Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

aaadrianooo

[Resolvido!]  Explorer abrindo e fechando...

Recommended Posts

Explorer abrindo e fechando constantemente. Ao ligar o pc, todos os icones da área e trabalho aparecem e desaparecem, até desaparecerem por completo e ficar sem nenhum ícone.

A única maneira ne entar na internet ou em outro lugar é pelo Ctrl + Alt +Del.

Peço ajuda para solucionar esse problema.

 

Analisem:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:49:13, on 7/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

D:\Programas\anti-virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [Windows Updater] WinUpdater.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\arquiv~1\steam\steam.exe" -silent

O4 - HKCU\..\Run: [slide.exe] C:\Arquivos de programas\Slide\Slide.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Microsoft Office Groove.lnk = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: PLANET WL-8303.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175985207609

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://adrianodiaz.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{881830B8-3AB1-4129-BC0C-1F0C2BFFB8D3}: NameServer = 200.153.0.68

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

 

________________________________________________________________________________

_____________________

 

MSNFix 1.737

 

C:\Documents and Settings\Adriano\Desktop\MSNFix

Fix lançado dia qui 07/08/2008 - 15:36:56,11 By Adriano

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\DOCUME~1\Adriano\CONFIG~1\Temp\removalfile.bat

... C:\WINDOWS\system32\orkutkut.exe

... C:\DOCUME~1\Adriano\CONFIG~1\Temp\removalfile.bat

... C:\WINDOWS\system32\hosts.txt

... C:\WINDOWS\system32\orkutkut.exe

... C:\WINDOWS\system32\sys.txt

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\DOCUME~1\Adriano\CONFIG~1\Temp\removalfile.bat

.. OK ... C:\WINDOWS\system32\orkutkut.exe

.. OK ... C:\DOCUME~1\Adriano\CONFIG~1\Temp\removalfile.bat

.. OK ... C:\WINDOWS\system32\hosts.txt

.. OK ... C:\WINDOWS\system32\orkutkut.exe

.. OK ... C:\WINDOWS\system32\sys.txt

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\WINDOWS\system32\python25s.zip] 299038E8455F59D29ACE49B52C7FDE98

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\Adriano\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo qui 07082008_15490750.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:58:11, on 7/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Programas\anti-virus\HijackThis.exe

C:\WINDOWS\explorer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [Windows Updater] WinUpdater.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\arquiv~1\steam\steam.exe" -silent

O4 - HKCU\..\Run: [slide.exe] C:\Arquivos de programas\Slide\Slide.exe

O4 - Startup: Microsoft Office Groove.lnk = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: PLANET WL-8303.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175985207609

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://adrianodiaz.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{881830B8-3AB1-4129-BC0C-1F0C2BFFB8D3}: NameServer = 200.153.0.68

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, poste juntamente o relatório.txt do Bankerfix.

 

Aguardo o Retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 16:44:32, on 7/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\tsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\imapi.exe

D:\Programas\anti-virus\HijackThis.exe

C:\WINDOWS\explorer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [Windows Updater] WinUpdater.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\arquiv~1\steam\steam.exe" -silent

O4 - HKCU\..\Run: [slide.exe] C:\Arquivos de programas\Slide\Slide.exe

O4 - Startup: Microsoft Office Groove.lnk = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: PLANET WL-8303.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175985207609

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://adrianodiaz.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{881830B8-3AB1-4129-BC0C-1F0C2BFFB8D3}: NameServer = 200.153.0.68

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

 

 

O outro programa não criou nenhum ''log'' ( e, se criou eu não achei )

Ao concluir o Bankerfix, o mesmo dizia que não tinha encontrado nada...

* Mesmo assim o problema continua *

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 16:03:26, on 8/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\tsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\PLANET\WL-8303\RtlWake.exe

C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

D:\Programas\anti-virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARQUIV~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: Microsoft Office Groove.lnk = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: PLANET WL-8303.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175985207609

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://adrianodiaz.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{881830B8-3AB1-4129-BC0C-1F0C2BFFB8D3}: NameServer = 200.153.0.68

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

 

 

ComboFix 08-08-06.04 - Adriano 2008-08-08 15:43:40.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.116 [GMT -3:00]

Executando de: C:\Documents and Settings\Adriano\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Adriano\Dados de aplicativos\inst.exe

C:\WINDOWS\system32\DfeLonmp.ini

C:\WINDOWS\system32\DfeLonmp.ini2

C:\WINDOWS\system32\iifcCrpn.dll

C:\WINDOWS\system32\ljJAqNec.dll

C:\WINDOWS\system32\NTOSKRNL.VHCleaner

C:\WINDOWS\system32\pmnoLefD.dll

C:\WINDOWS\system32\svchosts.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))

.

 

2008-08-06 08:03 . 2008-08-06 08:03 0 --ah----- C:\WINDOWS\SwSys2.bmp

2008-08-06 08:03 . 2008-08-06 08:03 0 --ah----- C:\WINDOWS\SwSys1.bmp

2008-08-06 08:02 . 2008-08-06 08:02 <DIR> d----c--- C:\Arquivos de programas\Atrativa Games

2008-08-03 11:22 . 2008-07-01 13:24 302,184 --a------ C:\WINDOWS\amuninst.exe

2008-08-03 11:22 . 2008-08-03 11:22 543 --a------ C:\WINDOWS\unezmac.ini

2008-08-03 11:22 . 2008-08-04 16:52 36 --a------ C:\WINDOWS\ezmacros.INI

2008-07-28 20:36 . 2008-07-28 20:45 <DIR> d-------- C:\Documents and Settings\Adriano\.jSMS

2008-07-20 14:14 . 2008-07-20 14:14 <DIR> d-------- C:\Documents and Settings\Adriano\Dados de aplicativos\EATCAM

2008-07-20 14:13 . 2008-07-20 14:13 <DIR> d----c--- C:\Arquivos de programas\EatCam

2008-07-20 13:49 . 2008-07-29 19:16 10,240 --a--c--- C:\grf_last.grf

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-08 02:06 --------- d-----w C:\Documents and Settings\Adriano\Dados de aplicativos\SiteAdvisor

2008-08-07 10:48 --------- d-----w C:\Arquivos de programas\McAfee

2008-08-06 23:48 --------- d-----w C:\Arquivos de programas\Save Flash

2008-08-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-31 11:28 --------- d-----w C:\Arquivos de programas\WinFF

2008-07-20 17:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-05 19:16 --------- dc----w C:\Arquivos de programas\DSL Speed

2008-07-05 17:52 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-07-05 15:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-07-05 15:37 --------- d-----w C:\Documents and Settings\Adriano\Dados de aplicativos\McAfee

2008-07-05 15:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-07-05 15:21 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-07-05 15:15 --------- dc----w C:\Arquivos de programas\Arquivos comuns\McAfee

2008-07-05 15:11 --------- dc----w C:\Arquivos de programas\McAfee.com

2008-07-05 09:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-30 11:30 --------- d-----w C:\Documents and Settings\Adriano\Dados de aplicativos\SecondLife

2008-06-29 07:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-08-15 21:15 47,360 ----a-w C:\Documents and Settings\Adriano\Dados de aplicativos\pcouffin.sys

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 18:14 68856]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-12-13 22:54 294912]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6172\SiteAdv.exe" [2007-08-13 15:05 36640]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968]

"VTTimer"="VTTimer.exe" [2005-03-08 00:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2005-04-05 02:49 159744 C:\WINDOWS\system32\S3Trayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 06:23 15961088 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

C:\Documents and Settings\Adriano\Menu Iniciar\Programas\Inicializar\

Microsoft Office Groove.lnk - C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 15:37:44 338216]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

--a------ 2004-08-06 02:50 139320 C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

--a------ 2007-11-01 19:12 582992 C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

--a------ 2007-11-30 05:42 1164576 C:\ARQUIV~1\McAfee\MHN\McENUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-ra------ 2005-05-03 07:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18469:TCP"= 18469:TCP:BitComet 18469 TCP

"18469:UDP"= 18469:UDP:BitComet 18469 UDP

 

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2003-12-10 14:06]

R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-02-04 02:17]

R3 S3G700;S3G700;C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-10-15 01:19]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{357b09ee-4088-11dd-b499-0018f3052549}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-07-05 C:\WINDOWS\Tasks\McDefragTask.job

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2008-07-05 C:\WINDOWS\Tasks\McQcTask.job

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2008-08-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D317C1C7-CAAC-44CC-80FE-AD4D4659F475}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-Steam - c:\arquiv~1\steam\steam.exe

HKCU-Run-slide.exe - C:\Arquivos de programas\Slide\Slide.exe

HKCU-Run-PowerBar - (no file)

HKLM-Run-VisualTooltip - C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

HKLM-Run-Vista Sidebar - C:\Arquivos de programas\Vista Sidebar\sidebar.exe

HKLM-Run-Styler - C:\Arquivos de programas\Styler\Styler.exe

HKLM-Run-SpywareTerminator - C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

HKLM-Run-ShStatEXE - C:\Arquivos de programas\Network Associates\VirusScan\SHSTAT.EXE

HKLM-Run-nod32kui - C:\Arquivos de programas\Eset\nod32kui.exe

HKLM-Run-Network Associates Error Reporting Service - C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exe

HKLM-Run-NeroFilterCheck - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

HKLM-Run-NBKeyScan - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

MSConfigStartUp-Ardamax Keylogger - C:\Arquivos de programas\Ardamax Keylogger Lite\akl.exe

MSConfigStartUp-avast! - C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

MSConfigStartUp-Blaero Start Orb - C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb.exe

MSConfigStartUp-googletalk - C:\Arquivos de programas\Google\Google Talk\googletalk.exe

MSConfigStartUp-kava - C:\WINDOWS\system32\kavo.exe

MSConfigStartUp-LClock - C:\Arquivos de programas\LClock\LClock.exe

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

O8 -: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 -: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 -: Baixar link usando &BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 -: Baixar todos os links usando BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 -: Baixar todos os vídeos usando BitComet - C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 -: E&xport to Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 -: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

O17 -: HKLM\CCS\Interface\{881830B8-3AB1-4129-BC0C-1F0C2BFFB8D3}: NameServer = 200.153.0.68

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 15:51:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\SiteAdvisor\6172\saHook.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

C:\ARQUIV~1\ARQUIV~1\McAfee\MNA\McNASvc.exe

C:\ARQUIV~1\ARQUIV~1\McAfee\McProxy\McProxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MpfSrv.exe

C:\Arquivos de programas\McAfee\MSK\msksrver.exe

C:\ARQUIV~1\McAfee.com\Agent\mcagent.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\PLANET\WL-8303\RtlWake.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-08 16:01:25 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-08 19:00:54

 

Pre-Run: 10 pasta(s) 11,169,112,064 bytes disponíveis

Post-Run: 15 pasta(s) 10,963,222,528 bytes dispon¡veis

 

205 --- E O F --- 2008-08-08 18:58:57

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

 

* Se tiver mais alguma coisa pra fazer, é só falar...

 

MUITO OBRIGADO !!!

 

:clap:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.