Ir ao conteúdo
  • Cadastre-se
marialuna.rj

Por favor analisem meu log :)

Recommended Posts

Por favor, gostaria que analisassem meu logo, meu computador vem apresentando alguns erros.

Desde já agradecida,

Maria Luna :)

Logfile of HijackThis v1.99.1

Scan saved at 20:07:12, on 15/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Pando Networks\Pando\pando.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\SoulseekNS\slsk.exe

C:\Program Files\The KMPlayer\KMPlayer.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Ma\Documents\Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [webuser] "C:\ProgramData\Phone Store Store.3avw3"

O4 - HKCU\..\Run: [Test Lies 1 About] "C:\ProgramData\poll stupid date.s2hh4jk"

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Bem Vindo ao Forum do Clube do Hardware.

Faça o download de Lop_Icone-medium;init:.jpg

  • Temporariamente desactive seus programas de proteção (Antivirus, etc.) para não interferirem com a ferramenta.
  • Duplo-Clique no ícone do Lop S&D que estará no desktop.
    Se utiliza o Windows Vista, dê clique direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
  • Irá surgir uma janela (conforme imagem abaixo), tecle P de Português e dê enter.
    Lop_Choix-large.jpg
  • Pressione agora o numero "3 - Remocao - Hosts" pressionando a tecla "3" e dê ENTER.
  • A ferramenta irá rodar para que a infecção possa ser removida.
  • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório na sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo os dois relatórios.

Grata,

Maria Luna :)

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E4500 @ 2.20GHz )

BIOS : v5.13

USER : Ma ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Firewall pessoal do ESET 3.0.642.0 (Activated)

C:\ (Local Disk) - NTFS - Total : 291 Go Free : 186 Go

D:\ (Local Disk) - NTFS - Total : 6 Go Free : 0 Go

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [3] ( 17/09/2008|19:34 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\Program Files\Circle Developement\Uninstall.exe

Deletado! - C:\ProgramData\Phone Store Store.3avw3

Deletado! - C:\ProgramData\Phone Store Store.aiuhzy

Deletado! - C:\ProgramData\poll stupid date.s2hh4jk

Deletado! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em Local

[02/08/2008|21:02] C:\Users\Ma\AppData\Local\{C8A2BB40-90D2-4928-AB81-2A84EFB7EA4C}

[21/08/2008|17:30] C:\Users\Ma\AppData\Local\{C98C229E-62B4-4551-B6D4-521A7B2D16EC}

[02/08/2008|18:05] C:\Users\Ma\AppData\Local\Adobe

[26/08/2008|19:13] C:\Users\Ma\AppData\Local\Ahead

[03/08/2008|03:33] C:\Users\Ma\AppData\Local\Ares

[01/08/2008|17:49] C:\Users\Ma\AppData\Local\d3d9caps.dat

[01/08/2008|15:34] C:\Users\Ma\AppData\Local\Dados de aplicativos

[16/09/2008|01:54] C:\Users\Ma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[01/08/2008|15:39] C:\Users\Ma\AppData\Local\DVDPlay

[15/09/2008|23:20] C:\Users\Ma\AppData\Local\ESET

[05/08/2008|18:35] C:\Users\Ma\AppData\Local\GDIPFONTCACHEV1.DAT

[01/08/2008|15:34] C:\Users\Ma\AppData\Local\Hist¢rico

[17/09/2008|13:00] C:\Users\Ma\AppData\Local\IconCache.db

[18/08/2008|14:08] C:\Users\Ma\AppData\Local\Microsoft

[15/08/2008|03:01] C:\Users\Ma\AppData\Local\Microsoft Games

[05/08/2008|16:01] C:\Users\Ma\AppData\Local\Microsoft Help

[26/08/2008|19:08] C:\Users\Ma\AppData\Local\Nero

[02/08/2008|21:05] C:\Users\Ma\AppData\Local\Pando

[02/08/2008|19:02] C:\Users\Ma\AppData\Local\PowerCinema

[17/09/2008|19:34] C:\Users\Ma\AppData\Local\Temp

[01/08/2008|15:34] C:\Users\Ma\AppData\Local\Temporary Internet Files

[10/08/2008|02:52] C:\Users\Ma\AppData\Local\VirtualStore

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[15/09/2008 22:18][--a------] C:\Windows\tasks\Norton Internet Security - Verifica‡Æo completa no sistema - Ma.job

[17/09/2008 18:13][--ah-----] C:\Windows\tasks\SA.DAT

[17/09/2008 13:01][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[02/08/2008|18:38] C:\ProgramData\Adobe

[02/11/2006|09:59] C:\ProgramData\Application Data

[15/09/2008|23:21] C:\ProgramData\chin window mail

[12/12/2007|13:38] C:\ProgramData\CyberLink

[01/08/2008|15:30] C:\ProgramData\Dados de aplicativos

[02/11/2006|09:59] C:\ProgramData\Desktop

[01/08/2008|15:30] C:\ProgramData\Documentos

[02/11/2006|09:59] C:\ProgramData\Documents

[15/09/2008|00:35] C:\ProgramData\ESET

[02/11/2006|09:59] C:\ProgramData\Favorites

[01/08/2008|15:30] C:\ProgramData\Favoritos

[01/08/2008|15:34] C:\ProgramData\Hewlett-Packard

[12/12/2007|13:37] C:\ProgramData\HP

[12/12/2007|13:38] C:\ProgramData\hpzinstall.log

[05/08/2008|18:04] C:\ProgramData\inSpeak

[27/08/2008|20:24] C:\ProgramData\LightScribe

[14/08/2008|21:58] C:\ProgramData\Logishrd

[14/08/2008|21:53] C:\ProgramData\Logitech

[19/08/2008|21:58] C:\ProgramData\Meal Grey Test Lies

[01/08/2008|15:30] C:\ProgramData\Menu Iniciar

[08/08/2008|18:44] C:\ProgramData\Messenger Plus!

[05/08/2008|16:04] C:\ProgramData\Microsoft

[10/09/2008|03:05] C:\ProgramData\Microsoft Help

[01/08/2008|15:30] C:\ProgramData\Modelos

[12/12/2007|13:45] C:\ProgramData\muvee Technologies

[26/08/2008|18:53] C:\ProgramData\Nero

[12/12/2007|13:51] C:\ProgramData\PC-Doctor

[23/08/2008|20:16] C:\ProgramData\Soulseek

[02/11/2006|09:59] C:\ProgramData\Start Menu

[17/09/2008|19:25] C:\ProgramData\Symantec

[02/11/2006|09:59] C:\ProgramData\Templates

[02/08/2008|05:23] C:\ProgramData\WinZip

[01/08/2008|16:02] C:\ProgramData\WLInstaller

--------------------\\ Lista de pastas em C:\Program Files

[02/08/2008|18:39] C:\Program Files\Adobe

[02/08/2008|19:14] C:\Program Files\Alwil Software

[03/08/2008|03:33] C:\Program Files\Ares

[01/08/2008|15:30] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[26/08/2008|18:53] C:\Program Files\Common Files

[05/06/2008|02:54] C:\Program Files\CONEXANT

[12/12/2007|13:44] C:\Program Files\CyberLink

[15/09/2008|00:35] C:\Program Files\ESET

[12/12/2007|13:52] C:\Program Files\Hewlett-Packard

[30/08/2008|18:24] C:\Program Files\HP

[05/08/2008|18:04] C:\Program Files\inSpeak

[02/08/2008|19:02] C:\Program Files\InstallShield Installation Information

[04/08/2008|13:09] C:\Program Files\Internet Explorer

[12/12/2007|13:47] C:\Program Files\Java

[14/08/2008|21:53] C:\Program Files\Logitech

[06/09/2008|08:13] C:\Program Files\ManyCam 2.2

[02/08/2008|21:15] C:\Program Files\Marcos Velasco Security

[30/08/2008|19:46] C:\Program Files\Messenger Plus! Live

[02/11/2006|09:35] C:\Program Files\Microsoft Games

[05/08/2008|16:05] C:\Program Files\Microsoft Office

[05/08/2008|16:05] C:\Program Files\Microsoft Visual Studio

[05/08/2008|16:02] C:\Program Files\Microsoft Visual Studio 8

[05/08/2008|16:06] C:\Program Files\Microsoft Works

[05/08/2008|16:04] C:\Program Files\Microsoft.NET

[15/09/2008|01:30] C:\Program Files\Moodysoft

[04/08/2008|13:09] C:\Program Files\Movie Maker

[05/08/2008|16:05] C:\Program Files\MSBuild

[01/08/2008|18:26] C:\Program Files\MSXML 4.0

[12/12/2007|13:45] C:\Program Files\muvee Technologies

[26/08/2008|18:53] C:\Program Files\Nero

[01/08/2008|20:21] C:\Program Files\Norton Internet Security

[01/08/2008|16:17] C:\Program Files\Paltalk Messenger

[21/08/2008|17:32] C:\Program Files\Pando Networks

[12/12/2007|14:01] C:\Program Files\PC-Doctor 5 for Windows

[12/12/2007|13:34] C:\Program Files\Realtek

[02/11/2006|09:35] C:\Program Files\Reference Assemblies

[24/08/2008|05:09] C:\Program Files\Rocket Division Software

[12/12/2007|13:52] C:\Program Files\Servi‡os online

[08/09/2008|20:10] C:\Program Files\Smart Data Recovery

[23/08/2008|20:14] C:\Program Files\SoulseekNS

[01/08/2008|19:57] C:\Program Files\Symantec

[17/08/2008|05:54] C:\Program Files\The KMPlayer

[04/08/2008|03:51] C:\Program Files\Total Video Converter

[02/11/2006|09:58] C:\Program Files\Uninstall Information

[04/08/2008|03:38] C:\Program Files\uTorrent

[04/08/2008|13:09] C:\Program Files\Windows Calendar

[04/08/2008|13:09] C:\Program Files\Windows Collaboration

[04/08/2008|13:09] C:\Program Files\Windows Defender

[01/08/2008|16:20] C:\Program Files\Windows Live

[14/08/2008|03:02] C:\Program Files\Windows Mail

[04/08/2008|13:09] C:\Program Files\Windows Media Player

[01/08/2008|15:30] C:\Program Files\Windows NT

[04/08/2008|13:09] C:\Program Files\Windows Photo Gallery

[04/08/2008|13:09] C:\Program Files\Windows Sidebar

[05/08/2008|15:54] C:\Program Files\WinRAR

[02/08/2008|05:19] C:\Program Files\WinZip

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[02/08/2008|18:38] C:\Program Files\Common Files\Adobe

[05/08/2008|16:05] C:\Program Files\Common Files\DESIGNER

[12/12/2007|13:37] C:\Program Files\Common Files\HP

[12/12/2007|13:58] C:\Program Files\Common Files\InstallShield

[12/12/2007|13:46] C:\Program Files\Common Files\Java

[12/12/2007|13:45] C:\Program Files\Common Files\LightScribe

[14/08/2008|21:54] C:\Program Files\Common Files\logishrd

[12/12/2007|13:45] C:\Program Files\Common Files\LS Getting Started

[29/08/2008|03:03] C:\Program Files\Common Files\microsoft shared

[12/12/2007|13:45] C:\Program Files\Common Files\muvee Technologies

[26/08/2008|18:55] C:\Program Files\Common Files\Nero

[02/11/2006|08:18] C:\Program Files\Common Files\Services

[01/08/2008|15:30] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines

[01/08/2008|20:21] C:\Program Files\Common Files\Symantec Shared

[05/08/2008|16:01] C:\Program Files\Common Files\System

[01/08/2008|16:19] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 69 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-17 19:35:06

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\Users\Ma\Documents\Programas\NOD 32\Crack de registro NOD32 v2.2-nsane.rar

C:\Users\Ma\Documents\Programas\NOD 32\Crack de registro v2.2-nsane.exe

C:\Users\Ma\Documents\Programas\Nod 32 + serial\Instalar o crack do NOD32.txt

[F:65][D:9]-> C:\Users\Ma\AppData\Local\Temp

[F:152][D:1]-> C:\Users\Ma\AppData\Roaming\MICROS~1\Windows\Cookies

[F:6904][D:16]-> C:\Users\Ma\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:25][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 17/09/2008|19:38 - Option : [3]

--------------------\\ Verificação completa em 19:38:27

[ UAC => 1 ]

Logfile of HijackThis v1.99.1

Scan saved at 19:42:30, on 17/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\schtasks.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Pando Networks\Pando\pando.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\jusched.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Ma\Documents\Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desactualizado.

Versões antigas e desactualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 7 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu PC, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u7-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Faça um backup ao registro.

  • Clique em Iniciar, depois em Executar e escreva: regedit e dê o OK.
  • Em cima à esquerda, clique em Meu Computador (fica selecionado com a côr azul).
  • Clique em Arquivo, depois em Exportar
  • Escolha "Salvar como"... Arquivos de Registro
  • Coloque o nome: RegBackup
  • Salve-o em C:\
  • Saia do Editor de registro.

Clique em Iniciar --> Executar e digite: notepad (ou se preferir, simplesmente abra o seu Bloco de Notas)
Copie (ctrl + c) e cole (ctrl + v) exactamente o texto abaixo:
regedit.exe /e "%cd%\startup.reg" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
type "%cd%\startup.reg" > "%cd%\startup.txt
del "%cd%\startup.reg"
  • Clique em Arquivo, depois em Guardar como... e salve o arquivo como: startup.bat
  • Escolha salvar colocando como tipo de arquivo: todos os arquivos
  • Feche agora o seu Bloco de Notas.
  • Duplo-Clique em startup.bat (que estará no seu desktop)
  • O Bloco de Notas deverá abrir, copie esse conteúdo e cole-o na sua próxima resposta.
  • Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oie Lusitano,

Fiz tudo conforme você me solicitou, só não consigo copiar o resultado do start porque o vista não permite :(

Vou teclar conforme estava lá se tiver algum erro me desculpe ok?

Obrigada pela ajuda :)

Ma

C:\Users\Ma\Desktop>regedit.exe/e "C:\Users\Ma\Desktop\startup.reg" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"

Logfile of HijackThis v1.99.1

Scan saved at 16:35:27, on 18/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Pando Networks\Pando\pando.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\Ma\Documents\Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=81&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{9206EB74-9AA4-4394-A267-EAF1653D348A}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Lusitano,

Eu estava lendo o tutorial que você me enviou para fazer rodar o combofix, e realmente eu estou com medo de fazer alguma besteira aqui no meu computador. Não entendi como instalar esse console de recuperação, olhei lá e não consegui entender, tb não nao consigo desabilitar os antivirus que tenho na máquina, tanto o NOD32 qto o Norton, então gostaria de saber se não existe um método de mais fácil entendimento.

Já que no tutorial diz que a instalação do combofix e por minha conta e risco, realmente eu estou preocupada em fazer errado e acabar prejudicando mais ainda meu pc.

Aguardo uma resposta sua :)

Obrigada,

Maria Luna

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

  • Clique com o direito no ícone do Nod32, ao lado do relógio nod32_icon.gif
  • Clique em nodix5.jpg
  • Vá em Iniciar > Executar e digite services.msc
  • Na próxima janela, role o painel do lado direito e localize Nod32 Kernel Service.
  • Dê um duplo clique para abrir as propriedades. Em tipo de inicialização, escolha Desativado.
  • Clique em Aplicar e depois em OK
  • Feche a janela.

Quando terminar os procedimentos, torne a ativar o Nod32

Dê um duplo clique no ícone do Norton, ao lado do relógio icon-nav.gifNorton-AntiVirus-2007-192225.gif

Em Sistema, clique em Auto-Protect.

Desmarque as seguintes opções:


  • Ativar Auto-Protect
  • Iniciar o Auto-Protect ao iniciar o Windows

norton1dz1.jpg

Ainda em Sistema, clique em Bloqueio de scripts.

Desmarque a opção:


  • Ativar bloqueio de scripts.

norton2pn6.jpg

Quando terminar os procedimentos, ative o Norton, marcando as opções indicadas acima

Depois pule a etapa do Console de Recuperação e apenas rode o ComboFix.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×