Tela piscando - Branco

Leonardo_sf · 21 de abril de 2005

Olá! Eu estou com o mesmo problema que o Gribeiro teve, e postou uma vez. O meu desktop fica piscando entre braco e beje ,. e quando eu vou ver as propriedades aparece:

C:\WINDOWS\WEB\DESKTOP.HTML

Então como indicado pelo pessoal eu puxei o Hijackthis, dei scan e salvei o logfile, mas como leigo não sei o que fazer agora para retirar esse maldito spyware. Vou colar o meu logfile abaixo, se vocês puderem me ajudar a tirar isso agradeço.

Logfile of HijackThis v1.99.1

Scan saved at 12:16:16, on 21/4/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe

C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\windows\apdfqoh.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\ahtun.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\HjackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qualquer=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Name - {A61017ED-51FB-4039-9BA2-91489B66339E} - C:\WINDOWS\System32\msvbf.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\ARQUIV~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp2.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\ARQUIV~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [rdspclips.exe] rdspclips.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [ER2002] C:\Arquivos de programas\ImTOO\ER2002\EasyRead.exe

O4 - HKLM\..\Run: [WebControl Security] C:\WINDOWS\System32\ss3dcups.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

O4 - HKCU\..\Run: [sajucga] c:\windows\btsjscp.exe

O4 - HKCU\..\Run: [knsomrl] c:\windows\ibrnuti.exe

O4 - HKCU\..\Run: [dlftknf] c:\windows\ibrnuti.exe

O4 - HKCU\..\Run: [dqoiptu] c:\windows\ibrnuti.exe

O4 - HKCU\..\Run: [vfetlql] c:\windows\apdfqoh.exe

O4 - HKCU\..\Run: [thnndly] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [fmhkraj] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [rjdrqav] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [dcbkppg] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [voyfphn] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [tyxldaw] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [risroqu] c:\windows\nbiwlth.exe

O4 - HKCU\..\Run: [hktwwjb] c:\windows\bkgwshw.exe

O4 - HKCU\..\Run: [ourcncx] c:\windows\bkgwshw.exe

O4 - HKCU\..\Run: [alxfggo] c:\windows\bkgwshw.exe

O4 - HKCU\..\Run: [bmnhujw] c:\windows\bkgwshw.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN

O8 - Extra context menu item: Download with Star Downloader - C:\Arquivos de programas\Star Downloader\sdie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: EasyRead Translate - C:\Arquivos de programas\Common Files\ImTOO\ER2002\TransAll.html

O9 - Extra button: EasyRead - {008B57BE-DA82-4b30-9A3E-D1A216A22939} - C:\Arquivos de programas\Common Files\ImTOO\ER2002\TransAll.html

O9 - Extra 'Tools' menuitem: EasyRead - {008B57BE-DA82-4b30-9A3E-D1A216A22939} - C:\Arquivos de programas\Common Files\ImTOO\ER2002\TransAll.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ARQUIV~1\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107927941609

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{39678155-A32E-4B7C-9FA7-6ED8CF74ED80}: NameServer = 69.50.188.180,195.225.176.31

O21 - SSODL: Security - {7189E993-C667-4F27-8E4C-2206214FF1BC} - C:\WINDOWS\System32\joyoise.dll (file missing)

O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)

O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Leonardo_sf · 21 de abril de 2005

ah , outros sintomas que o computador apresentou desde então foi lentidão, pricipalmente ao entrar, e oa antivuris e firewall não abrem na inicialização do windows. falou!

JoseMelo · 21 de abril de 2005

1 - Configure o computador para mostrar todos os arquivos:

Painel de Controle > Opções de Pasta > Modo de Exibição e desmarque Ocultar arquivos protegidos do sistema operacional (recomendado). Marque Mostrar pastas e arquivos ocultos;

2 - Abra o Bloco de Notas e copie todo o conteúdo deste post para ele e salve em local de fácil acesso;

3 - Reinicie o PC em entre em modo seguro (pressione F8 durante a inicialização e escolha modo seguro na tela de seleção);

4 - Já em modo seguro, abra o HijackThis, clique em Do a system scan only. Marque somente as entradas abaixo e clique Fix checked.