Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
L'Marc

Problemas!

Recommended Posts

Olá

To com um virus no meu pc que não sai por nada. Ele não sai do internet explorer e tambem não deixa eu fazer atualização do antivirus e nem dos programas de spyware.

Não posso entrar no orkut, g-mail e hotmail

Por favor me ajude

Ai vai o log com a maquina rodando no modo normal.

Logfile of HijackThis v1.99.1

Scan saved at 00:31:28, on 25/8/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Norton Internet Security\ISSVC.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\HijackThis\HijackThis.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://angelsfucked.com/se.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://angelsfucked.com/se.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.orkut.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://angelsfucked.com/se.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.terra.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\Run: [HijackThis startup scan] C:\HijackThis\HijackThis.exe /startupscan

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ISSVC.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

aqui vai o log do Silent Runners tambem

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Norton SystemWorks" = ""C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" ["Symantec Corporation"]

"HijackThis startup scan" = "C:\HijackThis\HijackThis.exe /startupscan" ["Soeperman Enterprises Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"HP Software Update" = ""C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]

"HP Component Manager" = ""C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"InCD" = "C:\Arquivos de programas\Ahead\InCD\InCD.exe" ["Copyright © ahead software gmbh and its licensors"]

"ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Norton Ghost 9.0" = "C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" ["Symantec Corporation"]

"Symantec NetDriver Monitor" = "C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

"iTunesHelper" = "C:\Arquivos de programas\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"NeroCheck" = "C:\WINDOWS\system32\\NeroCheck.exe" ["Ahead Software Gmbh"]

"SunJavaUpdateSched" = "C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."]

"SpySweeper" = ""C:\Arquivos de programas\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll" [MS]

{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\msohev.dll" [MS]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorer da área de trabalho"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"

-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]

"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"

-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]

"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"

-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"

-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:

-----------------------------

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Antônio\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Antônio" & "All Users" startup folders:

---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

"Microsoft Office" -> shortcut to: "C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Software Kodak EasyShare" -> shortcut to: "C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"]

"Kodak software updater" -> shortcut to: "C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data]

Enabled Scheduled Tasks:

------------------------

"WebReg 20041007185900" -> launches: "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe /TaskName 20041007185900 /N "psc 1300 series" /M Q3501A /S BR3C22G0QR9F /AP 303 /F /T " ["Hewlett-Packard Co."]

"HP DArC Task #Hewlett-Packard#hp psc 1300 series#1097186300" -> launches: "C:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe /#Hewlett-Packard#hp psc 1300 series#1097186300" ["Hewlett-Packard Company"]

"One Button Checkup do Norton SystemWorks" -> launches: "C:\Arquivos de programas\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]

"Symantec Drmc" -> launches: "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]

"Norton AntiVirus - Verificar o meu computador - Antônio" -> launches: "C:\ARQUIV~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

"AF4E16F891858880" -> launches: "c:\docume~1\antônio\dadosd~1\flawdo~1\website1.exe" [file not found]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll" [MS]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

[strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

[strings]: SAFESITE_VALUE="search.msn.com.br"

Missing lines (compared with English-language version):

[strings]: 2 lines

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! "blank" = "http://angelsfucked.com/se.html" [file not found]

HIJACK WARNING! "NavigationCanceled" = "http://angelsfucked.com/se.html" [file not found]

HIJACK WARNING! "NavigationFailure" = "http://angelsfucked.com/se.html" [file not found]

HIJACK WARNING! "OfflineInformation" = "http://angelsfucked.com/se.html" [file not found]

HIJACK WARNING! "PostNotCached" = "http://angelsfucked.com/se.html" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Agente SAP, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}

iPod Service, iPodService, ""C:\Arquivos de programas\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]

ISSvc, ISSVC, "C:\Arquivos de programas\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"]

Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]

Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

Norton Ghost, Norton Ghost, "C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]

Norton Unerase Protection, NProtectService, "C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Serviço auxiliar IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

Serviço de cliente para NetWare, NWCWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}

Serviço do Auto-Protect do Norton AntiVirus, navapsvc, ""C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Speed Disk service, Speed Disk service, "C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Arquivos de programas\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "Yes" at the first message box.

---------- (total run time: 52 seconds, including 18 seconds for message boxes)

Desde já fico agradecido

Ps: não sei se isso é virus ou spy

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rode o HijackThis e marque as seguintes entradas:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://angelsfucked.com/se.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://angelsfucked.com/se.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.orkut.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://angelsfucked.com/se.html

Reinicie o computador normalmente e veja se o problema foi solucionado. Faça um novo log de HijackThis e cole-o na sua resposta.

Tente baixar o Ewido (atualize-o ou baixe a atualização manualmente). Cole o resultado do scan dele aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Bom depois de do você mandou eu fazer ficou tudo assim:

    Logfile of HijackThis v1.99.1

    Scan saved at 11:46:50, on 25/8/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Norton Internet Security\ISSVC.exe

    C:\WINDOWS\system32\drivers\KodakCCS.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

    C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Spy Sweeper\WRSSSDK.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

    C:\Arquivos de programas\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\Wheel Mouse\5.0\MOUSE32A.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://angelsfucked.com/se.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.orkut.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://angelsfucked.com/se.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.terra.com.br

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Wheel Mouse\5.0\MOUSE32A.EXE

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    O4 - Global Startup: Kodak software updater.lnk = C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ISSVC.exe

    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Spy Sweeper\WRSSSDK.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    O relatorio do ewido foi esse:

    ---------------------------------------------------------

    ewido security suite - Relatório de verificação

    ---------------------------------------------------------

    + Criado em: 12:50:30, 25/8/2005

    + Relatório-Checksum: BCCD3427

    + Resultado da verificação:

    HKU\S-1-5-21-790525478-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFB22865-F3BC-4309-ADFA-C8E078A7F762} -> Dialer.Generic : Limpo com backup

    C:\Downloads\SchoolTycoonSetup-dm.exe -> Spyware.Trymedia : Limpo com backup

    C:\Downloads\AirportTycoon2Setup-dm.exe -> Spyware.Trymedia : Limpo com backup

    C:\Downloads\MallTycoon2-dm.exe -> Spyware.Trymedia : Limpo com backup

    C:\Downloads\MallTycoonSetup-dm.exe -> Spyware.Trymedia : Limpo com backup

    ::Fim do Relatório

    Depois disso tudo eu fui no system 32 e revisei cadaarquivo que tinha lá dando uma olhada para ver se realmente ele era de algum programa ou era malware e achei uma sequencia de arquivos com o nome de dp560 à dp573 que para mim era virus.

    Não deu outra consegui fazer a internet funcionar e passaei o norton e o ewido de novo fiz uma lipeza no registro com o jv16 e o resultado foi esse:

    Logfile of HijackThis v1.99.1

    Scan saved at 09:21:37, on 26/8/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

    C:\Arquivos de programas\Wheel Mouse\5.0\MOUSE32A.EXE

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

    C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

    C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

    C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

    C:\Arquivos de programas\ewido\security suite\ewidoguard.exe

    C:\WINDOWS\System32\GEARSec.exe

    C:\WINDOWS\system32\drivers\KodakCCS.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

    C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

    O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Wheel Mouse\5.0\MOUSE32A.EXE

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Arquivos de programas\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    O4 - Global Startup: Kodak software updater.lnk = C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe

    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    Agora ta tudo perfeito.

    Valeu Bucketheadkrz

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    :-BEER Por nada, se precisar é só chamar...

    Depois disso tudo eu fui no system 32 e revisei cadaarquivo que tinha lá dando uma olhada para ver se realmente ele era de algum programa ou era malware e achei uma sequencia de arquivos com o nome de dp560 à dp573 que para mim era virus.

    Eram executáveis? Você apagou eles? Se for executável, faça um scan somente daqueles arquivos neste link.

    Não deu outra consegui fazer a internet funcionar e passaei o norton e o ewido de novo fiz uma lipeza no registro com o jv16 e o resultado foi esse:

    Realmente, no primeiro log desta sua resposta acima ainda havia duas entradas que eu tinha falado, mas saíram após o scan.

    Faltou um negócio que deve tá modificado no seu registro...

    Abre o bloco de notas e cole o conteúdo de dentro do Quote:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

    "blank"="res://mshtml.dll/blank.htm"

    "NavigationCanceled"="res://shdoclc.dll/navcancl.htm"

    "NavigationFailure"="res://shdoclc.dll/navcancl.htm"

    "OfflineInformation"="res://shdoclc.dll/offcancl.htm"

    "PostNotCached"="res://mshtml.dll/repost.htm"

    Salva com o nome ALT.reg e depois execute-o. Só isso só...

    Té +.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eram executáveis? Você apagou eles? Se for executável, faça um scan somente daqueles arquivos neste link.

    Eram mais eu apaguei todos.
    Faltou um negócio que deve tá modificado no seu registro...

    Abre o bloco de notas e cole o conteúdo de dentro do Quote:

    QUOTE

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

    "blank"="res://mshtml.dll/blank.htm"

    "NavigationCanceled"="res://shdoclc.dll/navcancl.htm"

    "NavigationFailure"="res://shdoclc.dll/navcancl.htm"

    "OfflineInformation"="res://shdoclc.dll/offcancl.htm"

    "PostNotCached"="res://mshtml.dll/repost.htm"

    Salva com o nome ALT.reg e depois execute-o. Só isso só...

    Té +.

    Até fiz isso mais antes fui no caminho indicado e estava tudo certo. Mais como não custava nada coloquei o caminho de registro que você me mandou.

    Valeu

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×