008-05-17 08:04 . 2004-08-03 21:45 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-05-17 08:00 . 2008-05-27 21:16 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-05-17 08:00 . 2008-05-17 11:12 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> dr-h----- C:\Documents and Settings\Default User\Dados de aplicativos

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> dr-h----- C:\Documents and Settings\Default User\Configurações locais

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de impressão

2008-05-17 08:00 . 2008-05-23 19:47 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

2008-05-17 08:00 . 2008-05-23 19:47 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

2008-05-17 08:00 . 2008-05-17 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-05-17 08:00 . 2008-05-17 11:15 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

2008-05-17 08:00 . 2008-05-25 15:34 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 02:37 --------- d-----w C:\Arquivos de programas\BitComet

2008-05-17 14:57 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-05-17 14:45 --------- d-----w C:\Arquivos de programas\Lavalys

2008-05-17 14:22 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-17 14:17 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-17 14:16 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]

"nwiz"="nwiz.exe" [2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-05-17 12:09:01 1114112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 00:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-04-01 15:49 36352 C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17536:TCP"= 17536:TCP:BitComet 17536 TCP

"17536:UDP"= 17536:UDP:BitComet 17536 UDP

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 11:15:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-31 11:17:06

ComboFix-quarantined-files.txt 2008-05-31 14:17:00

 

Pre-Run: 15,576,727,552 bytes disponíveis

Post-Run: 15,639,822,336 bytes disponíveis

 

194

 

 

 

 

Segue o log do Hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:34:38, on 31/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{8ECD811E-26E1-4014-88AE-D49CE137D90B}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5911 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do MSNFix

MSNFix 1.719

 

C:\Documents and Settings\connect\Desktop\MSNFix

Fix lançado dia s b 31/05/2008 - 19:49:30,63 By connect

modo normal

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

log do hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:52:08, on 31/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{8ECD811E-26E1-4014-88AE-D49CE137D90B}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5892 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o SDFix e a arquive na sua área de trabalho.

 

*Execute o SDFix.exe clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços escondidos entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.