Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

tatitaka

[Arquivado] Problema com uw08.exe

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

tatitaka    0

tatitaka
Postado

Olá!

 

Como muitas pessoas, estou tendo problemas referentes a um arquivo denominado uw08.exe. Nenhum programa sumiu do computador, nem há lentidão. Entretanto, a Ferramenta de Remoção de Software Mal-Intencionado da Microsoft fica reiniciando o Windows constantemente.

 

Segue o logfile do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:27:04, on 12/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\runservice.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Arquivos de programas\Apoint\Apoint.exe

C:\Arquivos de programas\Apoint\HidFind.exe

C:\Arquivos de programas\Apoint\Apntex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\ARQUIV~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\Windows UpdateSP8.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de Programas\NetWaiting\netWaiting.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\Arquivos de programas\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\K1OWATW7\windows-kb890830-v2.8[1].exe

c:\b64d966a0e8b02132826edc1c0ba8a\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\4FIYQYSF\HiJackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5060919

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5060919

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Extensão do Navegador - {2920B9CD-8CE6-4AB3-8CF8-C188291324B0} - C:\WINDOWS\system32\wgalog.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Arquivos de programas\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

O4 - HKLM\..\Run: [Windows Update SP8] C:\WINDOWS\system32\Windows UpdateSP8.exe

O4 - HKLM\..\RunOnce: [Windows Update SP8] C:\WINDOWS\system32\UW08.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Arquivos de Programas\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Arquivos de programas\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: msnmsgr_.exe

O4 - Global Startup: Windows UpdateSP8.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://picasa.google.com.br

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O20 - AppInit_DLLs: wxvault.dll C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Arquivos de programas\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Arquivos de programas\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 16607 bytes

 

Espero q alguém possa me ajudar!

Obrigada desde já!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! tatitaka

 

<@> Reinicie o computador,em Modo de Segurança.

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O2 - BHO: Extensão do Navegador - {2920B9CD-8CE6-4AB3-8CF8-C188291324B0} - C:\WINDOWS\system32\wgalog.dll

 

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

 

O4 - HKLM\..\Run: [Windows Update SP8] C:\WINDOWS\system32\Windows UpdateSP8.exe

 

O4 - HKLM\..\RunOnce: [Windows Update SP8] C:\WINDOWS\system32\UW08.exe

 

O4 - Global Startup: msnmsgr_.exe

 

O4 - Global Startup: Windows UpdateSP8.exe

 

<@> Marque,àcima,estas entradas! --> Clique: Fix checked --> Sim! --> Reinicie!

<><><><><><><><><><><><>

<@> Baixe: < OTMoveIt3 > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP8.exe

c:\documents and settings\%UserProfile%\Menu Iniciar\Programas\Inicializar\Windows UpdateSP8.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsgr_.exe

c:\documents and settings\%UserProfile%\Menu Iniciar\Programas\Inicializar\msnmsgr_.exe

c:\windows\system32\Windows UpdateSP8.exe

c:\windows\system32\wrm01.04.09UP.ini

c:\windows\system32\wrm31.03.09UP.ini

c:\windows\system32\wrm30.03.09UP.ini

c:\windows\system32\msnmsgr_.exe

c:\windows\system32\wgalog.dll

c:\windows\system32\UW08.exe

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows UpdateSP8"=-

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

tatitaka    0

tatitaka
Postado

Nesse meio tempo, eu instalei o Avira no computador e, desde então, fiz um scan que encontrou alguns problemas.

 

Segui as suas instruções.

 

Relatório do OTMoveIt:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows UpdateSP8.exe not found.

File/Folder c:\documents and settings\%UserProfile%\Menu Iniciar\Programas\Inicializar\Windows UpdateSP8.exe not found.

File/Folder c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsgr_.exe not found.

File/Folder c:\documents and settings\%UserProfile%\Menu Iniciar\Programas\Inicializar\msnmsgr_.exe not found.

File/Folder c:\windows\system32\Windows UpdateSP8.exe not found.

File/Folder c:\windows\system32\wrm01.04.09UP.ini not found.

File/Folder c:\windows\system32\wrm31.03.09UP.ini not found.

File/Folder c:\windows\system32\wrm30.03.09UP.ini not found.

c:\windows\system32\msnmsgr_.exe moved successfully.

File/Folder c:\windows\system32\wgalog.dll not found.

File/Folder c:\windows\system32\UW08.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows UpdateSP8 not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DF56D3.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DF5703.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DFBFA3.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DFC1B0.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\ADHXMWNO\ads[5].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\58T628Z4\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\56VJVN6M\index[3].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\JET88E6.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bd8.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_df8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04122009_091551

 

Files moved on Reboot...

File C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DF56D3.tmp not found!

File C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DF5703.tmp not found!

File C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DFBFA3.tmp not found!

File C:\DOCUME~1\Tatiane\CONFIG~1\Temp\~DFC1B0.tmp not found!

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\ADHXMWNO\ads[5].htm moved successfully.

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\58T628Z4\iframe[1].htm moved successfully.

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\Content.IE5\56VJVN6M\index[3].htm moved successfully.

C:\Documents and Settings\Tatiane\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

File C:\WINDOWS\temp\JET88E6.tmp not found!

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_bd8.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_df8.dat not found!

 

 

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:20:23, on 12/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\notepad.exe

C:\Arquivos de programas\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

C:\Arquivos de programas\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Apoint\HidFind.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Apoint\Apntex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de Programas\NetWaiting\netWaiting.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\Arquivos de programas\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\ARQUIV~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Tatiane\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5060919

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=5060919

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Arquivos de programas\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Arquivos de Programas\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Arquivos de programas\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://picasa.google.com.br

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O20 - AppInit_DLLs: wxvault.dll C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Arquivos de programas\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Arquivos de programas\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 16489 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! tatitaka

 

<!> Voçê,agora,está com 2 antivírus! Desinstale o Norton ou Avira. <-- Escolha!

<><><><><><><><><><><>

<@> Abra o OTMoveIt3 --> Clique em < 8gehxg0.gif > --> Aguarde! --> Yes!

<><><><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito