Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ItaloCCSL

[Resolvido!]  Problemas com o windows media player.

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

ItaloCCSL    0

ItaloCCSL
Postado

Galera algo bem esquisito está aparecendo no meu windows media player (versão 11).

Quando eu estou sem realizar qualquer movimento com o mouse e o teclado ele ficar "cortando" as musicas e outra coisa muito estranha é quando ele vai repetir alguma música ele começa a tocar, mas depois de um ou dois segundos ele para uns três segundo e toca a música desde o começo.

Creio que não seja assim que ele funcione normalmente, pois isso veio aparecer a pouco tempo.

Ele também demora cerca de 10 a 20 segundos para tocar qualquer música.

E mais uns 15 segundos para minimizar e ir para o modo minimizado.

 

E até chega a aparecer problemas quando o Msn e ele estão em execução - Ele também fica "cortando" as músicas.

 

É muita coisa, mas se alguém tiver idéia de como eu faço para ele voltar ao normal, vai ser bastante aceitável.

 

Para agilizar o processo aqui está o meu log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30, on 2008-07-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\eMule\eMule.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8143 bytes

 

 

Não sei se nesse caso é necessário ele, mas ai está caso precise. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Pois é e a ultima vez foi quando eu estava no sítio do vagalume olhando a letra de uma música.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Meu amigo Silas

Aqui está o novo log do HijackThis juntamente com o ComboFix.txt:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:20:25, on 10/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7650 bytes

 

ComboFix 08-07-09.5 - Ítalo César 2008-07-10 13:05:40.3 - NTFSx86

Executando de: C:\Documents and Settings\Ítalo César.HOME\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\Ítalo César.HOME\err.log

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\kddiy.exe

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

-------\Legacy_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))

.

 

2008-07-10 13:06 . 2008-07-10 13:06 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Start Menu

2008-07-10 13:06 . 2008-07-10 13:06 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Start Menu

2008-07-06 10:15 . 2008-07-06 10:15 <DIR> d----c--- C:\!KillBox

2008-07-05 23:09 . 2008-07-05 23:10 <DIR> d----c--- C:\Arquivos de programas\eMule

2008-07-05 22:17 . 2008-07-05 22:18 <DIR> d----c--- C:\Arquivos de programas\Ares

2008-07-05 20:54 . 2008-07-05 20:54 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2008-07-05 19:56 . 2008-07-09 17:49 <DIR> dr-h-c--- C:\Documents and Settings\Ítalo César.HOME\Recent

2008-07-05 19:56 . 2008-07-09 17:49 <DIR> dr-h-c--- C:\Documents and Settings\Ítalo César.HOME\Recent

2008-07-04 20:47 . 2008-07-04 20:47 <DIR> d----c--- C:\HijackThis

2008-07-03 18:57 . 2006-10-04 11:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SETA0.tmp

2008-07-02 22:51 . 2008-07-03 19:14 <DIR> d----c--- C:\Arquivos de programas\NitroPC

2008-07-02 12:53 . 2008-07-09 21:40 8,318,976 --a------ C:\Documents and Settings\Ítalo César.HOME\ntuser.dat

2008-07-02 12:53 . 2008-07-09 21:40 8,318,976 --a------ C:\Documents and Settings\Ítalo César.HOME\ntuser.dat

2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Yahoo! Companion

2008-06-26 19:04 . 2008-06-26 19:04 <DIR> d----c--- C:\WINDOWS\Sun

2008-06-26 19:04 . 2008-06-26 19:04 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Sun

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-27 02:23 --------- dc----w C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Shareaza

2008-06-26 19:31 --------- dc----w C:\Arquivos de programas\RocketDock

2008-06-26 19:30 --------- dc----w C:\Arquivos de programas\OnGame

2008-06-26 17:23 --------- dc----w C:\Arquivos de programas\MediaCoder

2008-06-26 04:45 --------- dc----w C:\Arquivos de programas\Microsoft Works

2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 08:57 --------- dc----w C:\Arquivos de programas\Yahoo!

2008-06-08 18:32 --------- dc----w C:\Arquivos de programas\VideoLAN

2008-06-08 18:30 --------- dc----w C:\Arquivos de programas\Megacubo

2008-06-07 00:07 --------- dc----w C:\Arquivos de programas\SopCast

2008-05-22 17:39 --------- dc----w C:\Arquivos de programas\VisualTaskTips

2008-05-22 17:37 --------- dc----w C:\Arquivos de programas\FlashGet

2008-05-07 05:15 2,660,864 -c--a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 661,504 -c--a-w C:\WINDOWS\system32\wininet.dll

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-03 01:43 171,008 -c--a-w C:\Arquivos de programas\FLV PlayerRCSetup.exe

2007-03-15 00:36 87,608 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\ezpinst.exe

2007-03-15 00:36 47,360 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\pcouffin.sys

2007-01-29 22:17 18,096 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\XPize Darkside\Backup\explorer.exe

 

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\XPize Darkside\Backup\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-04_17.13.35.89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-04 20:02:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-10 15:17:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-27 22:24:44 593,920 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-07-09 23:44:17 593,920 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-06-27 22:24:45 12,288 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-07-09 23:44:17 12,288 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-06-27 22:24:45 86,016 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-07-09 23:44:17 86,016 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-06-27 22:24:44 135,168 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-07-09 23:44:16 135,168 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-06-27 22:24:45 11,264 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-07-09 23:44:17 11,264 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-06-27 22:24:45 27,136 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-07-09 23:44:17 27,136 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-06-27 22:24:45 4,096 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-07-09 23:44:17 4,096 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-06-27 22:24:45 794,624 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-07-09 23:44:17 794,624 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-06-27 22:24:44 249,856 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-07-09 23:44:16 249,856 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-06-27 22:24:44 61,440 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-07-09 23:44:16 61,440 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-06-27 22:24:45 23,040 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-07-09 23:44:17 23,040 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-06-27 22:24:44 286,720 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-07-09 23:44:16 286,720 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-06-27 22:24:44 409,600 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-07-09 23:44:16 409,600 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2000-08-31 11:00:00 28,672 -c--a-w C:\WINDOWS\Nircmd.exe

+ 2008-07-09 23:44:47 1,838 -c--a-w C:\WINDOWS\SoftwareDistribution\EventCache\{EDDC79B1-A374-48F2-ACB2-4373CEC933A5}.bin

- 2004-08-04 02:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2004-08-04 03:45:26 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

+ 2008-06-20 17:41:07 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 -c--a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-11-30 11:18:16 18,296 -c--a-w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 -c----w C:\WINDOWS\system32\spmsg.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 19:29 62976]

"XPize Darkside Reloader"="C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 12:12 112737]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 30208]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 18:54 961536]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 21:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 21:27 126976]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-02 21:24 282624]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-30 13:37 262401]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Cmaudio"="cmicnfg.cpl" [bU]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 593920 C:\WINDOWS\Soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\eMule\\eMule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb05430-d7f5-11dc-9398-000fead92af6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - F:\wbsinstalls.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-10 16:00:01 C:\WINDOWS\Tasks\A5C7D765918C52D1.job"

- c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

"2008-07-10 15:43:56 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-10 13:10:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-10 13:19:18

ComboFix-quarantined-files.txt 2008-07-10 16:18:38

 

Pre-Run: 34,804,047,872 bytes disponíveis

Post-Run: 34,804,891,648 bytes disponíveis

 

227 --- E O F --- 2008-07-09 23:44:41

 

 

Me ajuda ai amigo. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Silas

 

Fiz tudo o que você me pediu.

 

Você não falou que queria o ComboFix.txt mas suponho que queiras.

Aqui vai:

ComboFix 08-07-11.1 - Ítalo César 2008-07-11 18:47:13.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.114 [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo César.HOME\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))

.

 

2008-07-06 10:15 . 2008-07-06 10:15 <DIR> d----c--- C:\!KillBox

2008-07-05 23:09 . 2008-07-05 23:10 <DIR> d----c--- C:\Arquivos de programas\eMule

2008-07-05 22:17 . 2008-07-05 22:18 <DIR> d----c--- C:\Arquivos de programas\Ares

2008-07-05 20:54 . 2008-07-05 20:54 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2008-07-04 20:47 . 2008-07-04 20:47 <DIR> d----c--- C:\HijackThis

2008-07-03 18:57 . 2006-10-04 11:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SETA0.tmp

2008-07-02 22:51 . 2008-07-03 19:14 <DIR> d----c--- C:\Arquivos de programas\NitroPC

2008-06-26 19:05 . 2008-06-26 19:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Yahoo! Companion

2008-06-26 19:04 . 2008-06-26 19:04 <DIR> d----c--- C:\WINDOWS\Sun

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 09:57 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-27 02:23 --------- dc----w C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Shareaza

2008-06-26 19:31 --------- dc----w C:\Arquivos de programas\RocketDock

2008-06-26 19:30 --------- dc----w C:\Arquivos de programas\OnGame

2008-06-26 17:23 --------- dc----w C:\Arquivos de programas\MediaCoder

2008-06-26 04:45 --------- dc----w C:\Arquivos de programas\Microsoft Works

2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 08:57 --------- dc----w C:\Arquivos de programas\Yahoo!

2008-06-08 18:32 --------- dc----w C:\Arquivos de programas\VideoLAN

2008-06-08 18:30 --------- dc----w C:\Arquivos de programas\Megacubo

2008-06-07 00:07 --------- dc----w C:\Arquivos de programas\SopCast

2008-05-22 17:39 --------- dc----w C:\Arquivos de programas\VisualTaskTips

2008-05-22 17:37 --------- dc----w C:\Arquivos de programas\FlashGet

2008-05-07 05:15 2,660,864 -c--a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 661,504 -c--a-w C:\WINDOWS\system32\wininet.dll

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-03 01:43 171,008 -c--a-w C:\Arquivos de programas\FLV PlayerRCSetup.exe

2007-03-15 00:36 87,608 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\ezpinst.exe

2007-03-15 00:36 47,360 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\pcouffin.sys

2007-01-29 22:17 18,096 -c--a-w C:\Documents and Settings\Ítalo César\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\XPize Darkside\Backup\explorer.exe

 

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\XPize Darkside\Backup\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 19:29 62976]

"XPize Darkside Reloader"="C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 12:12 112737]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 30208]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-07-16 18:54 961536]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 09:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 21:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 21:27 126976]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-02 21:24 282624]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-30 13:37 262401]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 593920 C:\WINDOWS\Soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35 1294336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\eMule\\eMule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

 

S2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eb05430-d7f5-11dc-9398-000fead92af6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - F:\wbsinstalls.exe

 

*Newly Created Service* - MDMXSDK

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-11 21:00:03 C:\WINDOWS\Tasks\A5C7D765918C52D1.job"

- c:\docume~1\talocs~1.hom\dadosd~1\slownu~1\Bird Wave Find.exe

"2008-07-11 20:43:27 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

HKU-Default-Run-Picasa Media Detector - C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

Notify- GbiehCef - C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

Notify-WgaLogon - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 18:51:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-07-11 18:56:36

ComboFix-quarantined-files.txt 2008-07-11 21:55:26

 

Pre-Run: 35,075,280,896 bytes disponíveis

Post-Run: 35,066,839,040 bytes disponíveis

 

131 --- E O F --- 2008-07-09 23:44:41

 

 

Me ajuda ai amigo. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Silas,

Está ai o que me pediu:

 

MSNFix 1.732

 

C:\Documents and Settings\Ötalo C‚sar.HOME\Desktop\MSNFix

Fix lançado dia s b 12/07/2008 - 12:05:24,21 By Ötalo C‚sar

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\WINDOWS\WinLogT.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\WINDOWS\WinLogT.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\WINDOWS\system32\spoolsv(2).exe] 3971289FA7072812CAF4D053BBC6352B

[C:\discador270.exe] 64A4D5F4B178A79FCBEF2B8181B35038

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\TALOCS~1.HOM\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo s b 12072008_12212326.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:34:58, on 12/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7632 bytes

 

Aguardo retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis.

 

Aguardo o Retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Silas,

Está ai amigo o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:14:52, on 13/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7467 bytes

 

 

Obrigado por continuar me ajudando. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

XPize Darkside Reloader C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

 

Reconhece esta entrada? como sendo de algum programa utilizado por você?

 

Aguardo retorno.

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Silas,

 

Eu reconheço sim.

Ele muda as cores do meu windons XP para preto e o iniciar fica laranja.

 

Ele fica assim:

ATgAAABpvHVcPYUgZQFRzUSi6BMarBTsNBOFKCFXgH1Rd5jb4kCgQDIFriT5KF0J_UhekCieMT4ykD7LgNDl7WnQwkfsAJtU9VDar1bI3_MoXsLL4_cIjxAdYWRqlg.jpg

 

Tem algum problema com ele?

Eu devo retirar?

:mellow:

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Silas,

 

Ontem mesmo ele travou muito todas as músicas, só que deva ser por causa do meu anti-vírus que estava procurando vírus no pc. (Acho que a prioridade dele está em média ou alta, porque quando deixou na prioridade baixa ele demora muito.)

Agora ele só está travando no começo da música (Ele está para repetir a música depois que ela acaba, nisso quando ele vai repetir, ele começa uns dois segundos e para, depois ele inicia a música de novo sem parar.

 

Mas eu tenho algumas outras dúvidas sobre o procedimentos de alguns aplicativos meus.

Agora mesmo estou escutando música no Windows Media Player, usando o FIREFOX com quatro abas abertas e como uma janela do EXPLORE aberta, que é as das músicas. Quando uso os três, eles ficam sempre lentos.

 

O Windows Media Player demora um pouco para abrir as músicas.

 

O FIREFOX já é um caso especial, pois assim que eu conecto a internet era para a janela dele aparecer logo em seguida, como de costume, mas ela chega a demorar cerca de 15 segundos ou mais para aparecer e quando aparece já vem lento, pois demora para aparecer a demarcação de quando é colocado a seta em cima dos botões dele como o de "parar" por exemplo. Os próprios gif's dessa área de respostas ficam parando um momento. O emoticom ":clap:" sempre dá um parada e os outros também param junto. O fato de ter mais de uma aba aberta provoca isso?

 

O EXPLORE é para ser mais rápido, pois ele parece que está em câmera lenta quando só do um click em alguma música e ele vai mostrar os detalhes dela. Ele era abrir mais rápido também, quando abro a pasta "meus documentos". Ele demora para aparecer a demarcação que era para aparecer quando eu dou um click na minha pasta ou nas outras.

 

Caso você possa me ajudar com essas dúvidas ficarei muito grato, senão, entenderei, caro amigo, você já me ajudou muito ate agora.

 

PS.: Obrigado por reassumir o meu caso no tópico Rundll Gbplug.

Valeu, por o que você vem fazendo por mim. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

O problema lá do outro tópico foi resolvido!

Valeu.

 

E agora o que faço com aquele tópico?

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Tai...

 

Sistema:

 

Microsoft Windows XP

Professional

Versão 2002

Service Pack 2

 

Computador:

 

Intel®

Celeron® CPU 2.26GHz

2.27 GHz, 240 MB de RAM

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Pouca RAM Italo você ta forçando seu pc com 240mb e abrindo tantos aplicativos, para se ter idéia só Windows gasta 200mb da RAM.

Ta ae a resposta para a baixa velocidade.

 

Agora no outro tópico voc~e posta RESOLVIDO. que os moderadoes iram fechar ele

Compartilhar este post

Link para o post
Compartilhar em outros sites

ItaloCCSL    0

ItaloCCSL
Postado

Valeu grande amigo Silas!

 

RESOLVIDO!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito