[Resolvido!] Problema de Malware, Windows UpdateSP8.exe, UW08.exe

[Ric155 0]

Meu computador comecou aparecer uma msg da ferramenta de remocao de software mal intencionado da microsoft.. e aparece uma msg apos a outra . So dai fui ver que estava com virus ou algo parecido.. e tenho o Norton 360 atualizado . Procurando na google cheguei a este forum

ja passei o HijackThis v2.0.2.

agradeço muito a assistência!!!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:39:58, on 02/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\Virgin Net Broadband\Dragdiag.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\Windows UpdateSP8.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\DllHost.exe

C:\Documents and Settings\Administrator\My Documents\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Update SP8] C:\WINDOWS\system32\Windows UpdateSP8.exe

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

O4 - HKLM\..\RunOnce: [Windows Update SP8] C:\WINDOWS\system32\UW08.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Windows UpdateSP8.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13218 bytes

[DigRam 144]

Boa Noite! Ric155

 

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[Ric155 0]

Oi DigRam, obrigado por me atender... ja fiz o que você pediu e estou postando aqui o DDS.txt e quanto o ATTACH.txt fiquei na duvida pq tem uma msg bem clara la, vou copiar aqui ( UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT) devo colar aqui ele ou te mandar zipado?

 

aqui esta o dds.txt

 

 

DDS (Ver_09-03-16.01) - NTFSx86

Run by Administrator at 19:41:09.45 on 03/04/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.457 [GMT 1:00]

 

AV: Norton 360 *On-access scanning disabled* (Updated)

FW: Norton 360 *disabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\Virgin Net Broadband\Dragdiag.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.globo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesuk.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WebCamRT.exe]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [speedTouch USB Diagnostics] "c:\program files\virgin net broadband\Dragdiag.exe" /icon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Windows Defender] VSFPNC

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [iETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\is-buvg6.lnk - c:\documents and settings\administrator\desktop\virus removal tool\is-buvg6\startup.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]

R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [2009-3-25 4864]

R1 is-BUVG6drv;is-BUVG6drv;c:\windows\system32\drivers\00397490.sys [2009-4-2 148496]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-1 1245064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090402.025\NAVENG.SYS [2009-4-3 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090402.025\NAVEX15.SYS [2009-4-3 876144]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]

S3 laguna;laguna;c:\windows\system32\drivers\cl546xm.sys [2006-11-27 248064]

S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-3-25 15872]

S3 NETGEAR NETGEAR MA101 USB Adapter®;NETGEAR NETGEAR MA101 USB Adapter® Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\Ma1012kr.sys [2007-5-18 85888]

 

=============== Created Last 30 ================

 

2009-04-02 23:15 148,496 a------- c:\windows\system32\drivers\00397490.sys

2009-04-02 23:14 37,158,368 a------- c:\program files\setup_7.0.0.290_02.04.2009_17-51.exe

2009-04-01 21:08 37,038,672 a------- c:\program files\setup_7.0.0.290_01.04.2009_21-50.exe

2009-04-01 20:41 17,223,712 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-04-01 20:41 194,948 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-03-31 22:55 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes

2009-03-31 22:55 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-31 22:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-31 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-03-31 22:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-25 23:09 17,024 a------- c:\windows\system32\drivers\mcclib.sys

2009-03-25 23:09 15,872 a------- c:\windows\system32\drivers\mcdevice.sys

2009-03-25 23:09 4,864 a------- c:\windows\system32\drivers\mcctl.sys

2009-03-25 23:09 <DIR> --d----- c:\program files\ShiningMorning

2009-03-17 21:31 <DIR> --d----- c:\program files\common files\Windows Live

 

==================== Find3M ====================

 

2009-03-29 22:01 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

2009-03-29 22:01 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT

2009-03-15 03:38 410,984 a------- c:\windows\system32\deploytk.dll

2009-03-03 19:34 15,688 a------- c:\windows\system32\lsdelete.exe

2009-03-03 19:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll

2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll

2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys

2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat

2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf

2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys

2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys

2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys

2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys

2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys

2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys

2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys

2009-02-16 22:34 5,632 a------- c:\windows\system32\drivers\StarOpen.sys

2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys

2009-01-26 17:11 60,808 a------- c:\windows\system32\S32EVNT1.DLL

2008-06-07 22:44 87,608 a------- c:\docume~1\admini~1\applic~1\inst.exe

2008-06-07 22:44 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys

2008-03-16 22:53 842 a------- c:\docume~1\admini~1\applic~1\filterclsid.dat

2007-09-23 22:27 8 a------- c:\docume~1\admini~1\applic~1\usb.dat.bin

2008-11-02 15:47 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat

2009-04-03 19:41 17,254,432 a--sh--- c:\windows\system32\drivers\fidbox.dat

 

============= FINISH: 19:41:56.81 ===============

 

Esqueci de te falar uma coisa... Ontem antes de eu desligar o computador o meu Norton depois de dias... ele encontrou um virus e removeu algo nem deu para ver foi rapido.. era algumacoisa.banker

[DigRam 144]

Boa Noite! Ric155

 

<!> Pode dispensar o envio do relatório Attach.txt.

<!> O relatório da ferramenta DDS,veio limpo...exceto: mRun: [Windows Defender] VSFPNC <--

<!> Provavelmente,seu antivírus fez as remoções.

<><><><><><><><><><>

<@> Abra o HijackThis --> Marque esta entrada: O4 - HKLM\..\Run: [Windows Defender] VSFPNC

<@> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Dê um duplo clique no ícone do Norton,situado ao lado do relógio.

<@> Vá em Sistema,e clique em Auto-Protect.

<@> Desmarque as seguintes opções:

 

< 1 > Ativar Auto-Protect

 

< 2 > Iniciar o Auto-Protect ao iniciar o Windows

 

<@> Ainda em Sistema,clique em Bloqueio de scripts.

<@> Desmarque a opção:

 

< 1 > Ativar bloqueio de scripts

<@> Baixe: < >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[Ric155 0]

Bom dia DigRam.

Depois de horas aqui tem os relatorios que você pediu.

 

DrWeb

 

cluster 10111109.EXE\data005;C:\New Folder\cluster 10111109.EXE;Adware.Hotbar;;

cluster 10111109.EXE;C:\New Folder;A pasta contem objectos infectados;Movido.;

cluster 10111279.EXE\data004;C:\New Folder\cluster 10111279.EXE;Adware.Hotbar;;

cluster 10111279.EXE;C:\New Folder;A pasta contem objectos infectados;Movido.;

cluster 10111283.EXE\data003;C:\New Folder\cluster 10111283.EXE;Adware.Hotbar;;

cluster 10111283.EXE;C:\New Folder;A pasta contem objectos infectados;Movido.;

cluster 10111321.EXE\data002;C:\New Folder\cluster 10111321.EXE;Adware.Hotbar;;

cluster 10111321.EXE;C:\New Folder;A pasta contem objectos infectados;Movido.;

cluster 10111331.EXE\data001;C:\New Folder\cluster 10111331.EXE;Adware.Hotbar;;

cluster 10111331.EXE;C:\New Folder;A pasta contem objectos infectados;Movido.;

A0116291.exe;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP489;Trojan.DownLoad.32770;Eliminado.;

A0116292.exe;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP489;Trojan.DownLoad.32770;Eliminado.;

A0116762.exe;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;Provavelmente DLOADER.Trojan;;

A0116763.exe;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;Provavelmente DLOADER.Trojan;;

A0116806.EXE\data005;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490\A0116806.EXE;Adware.Hotbar;;

A0116806.EXE;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;A pasta contem objectos infectados;Movido.;

A0116808.EXE\data003;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490\A0116808.EXE;Adware.Hotbar;;

A0116808.EXE;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;A pasta contem objectos infectados;Movido.;

A0116809.EXE\data002;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490\A0116809.EXE;Adware.Hotbar;;

A0116809.EXE;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;A pasta contem objectos infectados;Movido.;

A0116810.EXE\data001;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490\A0116810.EXE;Adware.Hotbar;;

A0116810.EXE;C:\System Volume Information\_restore{D79DFDAA-7F2C-498F-8D41-ED3C54B0D88E}\RP490;A pasta contem objectos infectados;Movido.;

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:23:25, on 04/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\Virgin Net Broadband\Dragdiag.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrator\My Documents\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: is-BUVG6.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-BUVG6\startup.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: is-BUVG6.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-BUVG6\startup.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: is-BUVG6.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-BUVG6\startup.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Abracos.

[DigRam 144]

Bom Dia! Ric155

 

<!> O log está limpo! :thumbsup:

<><><><><><><><><><><><><><><>

<@> Atualize o Java.

<@> Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

<@> Faça download da última versão do Java Runtime Environment (JRE) 6u13.

<@> Localize: "Java Runtime Environment (JRE) 6 Update 13"

<@> Clique no botão Download.

<@> Marque a opção que diz: "Accept License Agreement"

<@> A página será atualizada!

<@> Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

<@> Feche o IE ou Firefox + Programas que estejam sendo executados.

<@> Vá em Iniciar --> Painel de Controle.

<@> Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

<@> Exemplos de antigas versões:

 

< > Java 2 Runtime Environment, SE v1.4.2

< > J2SE Runtime Environment 5.0

< > J2SE Runtime Environment 5.0 Update 6

 

<@> Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

<@> Clique no botão Remover ou Alterar/Remover.

<@> Repita quantas vezes for necessária,para remover cada versão do Java.

<@> Concluindo,reinicie o computador!

<@> Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

<><><><><><><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! -->Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

 

Abraços!

[Ric155 0]

Boa noite DigRam.

Tudo feito conforme sua instrucao. Acho que agora meu computador esta limpo.

Como faco para conferir se os malwares nao voltaram? Que programas você sugere que eu tenha aqui para protecao?

Obrigado.

Abracos

[DigRam 144]

Boa noite DigRam.

Tudo feito conforme sua instrucao. Acho que agora meu computador esta limpo.

Como faco para conferir se os malwares nao voltaram? Que programas você sugere que eu tenha aqui para protecao?

Obrigado.

Abracos

<><><><><><><><><>

Boa Noite! Ric155

 

<!> A segurança do PC,está ligada aos seus hábitos de navegação!

<><><><><><><><><>

<!> Leia estes artigos:

 

< Destaque: Cuidados ao navegar na net >

 

< Destaque: Ameaças Expandidas >

 

<!> Voçê possui o Norton,que é um bom antivírus.

<!> Caso queira mudar o programa,sugiro o Avira.

 

< AntiVir PersonalEdition Premium >

 

Abraços!

[Ric155 0]

Bom dia DigRam

Valeu pela ajuda.. Acho que esta resolvido. Li os artigos recomendados.

Muito obrigado mesmo.

Abracos.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.