[Resolvido]Ajuda com Windows

[Maryano]

Quando eu inicio o windows abertura de mensagen de erro com o: spads.dll e gzmrotate.dll

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:16, on 28/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\windows\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\windows\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\windows\system32\slrundll.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\windows\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.habbo.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\windows\system32\nsr1B.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\windows\system32\nsgA.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [hid_start] C:\windows\System32\Rundll32.exe "C:\windows\system32\gzmrotate.dll" DllVerify

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spa_start] C:\windows\System32\Rundll32.exe "C:\windows\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [webHancer Agent] C:\Arquivos de programas\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Rpue] "C:\DOCUME~1\CHAVES\DADOSD~1\YSTEM~1\javaw.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBBD5AD-D9D6-4457-A469-8A47A511C3D8}: NameServer = 200.222.0.34 200.202.193.75

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 1: Desktop Lectionary - HTTP://watercourse.net/anglicanleuven/lectionary3.php

--

End of file - 13013 bytes

[Maryano]

[Maryano]

Essa é do BankerFix

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 2007-12-28 - 23:44

-------------------------------------------------------

Lista de Definição: 2007-12-25-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\GPInstall.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\BRISA.exe

Arquivo infectado removido com sucesso!

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

E essa é do hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:48, on 2007-12-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\windows\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\windows\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\windows\system32\slrundll.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\windows\system32\NOTEPAD.EXE

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\windows\system32\nsr1B.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\windows\system32\nsgA.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [hid_start] C:\windows\System32\Rundll32.exe "C:\windows\system32\gzmrotate.dll" DllVerify

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Rpue] "C:\DOCUME~1\CHAVES\DADOSD~1\YSTEM~1\javaw.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBBD5AD-D9D6-4457-A469-8A47A511C3D8}: NameServer = 200.222.0.34 200.202.193.75

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 1: Desktop Lectionary - HTTP://watercourse.net/anglicanleuven/lectionary3.php

--

End of file - 12701 bytes

[Maryano]

Consegui fazer sumir uma janela de erro mas tem outra dizendo: não foi possivel encontrar gzmrotate.dll

se puder me ajudar.

[RenatoMejias]

Amigo, não há necessidade de abrir milhares de tópicos com o mesmo problema, RESPONDA apenas neste tópico usando o botão RESPONDER.

Outra coisa, ninguém pediu para você fazer esses procedimentos, cada caso é um caso, ficar rodando ferramentas que você nem faz idéia para que serve é perigoso, faça apenas aquilo que lhe pedirmos.

Por gentileza, poste um novo log do Hijackthis.

[Maryano]

Ta ae o hijackthis q você pediu:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07, on 2007-12-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\windows\system32\slserv.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\windows\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\windows\system32\slrundll.exe

C:\windows\system32\drwtsn32.exe

C:\windows\system32\drwtsn32.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\windows\system32\WISPTIS.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\windows\system32\nsr1B.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\windows\system32\nsgA.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [hid_start] C:\windows\System32\Rundll32.exe "C:\windows\system32\gzmrotate.dll" DllVerify

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Rpue] "C:\DOCUME~1\CHAVES\DADOSD~1\YSTEM~1\javaw.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBBD5AD-D9D6-4457-A469-8A47A511C3D8}: NameServer = 200.222.0.34 200.202.193.75

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 1: Desktop Lectionary - HTTP://watercourse.net/anglicanleuven/lectionary3.php

--

End of file - 12571 bytes

[RenatoMejias]

Baixe o WinSock XP Fix (mas não execute)

Vá em Iniciar > Painel de Controle > Adicionar ou Remover Programas e desinstale o seguinte programa:

WebHancer

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Configure o Windows para mostrar todos os arquivos

Usando o Windows Explorer (clique com o botão da direita do mouse em cima do Iniciar depois clique em Explorar, procure e apague a seguinte pasta em azul (se estiver[em] presente):

C:\Arquivos de Programas\WebHancer <--Esta pasta

Reinicie normalmente e poste um novo log do Hijackthis.

Caso haja perca de conexão com a Internet execute o WinSock XP Fix, caso contrário não há necessidade

[Maryano]

Pronto fz tudo e ai esta o post do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:21, on 2007-12-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\windows\system32\slserv.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\windows\system32\ctfmon.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\windows\system32\slrundll.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\windows\system32\nsr1B.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\windows\system32\nsgA.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [hid_start] C:\windows\System32\Rundll32.exe "C:\windows\system32\gzmrotate.dll" DllVerify

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Rpue] "C:\DOCUME~1\CHAVES\DADOSD~1\YSTEM~1\javaw.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 1: Desktop Lectionary - HTTP://watercourse.net/anglicanleuven/lectionary3.php

--

End of file - 12199 bytes

[RenatoMejias]

Rode o ComboFix novamente por gentileza e poste seu respectivo log.

[Maryano]

Aqui esta o log do ComboFix

ComboFix 07-12-31.4 - CHAVES 2008-01-02 13:26:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.229 [GMT -2:00]

Executando de: C:\Documents and Settings\CHAVES\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\inetget2

C:\Arquivos de programas\ipwindows

C:\Arquivos de programas\outlook

C:\Documents and Settings\CHAVES\Dados de aplicativos\YSTEM~1

C:\Documents and Settings\CHAVES\Dados de aplicativos\YSTEM~1\?ystem\

C:\setup.exe

C:\windows\b133.exe

C:\windows\system32\bszip.dll

C:\windows\system32\cmd.com

C:\windows\system32\netstat.com

C:\windows\system32\nsgA.dll

C:\windows\system32\nsr1B.dll

C:\windows\system32\nsv11.dll

C:\windows\system32\ping.com

C:\windows\system32\regedit.com

C:\windows\system32\taskkill.com

C:\windows\system32\tasklist.com

C:\windows\system32\tracert.com

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))

.

2008-01-02 13:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 13:43 . 2008-01-01 13:43 <DIR> d-------- C:\Arquivos de programas\Paint.NET

2008-01-01 01:39 . 2008-01-01 01:39 <DIR> d-------- C:\Arquivos de programas\Cartoonist

2007-12-29 14:10 . 2007-12-29 14:10 244 --ah----- C:\sqmnoopt02.sqm

2007-12-29 14:10 . 2007-12-29 14:10 232 --ah----- C:\sqmdata02.sqm

2007-12-28 23:44 . 2007-12-28 23:44 <DIR> d-------- C:\LinhaDefensiva

2007-12-28 22:58 . 2007-12-28 22:58 <DIR> d-------- C:\Arquivos de programas\IZArc

2007-12-28 22:06 . 2007-12-28 22:06 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-12-28 21:32 . 2007-12-28 21:32 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-12-28 16:55 . 2007-12-28 16:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-28 16:55 . 2007-12-28 16:55 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-28 08:31 . 2007-12-28 10:01 <DIR> d-------- C:\Arquivos de programas\Emule Speed Booster

2007-12-18 09:40 . 2007-12-18 09:40 <DIR> d-------- C:\Arquivos de programas\AEXXI

2007-12-15 09:47 . 2007-12-15 09:47 <DIR> d-------- C:\User Dictionaries

2007-12-15 09:31 . 2007-12-15 09:31 268 --ah----- C:\sqmdata01.sqm

2007-12-15 09:31 . 2007-12-15 09:31 244 --ah----- C:\sqmnoopt01.sqm

2007-12-13 20:07 . 2007-12-13 20:07 0 --a------ C:\WINDOWS\WB.ini

2007-12-11 17:30 . 2007-12-11 17:30 <DIR> d-------- C:\Automap

2007-12-07 18:13 . 2007-12-07 18:13 65,024 --a------ C:\WINDOWS\system32\spads.dll

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 15:32 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-02 15:32 --------- d-----w C:\Documents and Settings\CHAVES\Dados de aplicativos\AVG7

2008-01-02 15:32 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2008-01-02 10:42 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-01-01 19:42 --------- d-----w C:\Arquivos de programas\Microsoft Games

2007-12-29 22:57 --------- d-----w C:\Arquivos de programas\Terragen

2007-12-28 16:52 --------- d-----w C:\Arquivos de programas\eMule

2007-12-18 11:13 --------- d-----w C:\Arquivos de programas\VirtualDJ

2007-12-18 11:12 --------- d-----w C:\Arquivos de programas\GameSpy Arcade

2007-12-14 12:21 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-12-13 10:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-12-07 20:13 221,696 ----a-w C:\windows\Help\orgut.scr

2007-12-01 22:45 --------- d-----w C:\Arquivos de programas\MakeUp Pilot

2007-12-01 03:03 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-11-24 13:48 --------- d-----w C:\Arquivos de programas\Pcsx2_0.9.4

2007-11-24 00:21 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-11-24 00:20 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-24 00:20 --------- d-----w C:\Arquivos de programas\Conquer 2.0

2007-11-23 01:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-23 00:44 --------- d-----w C:\Arquivos de programas\ACDSee32

2007-11-22 20:56 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-11-18 18:37 --------- d-----w C:\Arquivos de programas\MSBuild

2007-11-18 18:37 --------- d-----w C:\Arquivos de programas\Microsoft Works

2007-11-18 18:34 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-11-18 18:27 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2007-11-18 17:21 --------- d-----w C:\Arquivos de programas\Guitar R.A

2007-11-16 22:18 1,971,069 ----a-w C:\vicepatch11.zip

2007-11-16 16:56 2,789,819 ----a-w C:\Foto.zip

2007-11-16 11:13 4,096 ----a-w C:\windows\system32\drivers\nocashio.sys

2007-11-14 22:40 49 ----a-w C:\biblia-am-i.dat

2007-11-13 10:25 20,480 ----a-r C:\windows\system32\drivers\secdrv.sys

2007-11-11 15:14 --------- d-----w C:\Documents and Settings\CHAVES\Dados de aplicativos\Microsoft Web Folders

2007-11-11 15:14 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-11-10 08:34 --------- d-----w C:\Documents and Settings\CHAVES\Dados de aplicativos\Tibia

2007-11-06 22:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-04 20:46 --------- d-----w C:\Arquivos de programas\Electronic Arts

2007-11-04 12:58 --------- d-----w C:\Arquivos de programas\Diablo II

2007-11-04 12:37 --------- d-----w C:\Arquivos de programas\CAPCOM

2007-10-28 15:04 12,366,457 ------w C:\AVG7QT.DAT

2007-10-28 00:05 560 ---há-w C:\WINDOWS\Fonts\SWFont9.fnt

2007-10-27 23:54 131,072 ----a-w C:\Documents and Settings\CHAVES\vms.bin

2007-10-06 20:18 156,672 ----a-w C:\windows\novc.exe

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

----a-w           796,200 2004-08-23 04:52:10  C:\Documents and Settings\CHAVES\Meus documentos\Família\MARIANO EXP 27000\Jogos\LastWar\Game Gain\GameGain 2.8.23.2004 .exe

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"SysBrand"="C:\ARQUIV~1\iGv6\sysbrand.exe" [2004-12-08 20:23 36864]

"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe" [2006-02-10 22:40 2048000]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 14:03 68856]

"Rpue"="C:\DOCUME~1\CHAVES\DADOSD~1\YSTEM~1\javaw.exe" [ ]

"PowerBar"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-07-12 07:58 1397760]

"Atualizador - Puxa Rápido"="C:\Arquivos de programas\Puxa Rápido\Atualiza.exe" [ ]

"DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.exe" [2007-05-27 22:52 4376328]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-07-07 22:15 249856]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-09 13:30 406016]

"Emurayden PSX Emulator"="c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe" [ ]

"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2001-01-25 19:00 20480]

"SoundMax"="C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2004-09-23 13:41 860160]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]

"VirtualCloneDrive"="C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 08:28 45056]

"hid_start"="C:\windows\system32\gzmrotate.dll" [ ]

"NeroFilterCheck"="C:\windows\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-08-09 13:30 146432]

C:\Documents and Settings\CHAVES\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2006-03-19 14:37 110592 C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-01-02 14:47:13 C:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

[RenatoMejias]

Você criou os seguintes arquivos?

C:\Foto.zip

C:\vicepatch11.zip

Desative seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Rpue"=-

"PowerBar"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hid_start"=-

• Salve este arquivo como: CFScript.txt

  

• Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe

• Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

• Faça também um novo log do HijackThis para colocar na sua resposta.

[Maryano]

Editado Janeiro 4, 2008 por Maryano

[RenatoMejias]

Desative seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rpue"=-
"PowerBar"=-

• Salve este arquivo como: CFScript.txt

  

• Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe

• Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

• Faça também um novo log do HijackThis para colocar na sua resposta.

[Maryano]

[RenatoMejias]

Feche TODOS os programas abertos, principalmente o Internet Explorer e o Windows Explorer. Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked (Não se preocupe caso alguma não exista).

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O24 - Desktop Component 1: Desktop Lectionary - HTTP://watercourse.net/anglicanleuven/lectionary3.php

Reinicie normalmente.

Faça um Online Scan em kaspersky Virusscanner

• Clique em
• Quando questionando para instalar o componente ActiveX, clique em
• Aguarde a instalação e a actualização e depois clique em
• Clique agora em
• Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives

Scan Mail Bases

Clique Clique em My Computer para que seja feito um Scan completo no seu Sistema.Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e poste na sua próxima resposta.Gere e cole também um novo log do HijackThis.

[Maryano]

Ai esta o log do escaneamento.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, January 11, 2008 4:00:06 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 11/01/2008

Kaspersky Anti-Virus database records: 507245

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 101461

Number of viruses found: 14

Number of infected objects: 26

Number of suspicious objects: 0

Duration of the scan process: 02:10:45

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\Grisoft\AVG Free\avg7log.log Object is locked skipped

C:\Arquivos de programas\Grisoft\AVG Free\avg7log.log.lck Object is locked skipped

C:\Arquivos de programas\Mozilla Firefox\components\nsBrowserOpt.dll Infected: not-a-virus:AdWare.Win32.BHO.pm skipped

C:\curso\Surprise!.exe Infected: not-virus:BadJoke.Win32.Melter skipped

C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Histórico\History.IE5\MSHist012008011120080112\index.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Temp\htmpl.htm Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Temp\~DFFB3C.tmp Object is locked skipped

C:\Documents and Settings\CHAVES\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\CHAVES\Meus documentos\Família\MARIANO EXP 27000\Jogos\Info Games\INTERNET\RGL19.EXE/disclaimer.rtf Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\CHAVES\Meus documentos\Família\MARIANO EXP 27000\Jogos\Info Games\INTERNET\RGL19.EXE CAB: infected - 1 skipped

C:\Documents and Settings\CHAVES\Meus documentos\Família\MARIANO EXP 27000\Progetos\Programas\Revela_senha\Senha.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped

C:\Documents and Settings\CHAVES\Meus documentos\Família\MARIANO EXP 27000\Progetos\Programas\Senha.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\Habbo_Toolbar_2.exe/data0009 Infected: not-a-virus:AdWare.Win32.Mostofate.k skipped

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\Habbo_Toolbar_2.exe NSIS: infected - 1 skipped

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\vtp6.zip.prp/Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\vtp6.zip.prp/Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\vtp6.zip.prp ZIP: infected - 2 skipped

C:\Documents and Settings\CHAVES\ntuser.dat Object is locked skipped

C:\Documents and Settings\CHAVES\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream/data0008 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b133.exe.vir NSIS: infected - 6 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nsgA.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.zn skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nsr1B.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.yr skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nsv11.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.há skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP199\A0119513.dll Infected: not-a-virus:AdWare.Win32.Agent.zn skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP199\A0119514.dll Infected: not-a-virus:AdWare.Win32.Agent.yr skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP199\A0119603.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP203\A0120434.scr Infected: Trojan-Downloader.Win32.Banload.bej skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP203\A0120436.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.m skipped

C:\System Volume Information\_restore{EA7BE44E-08D4-433C-A5B1-991A9202713B}\RP203\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_430.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

E agora o do hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:54, on 2008-01-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\windows\system32\ctfmon.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\windows\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\windows\system32\slrundll.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DBBD5AD-D9D6-4457-A469-8A47A511C3D8}: NameServer = 200.222.0.34 200.202.193.75

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11813 bytes

[RenatoMejias]

O scan revelou os seguintes arquivos como suspeitos:

C:\Documents and Settings\CHAVES\Meus documentos\Fam¡lia\MARIANO EXP 27000\Jogos\Info Games\INTERNET\RGL19.EXE

C:\Documents and Settings\CHAVES\Meus documentos\Fam¡lia\MARIANO EXP 27000\Progetos\Programas\Revela_senha\Senha.exe

C:\Documents and Settings\CHAVES\Meus documentos\Fam¡lia\MARIANO EXP 27000\Progetos\Programas\Senha.exe

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\Habbo_Toolbar_2.exe

C:\Documents and Settings\CHAVES\Meus documentos\Programas\Programas\vtp6.zip.prp

Fica a seu encargo apaga-los ou não.

Configure o Windows para mostrar todos os arquivos

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Usando o Windows Explorer (clique com o botão da direita do mouse em cima do Iniciar depois clique em Explorar, procure e apague o seguinte arquivo em vermelho (se estiver[em] presente):

C:\Arquivos de programas\Mozilla Firefox\components\nsBrowserOpt.dll <--Este arquivo

Reinicie normalmente.

Informe o estado do computador.

[Maryano]

Meu PC esta normal mais tem uma mensagem q já esta a um tempão aparece antes de eu iniciar o windows não consigo anotar pois ela aparece muito rapido é algo assim: C:window/boot invalido, não tenho muita certeza mais acho q é isso.

[Maryano]

E minha conecção sempre fica caindo cai direto e na casa dos meus amigos não caiu tanto como aqui tem como arrumar?

[RenatoMejias]

Isso já não tem relação com malwares. Recomendo que poste na seção Windows.

Mais algum problema relacionado a malwares?

[JackSSA]

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.