[Arquivado] Lentidão e trava do nada

[leoinuzuka 0]

Olá pessoal :D

O meu computador ele fica lento do nada e trava do nada tbm :x

queria que voces desse uma olhada em meu log. :D

ae está.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:53:44, on 27/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\xampp\xampp-control.exe

C:\xampp\apache\bin\httpd.exe

C:\xampp\mysql\bin\mysqld.exe

C:\xampp\apache\bin\httpd.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R3 - URLSearchHook: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O23 - Service: 1264023843 (.1264023843) - Unknown owner - C:\Arquivos de programas\1264023843\USER1264023843L.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 7691 bytes

[Power Max 54]

:) Olá leoinuzuka!

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

_________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log que estará em C:\Ad-Report-CLEAN[1].log, o log que estará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[leoinuzuka 0]

ComboFix 10-01-28.04 - Administrador 28/01/2010 20:54:36.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2430.1915 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\Dados de aplicativos\addon.dat

c:\windows\system32\ActNAV_cltDynam.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AIC32P

-------\Service_aic32p

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 ))))))))))))))))))))))))))))

.

 

2010-01-28 22:49 . 2010-01-28 22:51 -------- d-----w- C:\ToolBar SD

2010-01-28 22:20 . 2010-01-28 22:45 -------- d-----w- C:\Ad-Remover

2010-01-28 12:24 . 2010-01-28 12:24 -------- d-----w- c:\arquivos de programas\SpacialAudio

2010-01-28 12:24 . 2007-10-16 12:07 442368 ----a-w- c:\windows\system32\GDS32.DLL

2010-01-28 12:24 . 2005-09-23 02:05 626688 ----a-w- c:\windows\system32\msvcr80.dll

2010-01-28 12:24 . 2005-09-23 02:05 548864 ----a-w- c:\windows\system32\msvcp80.dll

2010-01-28 12:24 . 2010-01-28 12:24 -------- d-----w- c:\arquivos de programas\Firebird

2010-01-28 10:30 . 2010-01-28 10:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Audacity

2010-01-28 10:29 . 2010-01-28 10:29 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode)

2010-01-28 10:02 . 2010-01-28 10:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Publish Providers

2010-01-28 10:00 . 2010-01-28 10:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2010-01-28 09:59 . 2010-01-28 09:59 -------- d-----w- c:\arquivos de programas\Sony

2010-01-28 09:57 . 2010-01-28 10:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony

2010-01-28 09:44 . 2010-01-28 09:44 -------- d-----w- c:\arquivos de programas\MP3Gain

2010-01-28 09:33 . 2010-01-28 09:33 -------- d-----w- c:\arquivos de programas\Essentials Codec Pack

2010-01-28 09:25 . 2010-01-28 09:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2010-01-28 09:25 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll

2010-01-28 04:48 . 2010-01-28 04:48 -------- d-----w- c:\arquivos de programas\Ares

2010-01-28 04:15 . 2010-01-28 21:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla

2010-01-28 04:15 . 2010-01-28 04:15 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-28 03:58 . 2010-01-28 19:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2010-01-28 03:58 . 2010-01-28 03:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-01-28 03:56 . 2010-01-28 22:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2010-01-28 03:56 . 2010-01-28 03:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-01-28 03:56 . 2010-01-28 03:56 -------- d-----r- c:\arquivos de programas\Skype

2010-01-28 03:55 . 2010-01-28 03:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2010-01-27 14:15 . 2010-01-27 14:15 52224 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-27 14:15 . 2010-01-27 14:15 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-27 14:15 . 2010-01-27 14:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-27 14:15 . 2010-01-27 14:15 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-27 14:15 . 2010-01-27 14:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-27 14:14 . 2010-01-27 14:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-27 13:14 . 2010-01-27 13:14 -------- d-----w- c:\arquivos de programas\CCleaner

2010-01-27 10:23 . 2010-01-27 10:23 -------- d-----w- c:\arquivos de programas\No-IP

2010-01-26 23:52 . 2010-01-27 00:08 -------- d-----w- c:\arquivos de programas\AV VCS 3.0 Gold

2010-01-26 23:52 . 2010-01-26 23:53 16 ----a-w- c:\windows\system32\DataRnvx.dat

2010-01-26 23:52 . 2003-04-30 15:24 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys

2010-01-26 23:39 . 2010-01-26 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Avnex

2010-01-26 23:38 . 2008-12-26 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys

2010-01-26 23:37 . 2010-01-26 23:45 -------- d-----w- c:\arquivos de programas\AV Vcs 7.0 GOLD

2010-01-26 22:08 . 2010-01-26 22:11 -------- d-----w- c:\windows\system32\Adobe

2010-01-26 20:24 . 2010-01-26 20:24 -------- d-----w- c:\arquivos de programas\MySQL

2010-01-26 20:00 . 2009-12-20 02:00 -------- d---a-w- C:\xampp

2010-01-26 09:47 . 2010-01-26 09:51 -------- d-----w- c:\windows\NV37443112.TMP

2010-01-26 08:46 . 2010-01-26 08:46 16252928 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\Adobe Photoshop CS4\400000a400003i\FNPLicensingService.exe

2010-01-26 08:45 . 2010-01-26 08:45 16252928 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\Adobe Photoshop CS4\1000000b00002i\rundll32.exe

2010-01-26 08:45 . 2010-01-26 08:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall

2010-01-26 04:26 . 2010-01-26 04:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-01-26 03:34 . 2010-01-26 05:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-26 03:20 . 2010-01-26 03:20 503808 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f48f74b-n\msvcp71.dll

2010-01-26 03:20 . 2010-01-26 03:20 499712 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f48f74b-n\jmc.dll

2010-01-26 03:20 . 2010-01-26 03:20 348160 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2f48f74b-n\msvcr71.dll

2010-01-26 03:20 . 2010-01-26 03:20 61440 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6edc0341-n\decora-sse.dll

2010-01-26 03:20 . 2010-01-26 03:20 12800 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6edc0341-n\decora-d3d.dll

2010-01-26 03:20 . 2010-01-26 03:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-01-26 03:20 . 2010-01-26 03:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-26 03:20 . 2010-01-26 03:20 -------- d-----w- c:\arquivos de programas\Java

2010-01-26 02:55 . 2010-01-26 02:55 -------- d-----w- c:\documents and settings\Administrador\DoctorWeb

2010-01-26 00:14 . 2010-01-26 04:41 -------- d-----w- c:\arquivos de programas\ESET

2010-01-26 00:14 . 2010-01-26 00:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-01-25 21:37 . 2010-01-25 21:37 -------- d-----w- c:\windows\Lhsp

2010-01-25 21:37 . 2010-01-26 04:52 -------- d-----w- c:\arquivos de programas\VirtualDJ

2010-01-25 20:09 . 2010-01-25 20:09 0 ----a-w- c:\windows\nsreg.dat

2010-01-25 09:46 . 2010-01-27 09:50 -------- d-----w- c:\arquivos de programas\MuAwaY

2010-01-25 09:29 . 2010-01-26 01:48 -------- d-----w- c:\arquivos de programas\sXe Injected

2010-01-25 08:34 . 2010-01-25 08:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-01-25 08:34 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-25 08:34 . 2010-01-28 22:06 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-25 08:34 . 2010-01-25 08:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-25 08:34 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-25 07:55 . 2010-01-25 07:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit

2010-01-25 07:55 . 2010-01-25 09:22 -------- d-----w- c:\arquivos de programas\IObit

2010-01-25 07:39 . 2010-01-25 07:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo

2010-01-24 20:44 . 2010-01-26 01:18 -------- d-----w- c:\arquivos de programas\ASPack

2010-01-24 20:33 . 2010-01-27 23:21 -------- d-----w- c:\arquivos de programas\Steam

2010-01-24 17:25 . 2010-01-25 20:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-24 17:24 . 2010-01-26 01:22 -------- d-----w- c:\arquivos de programas\Messenger_Plus_Live

2010-01-24 17:24 . 2010-01-26 01:22 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-24 05:10 . 2010-01-24 05:10 -------- d-----w- C:\6967671ef028d2d9a7ff

2010-01-24 05:10 . 2010-01-24 15:13 -------- d-----w- c:\windows\SxsCaPendDel

2010-01-23 17:11 . 2010-01-26 01:39 -------- d-----w- c:\arquivos de programas\Online_Radio_Brazil

2010-01-23 05:00 . 2010-01-23 05:00 -------- d-----w- c:\windows\ie8updates

2010-01-23 00:48 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-01-23 00:48 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-01-23 00:48 . 2009-12-21 19:07 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-01-23 00:48 . 2009-12-21 19:07 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-01-23 00:48 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-23 00:48 . 2009-12-21 19:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-01-23 00:48 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-23 00:48 . 2009-12-21 19:07 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-01-22 21:44 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-01-22 21:44 . 2009-08-04 17:27 2070272 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-01-22 21:44 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-01-21 19:51 . 2010-01-21 19:51 -------- d-----w- c:\arquivos de programas\Conduit

2010-01-21 19:51 . 2010-01-26 01:21 -------- d-----w- c:\arquivos de programas\MAX_BR

2010-01-21 16:13 . 2010-01-21 16:13 -------- d-----w- c:\documents and settings\Administrador\WINDOWS

2010-01-21 16:09 . 2010-01-21 16:09 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2010-01-21 15:25 . 2010-01-21 15:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\.ZMatrix

2010-01-21 15:25 . 2010-01-21 15:25 -------- d-----w- c:\arquivos de programas\Winamp

2010-01-21 15:25 . 2010-01-26 03:37 -------- d-----w- c:\arquivos de programas\ZMatrix

2010-01-21 13:49 . 2010-01-21 13:49 -------- d-----w- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session1

2010-01-21 13:49 . 2010-01-21 13:49 -------- d-----w- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session0

2010-01-21 09:57 . 2008-04-14 10:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-01-21 09:26 . 2010-01-25 00:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer

2010-01-21 09:26 . 2010-01-21 09:26 -------- d-----w- c:\documents and settings\Administrador\temp

2010-01-21 08:09 . 2010-01-24 21:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\VMware

2010-01-21 07:41 . 2010-01-21 07:41 909312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\uninstall.exe

2010-01-21 07:41 . 2010-01-21 07:41 625200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\instUtils.dll

2010-01-21 07:41 . 2010-01-21 07:35 958000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib64.dll

2010-01-21 07:41 . 2010-01-21 07:35 922672 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib64.exe

2010-01-21 07:41 . 2010-01-21 07:35 760368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib.dll

2010-01-21 07:41 . 2010-01-21 07:35 731696 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vminstutil.dll

2010-01-21 07:41 . 2010-01-21 07:35 696320 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\vnetlib.exe

2010-01-21 07:41 . 2010-01-21 07:35 331776 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_ws.dll

2010-01-21 07:41 . 2010-01-21 07:35 569344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_core.dll

2010-01-21 07:41 . 2010-01-21 07:35 360448 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\VMware\VMware Workstation\Uninstaller\module_license.dll

2010-01-21 07:40 . 2009-10-22 02:13 59952 ----a-r- c:\windows\system32\vnetinst.dll

2010-01-21 07:40 . 2009-10-22 02:13 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys

2010-01-21 07:40 . 2009-10-22 06:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe

2010-01-21 07:40 . 2009-10-22 07:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2010-01-21 07:40 . 2009-10-22 07:00 395824 ----a-w- c:\windows\system32\vmnat.exe

2010-01-21 07:40 . 2009-10-22 02:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys

2010-01-21 07:40 . 2009-10-22 07:00 760368 ----a-w- c:\windows\system32\vnetlib.dll

2010-01-21 07:40 . 2009-10-22 07:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2010-01-21 07:40 . 2010-01-28 23:00 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\VMware

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-27 23:18 . 2008-04-14 10:00 81362 ----a-w- c:\windows\system32\perfc016.dat

2010-01-27 23:18 . 2008-04-14 10:00 474168 ----a-w- c:\windows\system32\perfh016.dat

2010-01-20 21:52 . 2010-01-20 21:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2010-01-20 21:47 . 2010-01-20 21:47 -------- d-----w- c:\arquivos de programas\Realtek

2010-01-20 21:47 . 2010-01-20 21:47 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-20 21:47 . 2010-01-20 21:47 315392 ----a-w- c:\windows\HideWin.exe

2010-01-20 21:47 . 2010-01-20 21:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-20 21:45 . 2010-01-20 21:45 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-01-20 21:42 . 2010-01-20 21:42 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-01-20 21:40 . 2010-01-20 21:40 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-01-20 21:39 . 2010-01-20 21:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-01-20 21:36 . 2010-01-20 21:36 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-21 19:08 . 2008-04-14 10:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-14 16:26 . 2009-12-14 16:26 131072 --sha-r- c:\windows\system32\apcantar.dll

2009-11-21 15:58 . 2008-04-14 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}"= "c:\arquivos de programas\MAX_BR\tbMAX_.dll" [2009-11-09 2331672]

"{f4c23ca5-ed6c-4376-80ad-62f9161a7286}"= "c:\arquivos de programas\Online_Radio_Brazil\tbOnli.dll" [2009-12-31 2349080]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]

 

[HKEY_CLASSES_ROOT\clsid\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2009-12-31 13:53 2349080 ----a-w- c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]

2009-12-31 13:53 2349080 ----a-w- c:\arquivos de programas\Online_Radio_Brazil\tbOnli.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]

2009-11-09 20:38 2331672 ----a-w- c:\arquivos de programas\MAX_BR\tbMAX_.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}"= "c:\arquivos de programas\MAX_BR\tbMAX_.dll" [2009-11-09 2331672]

"{f4c23ca5-ed6c-4376-80ad-62f9161a7286}"= "c:\arquivos de programas\Online_Radio_Brazil\tbOnli.dll" [2009-12-31 2349080]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]

 

[HKEY_CLASSES_ROOT\clsid\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}"= "c:\arquivos de programas\MAX_BR\tbMAX_.dll" [2009-11-09 2331672]

"{F4C23CA5-ED6C-4376-80AD-62F9161A7286}"= "c:\arquivos de programas\Online_Radio_Brazil\tbOnli.dll" [2009-12-31 2349080]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]

 

[HKEY_CLASSES_ROOT\clsid\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-01-21 3945280]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-01-22 1011712]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-08 16862208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 8466432]

"nwiz"="nwiz.exe" [2009-03-08 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 81920]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-21 321040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{AFB2733D-4ED6-483F-B296-8D33A8843230}"= "c:\windows\system32\apcantar.dll" [2009-12-14 131072]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 16:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-01-06 17:33 2335952 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 10:00 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 02:47 92456 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2010-01-21 12:39 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-01-21 12:35 3945280 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-08 21:30 81920 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-01-27 10:08 1217808 ----a-w- c:\arquivos de programas\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-21 04:47 321040 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\MSIEXEC.EXE"=

"c:\\Arquivos de programas\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Arquivos de programas\\1264023843\\USER1264023843L.exe"=

"c:\\Arquivos de programas\\VMware\\VMware Workstation\\vmware-vmx.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\system32\\drwtsn32.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Real\\Update_OB\\realsched.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Administrador\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [5/1/2010 07:56 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [5/1/2010 07:56 74480]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [26/1/2010 21:52 6852]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22/10/2009 05:00 70704]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 03:47 563760]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [20/1/2010 20:00 472096]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [5/1/2010 07:56 7408]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [26/1/2010 21:38 17792]

S2 .1264023843;1264023843;c:\arquivos de programas\1264023843\USER1264023843L.exe [10/9/2009 02:44 484456]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [28/11/2009 22:38 94080]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-28 c:\windows\Tasks\User_Feed_Synchronization-{2D4863DE-4B39-4882-AA7A-2B95A52A89E3}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]

.

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\arquivos de programas\VMware\VMware Workstation\vsocklib.dll

TCP: {D2DCB7B9-803F-4036-BCE0-B8A66606E4B7} = 208.67.222.222,208.67.220.220

TCP: {DC811895-81B2-4D4B-A085-C0CBEC145284} = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\j9zm4057.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.webradioagitomix.net/

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-system - c:\windows\svcr.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 21:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1123561945-1993962763-1708537768-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,b9,e7,17,7f,d3,d9,41,bd,45,76,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,b9,e7,17,7f,d3,d9,41,bd,45,76,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,b9,e7,17,7f,d3,d9,41,bd,45,76,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(200)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\apcantar.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\vmnat.exe

c:\windows\system32\vmnetdhcp.exe

c:\arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-28 21:04:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-28 23:04

 

Pré-execução: 12 pasta(s) 43.393.900.544 bytes disponíveis

Pós execução: 13 pasta(s) 43.527.983.104 bytes disponíveis

 

- - End Of File - - 40DAB59A586EA75FAD39021E0DBF2493

 

###################################################################

Ad-Report-CLEAN

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_I | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 28.01.2010 at 18:26

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 20:40:47, qui 28/01/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: USER-9876513123 | Current user: Administrador

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

 

(!) -- Temp files deleted.

 

.

HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.6 [pt-BR] *

.

ProfilePath: j9zm4057.default (Administrador)

.

(ADMINI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Administrador\Meus documentos

(ADMINI~1, prefs.js) Browser.startup.homepage, hxxp://www.webradioagitomix.net/

(ADMINI~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Enable Browser Extensions: yes

Use Search Asst: no

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Administrador\Desktop\leonardo\programas\VMWARE +keygen\vmware_7_keygen.zip

C:\Documents and Settings\Administrador\Desktop\leonardo\programas\VMWARE +keygen\VMware-workstation-full-7.0.0-203739.exe

.

===================================

.

2831 Byte(s) - C:\Ad-Report-CLEAN[1].log

2819 Byte(s) - C:\Ad-Report-SCAN[1].log

.

350 File(s) - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp

21 File(s) - C:\WINDOWS\Temp

0 File(s) - C:\WINDOWS\Prefetch

.

19 File(s) - C:\Ad-Remover\BACKUP

0 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 20:45:53 | qui 28/01/2010 - CLEAN[1]

.

============== E.O.F ==============

.

 

###################################

ToolbarSD\TB_1.txt

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor LE-1250 )

BIOS : )Phoenix - Award WorkstationBIOS v6.00PG

USER : Administrador ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:74 Go (Free:40 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( qui 28/01/2010|20:50 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(Administrador) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://fr.msn.com/"'>http://fr.msn.com/"

"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://fr.msn.com/"'>http://fr.msn.com/"

"Search bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Desktop\leonardo\programas\VMWARE +keygen

C:\DOCUME~1\ADMINI~1\Desktop\leonardo\programas\VMWARE +keygen\VMware-workstation-full-7.0.0-203739.exe

C:\DOCUME~1\ADMINI~1\Desktop\leonardo\programas\VMWARE +keygen\vmware_7_keygen.zip

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 28/01/2010|20:50 - Option : [1]

 

Bom meu PC deu uma melhorada !

Mais continua lento :x

 

Já ia esqueçendo log hijackthis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:15:07, on 28/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: ApcantarRdp - {AFB2733D-4ED6-483F-B296-8D33A8843230} - C:\WINDOWS\system32\apcantar.dll

O23 - Service: 1264023843 (.1264023843) - Unknown owner - C:\Arquivos de programas\1264023843\USER1264023843L.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 8467 bytes

 

Já ia esquecendo o log hijackthis.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:15:07, on 28/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: ApcantarRdp - {AFB2733D-4ED6-483F-B296-8D33A8843230} - C:\WINDOWS\system32\apcantar.dll

O23 - Service: 1264023843 (.1264023843) - Unknown owner - C:\Arquivos de programas\1264023843\USER1264023843L.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Arquivos de programas\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 8467 bytes

[Power Max 54]

:seta: Faltou você postar o log do Malwarebytes.

[leoinuzuka 0]

É que nao consegui iniciar o computador em modo de segurança !

Quando coloco pra iniciar no modo de segurança o pc reinicia :x

Ae estou fasendo no modo normal mesmo .

 

Ae está =D

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3632

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

25/1/2010 07:13:14

mbam-log-2010-01-25 (07-13-14).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 152664

Tempo decorrido: 37 minute(s), 51 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 11

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41070-b2b1-21d1-b5c1-0305f4055515} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Qoobox\Quarantine\C\WINDOWS\system32\gasretyw0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP12\A0002562.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP14\A0002823.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014651.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014654.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014780.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0015197.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP5\A0000965.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

[Power Max 54]

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Administrador\Desktop\leonardo\programas\VMWARE +keygen\vmware_7_keygen.zip

C:\Documents and Settings\Administrador\Desktop\leonardo\programas\VMWARE +keygen\VMware-workstation-full-7.0.0-203739.exe

:!: É muito importante desinstalar todos os programas crackeados ou pirateados que estejam no seu PC, pois a enorme maioria deste tipo de programa trazem virus e/ou malwares embutidos neles, além de poderem conter vulnerabilidades que facilitam a invasão de seu computador.

____________________________________

 

:!: Há várias toolbars instaladas em seu PC. Estas toolbars em muitos casos costumam deixar a navegação muito mais lenta, e há toolbars maliciosas que ainda ficam monitorando os seus hábitos de navegação. Sugiro que desinstale todas estas toolbars:

 

MAX BR Toolbar

 

Online Radio Brazil Toolbar

 

Messenger Plus Live Toolbar

____________________________________

 

:seta: Siga também as dicas destes tutoriais:

 

Tutorial do Norman Malware Cleaner

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/04/tutorial-do-spyware-doctor-starter.html"]Tutorial do Spyware Doctor Starter Edition

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

___________________________________

 

:seta: No seu log não está constando um antivirus ativo no seu PC e é muito importante ter um.

 

Sugiro um ótimo antivirus gratuito para você, como o '>http://freedownloads2000.blogspot.com/2009/03/avira-antivir-personal-900386-gratuito.html"]Avira Antivir Personal 9 Free.

 

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

 

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.

_______________________________________________________________

 

:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner, o log que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt, o log que estará em C:\UsbFix.txt e o log do Spyware Doctor para que eles possam ser analizados.

 

Ficamos no aguardo de sua resposta.

[leoinuzuka 0]

Desculpe ae, pois estava sem internet ! :(

 

Agora vou seguir ae os procedimentos ! (:

[Power Max 54]

Desculpe ae, pois estava sem internet ! :(

 

Agora vou seguir ae os procedimentos ! (:

:) Ok, ficamos na espera.

[leoinuzuka 0]

NOD32 ONLINE SCAN

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=41473

ESETSmartInstaller@High as downloader log:

Can not read file from internet.ESETSmartInstaller@High as downloader log:

Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=8e53790ab3f1d844ae869872ef1e7065

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-02-02 12:36:21

# local_time=2010-02-01 10:36:21 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=65558

# found=0

# cleaned=0

# scan_time=2191

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=8e53790ab3f1d844ae869872ef1e7065

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-02-02 02:32:06

# local_time=2010-02-02 12:32:06 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=65856

# found=4

# cleaned=4

# scan_time=6682

C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.jar a variant of Java/HackAV.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\ESET NOD32 4.0.314.0-byBakura-www.therebels.biz.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Voice(2).rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Voice.rar.part probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

 

 

NORMAN MALWARE CLEANER

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/01/29 11:48:23

 

Norman Scanner Engine Version: 6.04.03

Nvcbin.def Version: 6.04.00, Date: 2010/01/29 11:48:23, Variants: 4854236

 

Scan started: 29/01/2010 22:10:47

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: USER-9876513123\Administrador

 

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 11ms

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 4655

Number of processes/threads scanned: 4655

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 3m 12s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Arquivos de programas\1264023843\USER1264023843L.exe (Infected with AutoRun.AGUK)

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\1264023843\USER1264023843L.exe = "C:\Arquivos de programas\1264023843\USER1264023843L.exe:*:Enabled:ipsec"

Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\1264023843\USER1264023843L.exe = "C:\Arquivos de programas\1264023843\USER1264023843L.exe:*:Enabled:ipsec"

Removed service: .1264023843

Deleted file

 

C:\Arquivos de programas\AV VCS 3.0 Gold\Patch.exe (Infected with W32/Suspicious_Gen2.AAOS)

Deleted file

 

C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3Gold.exe.bak (Infected with W32/Malware.EHML)

Deleted file

 

C:\Arquivos de programas\MuAwaY\muaway.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\Arquivos de programas\NitroPC\NitroPC.exe (Infected with Malware.FAHL)

Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> NitroPC = ""C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized"

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\NitroPC\NitroPC.exe = "C:\Arquivos de programas\NitroPC\NitroPC.exe:*:Enabled:NitroPC"

Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\NitroPC\NitroPC.exe = "C:\Arquivos de programas\NitroPC\NitroPC.exe:*:Enabled:NitroPC"

Removed link file: C:\Documents and Settings\Administrador\Desktop\NitroPC.lnk

Deleted file

 

C:\Documents and Settings\Administrador\Desktop\leonardo\Norton.Antivirus.rar/Norton Antivirus 2010 - v17.0.0.136 - By T4ss3o\Norton TrialReset 2010 v1.7.0 (Cracked by BOX!)\NTR2010-v1.7.exe (Infected with AutoRun.AHKE)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\ESET NOD32 4.0.314.0-byBakura-www.therebels.biz.rar/ESET NOD32 4.0.314.0-byBakura-www.therebels.biz\Crack\Crack.exe (Infected with AutoRun.OBB)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\EVEREST_Ultimate_Edition_4.60.1500_Final www.therebels.de by bobmarley.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\MICYTIME9.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Nitro.PC.2009.rar/Nitro.PC.2009+Crack\NitroPC.exe (Infected with Malware.FAHL)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SAM Broadcaster 4.2.2.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SAM Broadcaster 4.2.2.rar/SAM Broadcaster 4.2.2\sam crack.zip/sam.broadcaster.v.4.2.2.crack.rt.exe (Infected with Smalltroj.gen25)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SAM Broadcaster 4.2.2.rar/SAM Broadcaster 4.2.2\sam crack.zip (Empty archive after cleaning)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Themida.zip/Themida.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\Documents and Settings\Administrador\Meus documentos\Downloads\ToolBarSD.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

C:\oi.rar.rar/TeamViewer_Setup.exe (Infected with W32/Sality.AO)

Repaired file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP17\A0003430.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP17\A0003618.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP20\A0003956.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP20\A0003962.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP20\A0004157.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP21\A0004366.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP21\A0005172.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP21\A0006160.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP21\A0007158.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP22\A0007506.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP22\A0007520.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP24\A0007981.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP24\A0008190.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP24\A0009190.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP24\A0010190.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP24\A0011190.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP25\A0011255.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP27\A0012171.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP28\A0013212.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP29\A0013489.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014495.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014671.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0015301.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0015326.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0016316.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0017303.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0017342.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017617.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017724.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP37\A0018339.dll (Infected with W32/Prosti.ASP)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP37\A0018340.exe (Infected with W32/Prosti.ACD)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP37\A0018341.dll (Infected with W32/Prosti.ASP)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP37\A0018342.exe (Infected with W32/Prosti.ACD)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP37\A0018343.exe (Infected with W32/Sality.AO)

Repaired file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP38\A0018992.exe (Infected with W32/Smalltroj.EJRI)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019165.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019180.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019300.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019570.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019585.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019588.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019619.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019625.dll (Infected with W32/Prosti.ASP)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019626.exe (Infected with W32/Prosti.ACD)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019632.exe (Infected with W32/Smalltroj.EJRI)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019634.exe (Infected with W32/Agent.QYCT)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP39\A0019636.exe (Infected with Bifrose.gen11)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019685.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019973.exe (Infected with Bifrose.gen11)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019975.exe (Infected with W32/Bifrose.HEK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019976.dll (Infected with W32/Packed_Upack.H)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019993.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019995.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020000.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020009.exe (Infected with Bifrose.gen11)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020013.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020014.exe (Infected with Bifrose.gen11)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020015.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020017.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020025.exe (Infected with W32/Suspicious_Gen3.dam)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020031.dll (Infected with W32/Prosti.ASP)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020032.exe (Infected with W32/Prosti.ACD)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020033.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020038.dll (Infected with W32/Packed_Upack.H)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020039.exe (Infected with W32/Smalltroj.EJRI)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020040.exe (Infected with W32/Agent.QYCT)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020041.exe (Infected with W32/Bifrose.HEK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020043.exe (Infected with Bifrose.gen1)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP43\A0020161.exe (Infected with AutoRun.AGUK)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP43\A0020162.exe (Infected with W32/Suspicious_Gen2.AAOS)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP43\A0020189.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP43\A0020191.exe (Infected with Malware.FAHL)

Deleted file

 

C:\ToolBar SD\pv.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

Scanning: E:\*.*

 

E:\m9ma.exe (Infected with W32/Sality.AO)

Repaired file

 

Scanning: C:\System Volume Information\*.*

 

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP43\A0020195.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

 

Number of files found: 218288

Number of archives unpacked: 1203

Number of files scanned: 218282

Number of files not scanned: 6

Number of files skipped due to exclude list: 0

Number of infected files found: 88

Number of infected files repaired/deleted: 88

Number of infections removed: 88

Total scanning time: 1h 40m 13s

 

USB FIX ( AS MUSICAS NAO SAO MINHAS SAO DA MINHA MAE :( )

 

 

############################## | UsbFix V6.084 |

 

User : Administrador (Administradores) # USER-9876513123

Update on 01/02/2010 by El Desaparecido , C_XX & Chimay8

Start at: 01:55:12 | 2/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Sempron Processor LE-1250

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

 

C:\ -> Disco fixo local # 74,53 Go (37,22 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 960,57 Mo (314,39 Mo free) [NAPOLIAUDIO] # FAT32

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-1123561945-1993962763-1708537768-500

Supprimido ! E:\m9ma.exe

 

################## | Registro # Chaves infectieuses |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

 

################## | Registro # Mountpoints2 |

 

 

################## | Listing |

 

[21/01/2010 05:39|--a------|1024] C:\.rnd

[28/01/2010 20:47|--a------|3081] C:\Ad-Report-CLEAN[1].log

[28/01/2010 20:37|--a------|2819] C:\Ad-Report-SCAN[1].log

[20/01/2010 19:41|--a------|0] C:\AUTOEXEC.BAT

[24/01/2010 20:20|--a------|211] C:\Boot.bak

[29/01/2010 08:06|-rahs----|281] C:\boot.ini

[14/04/2008 08:00|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] C:\cmldr

[20/01/2010 19:41|--a------|0] C:\CONFIG.SYS

[02/02/2010 00:58|--a------|324] C:\FONTLOG.TXT

[20/01/2010 19:41|-rahs----|0] C:\IO.SYS

[20/01/2010 19:41|-rahs----|0] C:\MSDOS.SYS

[14/04/2008 08:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 08:00|-rahs----|251696] C:\ntldr

[29/01/2010 22:53|--a------|48508] C:\oi.rar.rar

[?|?|?] C:\pagefile.sys

[02/02/2010 01:57|--a------|2741] C:\UsbFix.txt

[08/11/2009 16:25|--a------|3792606] E:\(soundtrack) - volver al futuro -poweroflove187.mp3

[14/11/2009 22:41|--a------|3410048] E:\08 - guilherme e santiago - se isso ‚ amor, eu amo493.mp3

[14/11/2009 22:31|--a------|5529916] E:\guilherme e santiago - o amor ‚ assim378133.mp3

[14/11/2009 22:45|--a------|5724160] E:\guilherme e santiago - abcde(2)97.mp3

[14/11/2009 22:38|--a------|5520659] E:\guilherme e santiago - s¢ de vocˆ.mp3

[15/11/2009 20:56|--a------|13944249] E:\cascada - because the night (mondo remix)364498.mp3

[30/12/2009 22:07|--a------|5672] E:\BOOTEX.LOG

[03/08/2009 14:51|--a------|2584704] E:\08-quando olhei pra voce.mp3

[17/11/2009 01:28|--a------|8081408] E:\copie de 11 cascada - just like a pill.mp3

[07/01/2010 13:20|--a------|5365760] E:\talessa - let me be.mp3

[22/01/2010 18:16|--a------|3890199] E:\happy.mp3

[03/12/2009 01:03|--a------|4219342] E:\shimbalaiˆ__maria_gadu(2).mp3

[03/12/2009 01:45|--a------|3494940] E:\bicho de p - nosso xote.mp3

[03/12/2009 03:24|--a------|3821568] E:\warrant - monster ballads - heaven.mp3

[03/08/2009 14:25|--a------|1594139] E:\malu magalhÆes - letrinhas.mp3

[03/12/2009 03:18|--a------|4958208] E:\heart - all i wanna do is make love to you.mp3

[03/08/2009 14:56|--a------|5446668] E:\mika - relax, take it easy(11)343.mp3

[03/08/2009 15:05|--a------|15960815] E:\perplex__feat_electra_-_toys.mp3

[03/12/2009 03:29|--a------|4684614] E:\whitney houston - i wanna dance with somebody.mp3

[03/08/2009 14:53|--a------|3485014] E:\the darkness - july 2002 playlouder singles club - i believe in a thing called love.mp3

[03/12/2009 03:54|--a------|3518379] E:\ace of base - its a beautiful life.mp3

[03/12/2009 03:29|--a------|4684614] E:\Copy of whitney houston - i wanna dance with somebody.mp3

[03/12/2009 04:18|--a------|3616310] E:\ann lee - 2 times378.mp3

[03/08/2009 14:34|--a------|6322996] E:\02-cesar menotti e fabiano-tentei te esquecer, cora‡Æo em peda‡os.mp3

[03/12/2009 03:57|--a------|4184361] E:\pras michel feat odb & mya - ghetto supastar.mp3

[03/08/2009 14:43|--a------|3219776] E:\11 gretchen - conga conga.mp3

[03/12/2009 11:32|--a------|47260864] E:\16 - climie fisher - love changes everything.mpg

[24/08/2009 20:18|--a------|4493524] E:\debora blando - unicamente.mp3

[05/12/2009 23:08|--a------|14314588] E:\01 i found love.mp3

[24/08/2009 20:17|--a------|4069216] E:\deborah blando - innocence(2).mp3

[05/12/2009 23:35|--a------|3712775] E:\talessa - burning up.mp3

[17/12/2009 14:19|--a------|4485582] E:\tem que ser vocˆ - victor e l‚o31.mp3

[27/11/2008 14:15|--a------|4213411] E:\Almir Sater - Tocando em frente.mp3

[17/12/2009 14:17|--a------|2998957] E:\08 vida boa.mp3

[03/12/2009 01:20|--a------|3588297] E:\rastap‚ - um anjo do c‚u.mp3

[03/12/2009 03:17|--a------|3990534] E:\09 i believe in you(2).mp3

[03/12/2009 03:22|--a------|4416660] E:\starship - nothing's gonna stop us117.mp3

[08/11/2009 19:53|--a------|3282550] E:\Copy of tchutchuca - bonde do tigrÆo (dj german)[coronda - santa fe] sta fe mixer.mp3

[09/09/2008 13:15|--a------|6154240] E:\daytona_shooting star (tiko`s groove remix)153.mp3

[03/08/2009 14:53|--a------|3485014] E:\Copy of the darkness - july 2002 playlouder singles club - i believe in a thing called love.mp3

[07/09/2009 23:49|--a------|3855144] E:\Copy of rod stuard & n-trance - do you think i'm sexy(2).mp3

[03/12/2009 06:13|--a------|5534450] E:\(techno)real mccoy - one more time.mp3

[20/12/2009 12:45|--a------|4882546] E:\08 faixa 8.mp3

[20/12/2009 12:41|--a------|2586665] E:\10 ver se larga de besteira50419.mp3

[20/12/2009 12:39|--a------|3754023] E:\11 - meteoro.mp3

[19/12/2009 15:58|--a------|2760128] E:\banda djavu-toma toma.mp3

[20/12/2009 12:35|--a------|3322256] E:\djavu - rubi.mp3

[20/12/2009 13:19|--a------|3322256] E:\banda_dejavu_-_de_tanto_te_querer.mp3

[08/06/2009 21:25|--a------|5572478] E:\Familia Adans - Psy Trance.wma

[19/12/2009 16:24|--a------|42777392] E:\dj robert michel - planet party mix 4.mp3

[20/12/2009 13:38|--a------|3661221] E:\21 - banda djavu -bahia-sempre-te-amei.mp3

[20/12/2009 13:50|--a------|3438361] E:\08 pista 8(2).mp3

[22/12/2009 14:58|--a------|5619700] E:\banda djavu-o que pensa que eu sou419364.mp3

[22/12/2009 14:56|--a------|3286923] E:\20 - voc- nÝo vale nada - calcinha preta.mp3

[22/12/2009 15:18|--a------|4289141] E:\climie fisher - love changes.mp3

[22/12/2009 15:21|--a------|3396593] E:\lulu santos - um certo algu‚m.mp3

[22/12/2009 15:21|--a------|7504000] E:\19 - te amo pra sempre.mp3

[22/12/2009 15:24|--a------|5852347] E:\12-lulu_santos-tao_bem.mp3

[22/12/2009 15:28|--a------|6120232] E:\05 tudo bem129.mp3

[22/12/2009 15:35|--a------|2651159] E:\0025-(kid abelha) seu espiÆo.mp3

[20/01/2010 12:15|--a------|5881890] E:\kylie minogue - the one.mp3

[19/12/2009 15:57|--a------|8043206] E:\dj paul oakenfold,sasha and carl cox - yakuza - cocaine.mp3

[10/12/2009 01:35|--a------|3123495] E:\10 - amor nÇo vai faltar(2)42420136387.mp3

[27/11/2008 14:07|--a------|4008775] E:\Os Tribalistas - Velha Infƒncia.mp3

[22/01/2010 23:39|--a------|3444864] E:\radio taxi - vocˆ se esconde.mp3

[26/12/2009 16:47|--a------|2961844] E:\17 no te reprimas.mp3

[27/12/2009 01:26|--a------|4220499] E:\01 joÆo bosco & vin¡cius - curti‡Æo75362.mp3

[26/12/2009 17:58|--a------|4521632] E:\black eyes peas - meet me halfway.mp3

[11/03/2009 19:03|--a------|3372395] E:\rouge - beijo molhado.mp3

[30/12/2009 16:54|--a------|5492736] E:\skank e jota quest - garota nacional.mp3

[30/12/2009 16:01|--a------|11427931] E:\madonna feat abba - hang up [remix].mp3

[03/01/2010 10:54|--a------|4073268] E:\fabio jr sem limites pra sonhar.mp3

[03/01/2010 10:46|--a------|3789952] E:\0177 - f bio jr - demorei muito pra te encontrar - ok.mp3

[03/01/2010 11:10|--a------|4129767] E:\calcinha preta - por que tocou meu cora‡ao.mp3

[07/01/2010 13:41|--a------|4679302] E:\zeca baleiro - quase nada.mp3

[11/03/2009 18:53|--a------|8422680] E:\tina turner - divas live 99.mp3

[13/08/2009 09:58|--a------|4660507] E:\01-deep_dish-flash_dance.mp3

[02/08/2009 12:13|--a------|8493587] E:\03-cut_copy-lights_and_music349.mp3

[10/09/2009 18:39|--a------|3876365] E:\004pitbull - calle ocho448457.mp3

[31/05/2009 11:58|--a------|7034880] E:\06 the magic numbers - love is just a game.mp3

[11/04/2009 02:26|--a------|4069504] E:\06-transpoiting6.mp3

[08/09/2009 00:02|--a------|4604407] E:\13 nena jane.mp3

[15/02/2003 13:54|--a------|4907136] E:\80s pet shop boys - pet shop boys - send me an angel364.mp3

[20/09/2009 15:40|--a------|9787604] E:\black eyes peas - i gotta felling492.mp3

[15/02/2003 06:18|--a------|3989548] E:\C¢pia de marvin gaye - marvin gay - sexual healing.mp3

[08/06/2008 02:48|--a------|6354132] E:\david guetta - love is gone(2).mp3

[18/02/2003 17:22|--a------|5730432] E:\dj nev & dj furcy ft hinojosa & zambrano - suave vs calabria remix365329443.mp3

[20/01/2010 12:12|--a------|4856073] E:\kylie minogue - i should be so lucky - copy.mp3

[20/01/2010 12:18|--a------|5760911] E:\carlos santana & matchbox 20 - smooth.mp3

[20/09/2009 15:57|--a------|3764930] E:\everithing but the girl - i miss you.mp3

[11/04/2009 02:24|--a------|4205132] E:\fatboy slim - transpoting.mp3

[11/06/2009 12:54|--a------|3442889] E:\fergie - london bridge.mp3

[16/09/2009 21:50|--a------|4298752] E:\it just wont do232.mp3

[09/06/2009 21:07|--a------|3762548] E:\lady_gaga_poker_face203.mp3

[15/02/2003 06:18|--a------|3989548] E:\marvin gaye - marvin gay - sexual healing.mp3

[08/01/2010 11:27|--a------|2080830] E:\los ramones - hey ho, let's go204.mp3

[07/09/2009 23:49|--a------|3855144] E:\rod stuard & n-trance - do you think i'm sexy(2).mp3

[08/01/2010 11:32|--a------|3736360] E:\barÆo vermelho - ela ‚ puro extase211.mp3

[20/01/2010 12:31|--a------|3813169] E:\cher- believe.mp3

[27/10/2009 00:52|--a------|2521446] E:\chitaozinho & xororo - beijinho doce (ivete sangalo e margareth menezes)233.mp3

[20/01/2010 12:33|--a------|2768896] E:\cher - cher - its in his kiss.mp3

[02/11/2009 19:26|--a------|4046848] E:\joÆo paulo e daniel - estou apaixonado.mp3

[08/11/2009 20:28|--a------|7573336] E:\celldweller_-_switchback__growling_machines_remix_.mp3

[08/11/2009 19:53|--a------|3282550] E:\tchutchuca - bonde do tigrÆo (dj german)[coronda - santa fe] sta fe mixer.mp3

[08/11/2009 18:40|--a------|2418277] E:\mc naldinho - tchutchuca treme o bumbum.mp3

[08/11/2009 18:26|--a------|3610375] E:\mc leozinho - se ela dan‡a eu dan‡o.mp3

[08/11/2009 18:15|--a------|5397590] E:\215 - rod stewart - have you ever seen the rain.mp3

[09/01/2010 13:47|--a------|5658506] E:\samanta fox feat gunther - touch me (special version 2005 rmx)(2).mp3

[10/01/2010 10:27|--a------|2962834] E:\beijar na boca(2)181.mp3

[11/01/2010 12:51|--a------|3526879] E:\03 por que a gente e assim.mp3

[10/01/2010 12:51|--a------|5460022] E:\04 perdidos na selva.mp3

[11/01/2010 12:13|--a------|4854933] E:\capital inicial - rosas e vinho tinto - a sua maneira.mp3

[11/01/2010 16:31|--a------|4613791] E:\capital inicial - sem cansar(2).mp3

[15/01/2010 12:49|--a------|3528627] E:\02- caricias.mp3

[15/01/2010 13:25|--a------|3902612] E:\ultraje a rigor - ciume(3)83211.mp3

[15/01/2010 13:49|--a------|4332341] E:\kid abelha - pintura intima.mp3

[17/01/2010 12:58|--a------|4702387] E:\09 na base do beijo.mp3

[17/01/2010 14:26|--a------|3659944] E:\fernando e sorocaba_01_bala de prata396495454.mp3

[17/01/2010 14:26|--a------|3318630] E:\paga pau.mp3

[17/01/2010 15:11|--a------|5192398] E:\(bruno e marrone) meu jeito de sentir.mp3

[22/01/2010 14:20|--a------|8663168] E:\haddaway - rock my heart.mp3

[17/01/2010 15:06|--a------|3428067] E:\babado novo e bruno & marrone - t  no jeito de olhar230.mp3

[20/01/2010 12:32|--a------|4120046] E:\cher - dov'e l'amore.mp3

[20/01/2010 12:51|--a------|4137260] E:\cher - heart of stone.mp3

[20/01/2010 13:13|--a------|3434833] E:\bryam adams - summer of 69.mp3

[20/01/2010 13:13|--a------|3432448] E:\01 - the best of me - copia.mp3

[22/01/2010 16:20|--a------|4222881] E:\01 gimme love91.mp3

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# E:\autorun.inf -> Folder criado por UsbFix.

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_USER-9876513123.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.084 ! |

 

 

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:28:47, on 2/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.663\HijackThis.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\GUARDGUI.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: ApcantarRdp - {AFB2733D-4ED6-483F-B296-8D33A8843230} - C:\WINDOWS\system32\apcantar.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

 

--

End of file - 7631 bytes

 

AVIRA

 

 

Avira AntiVir Personal

Report file date: terça-feira, 2 de fevereiro de 2010 02:27

 

Scanning for 1717297 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : USER-9876513123

 

Version information:

BUILD.DAT : 9.0.0.418 21723 Bytes 2/12/2009 16:28:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 13:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 12:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 13:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 12:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 04:17:45

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 04:18:53

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 04:19:14

VBASE004.VDF : 7.10.3.76 2048 Bytes 26/1/2010 04:19:14

VBASE005.VDF : 7.10.3.77 2048 Bytes 26/1/2010 04:19:15

VBASE006.VDF : 7.10.3.78 2048 Bytes 26/1/2010 04:19:15

VBASE007.VDF : 7.10.3.79 2048 Bytes 26/1/2010 04:19:15

VBASE008.VDF : 7.10.3.80 2048 Bytes 26/1/2010 04:19:16

VBASE009.VDF : 7.10.3.81 2048 Bytes 26/1/2010 04:19:16

VBASE010.VDF : 7.10.3.82 2048 Bytes 26/1/2010 04:19:16

VBASE011.VDF : 7.10.3.83 2048 Bytes 26/1/2010 04:19:17

VBASE012.VDF : 7.10.3.84 2048 Bytes 26/1/2010 04:19:17

VBASE013.VDF : 7.10.3.85 2048 Bytes 26/1/2010 04:19:17

VBASE014.VDF : 7.10.3.122 172544 Bytes 29/1/2010 04:19:21

VBASE015.VDF : 7.10.3.123 2048 Bytes 29/1/2010 04:19:22

VBASE016.VDF : 7.10.3.124 2048 Bytes 29/1/2010 04:19:22

VBASE017.VDF : 7.10.3.125 2048 Bytes 29/1/2010 04:19:22

VBASE018.VDF : 7.10.3.126 2048 Bytes 29/1/2010 04:19:23

VBASE019.VDF : 7.10.3.127 2048 Bytes 29/1/2010 04:19:23

VBASE020.VDF : 7.10.3.128 2048 Bytes 29/1/2010 04:19:23

VBASE021.VDF : 7.10.3.129 2048 Bytes 29/1/2010 04:19:24

VBASE022.VDF : 7.10.3.130 2048 Bytes 29/1/2010 04:19:24

VBASE023.VDF : 7.10.3.131 2048 Bytes 29/1/2010 04:19:25

VBASE024.VDF : 7.10.3.132 2048 Bytes 29/1/2010 04:19:25

VBASE025.VDF : 7.10.3.133 2048 Bytes 29/1/2010 04:19:25

VBASE026.VDF : 7.10.3.134 2048 Bytes 29/1/2010 04:19:26

VBASE027.VDF : 7.10.3.135 2048 Bytes 29/1/2010 04:19:26

VBASE028.VDF : 7.10.3.136 2048 Bytes 29/1/2010 04:19:26

VBASE029.VDF : 7.10.3.137 2048 Bytes 29/1/2010 04:19:27

VBASE030.VDF : 7.10.3.138 2048 Bytes 29/1/2010 04:19:27

VBASE031.VDF : 7.10.3.146 79872 Bytes 1/2/2010 04:19:29

Engineversion : 8.2.1.156

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/2/2010 04:20:19

AESCRIPT.DLL : 8.1.3.13 823674 Bytes 2/2/2010 04:20:18

AESCN.DLL : 8.1.4.0 127348 Bytes 2/2/2010 04:20:12

AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 09:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 2/2/2010 04:20:10

AEPACK.DLL : 8.2.0.5 422262 Bytes 2/2/2010 04:20:05

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 09:38:38

AEHEUR.DLL : 8.1.1.1 2322805 Bytes 2/2/2010 04:19:59

AEHELP.DLL : 8.1.10.0 237942 Bytes 2/2/2010 04:19:38

AEGEN.DLL : 8.1.1.86 369012 Bytes 2/2/2010 04:19:35

AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 09:38:26

AECORE.DLL : 8.1.11.1 184694 Bytes 2/2/2010 04:19:31

AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 09:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 10:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/8/2009 17:14:02

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 16:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 12:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 17:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 12:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 17:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 10:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 12:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 17:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 14:25:47

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Start of the scan: terça-feira, 2 de fevereiro de 2010 02:27

 

Starting search for hidden objects.

'35050' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'SkypeNames.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'wlcomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'fbserver.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'fbguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

32 processes with 32 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '54' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\UsbFix_Upload_Me_USER-9876513123.zip

[0] Archive type: ZIP

--> UsbFix_Upload_Me/m9ma.exe.UsbFix

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4bc9aa58.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Ad-Remover\1\List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4bdaaa4f.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Ad-Remover\BACKUP\AD-R.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4b94aa2c.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] TR/Crypt.XPACK.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<TkBellExe>=sz:realsched.exe

[NOTE] A backup was created as '4bc8aa77.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4bd6ab77.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Arquivos de programas\MuAwaY\main.exe

[DETECTION] This file has been compressed using unusual runtime compression (PCK/Repacked). Please verify the origin of this file.

[NOTE] A backup was created as '4bd0abbe.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Documents and Settings\Administrador\Desktop\leonardo\LIMPADORES, ANTIVIRUS e MANUTENÇÃO\AD-R.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4b94ad3b.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Documents and Settings\Administrador\Meus documentos\Downloads\PatchMuOmega.rar

[0] Archive type: RAR

--> PatchMuOmega\main.exe

[DETECTION] This file has been compressed using unusual runtime compression (PCK/Repacked). Please verify the origin of this file.

[NOTE] A backup was created as '4bdbaf56.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Saved\in the dark dirty south remix.wma

[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan

[NOTE] A backup was created as '4b87b048.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014519.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b97b23c.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017971.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b97b2db.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017972.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4a0534fc.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP38\A0018996.exe

[DETECTION] Is the TR/Dldr.Delf.cpb Trojan

[NOTE] A backup was created as '4b97b30d.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019639.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b97b32b.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019664.exe

[DETECTION] Is the TR/Dldr.Delf.cpb Trojan

[NOTE] A backup was created as '4b97b32c.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019682.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b97b32e.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019749.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4b97b333.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019926.com

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4b97b33a.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019927.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4a05351b.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019928.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4b97b33c.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019929.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4a05351d.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019994.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4b97b33d.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019996.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4a05351e.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019997.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b97b33e.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019999.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b97b33f.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020012.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b97b340.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020016.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4b97b341.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020018.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4b97b343.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020042.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b97b346.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP47\A0022820.rbf

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b97b374.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\UsbFix\Quarantine\E\m9ma.exe.UsbFix

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4bd4b3bd.qua' ( QUARANTINE )

[WARNING] The file was ignored!

C:\WINDOWS\system32\apcantar.dll

[DETECTION] Is the TR/VB.Downloader.Gen Trojan

[NOTE] A backup was created as '4bcab57b.qua' ( QUARANTINE )

[WARNING] The file was ignored!

 

 

End of the scan: terça-feira, 2 de fevereiro de 2010 03:24

Used time: 57:27 Minute(s)

 

The scan has been done completely.

 

8610 Scanned directories

320205 Files were scanned

32 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

32 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

320172 Files not concerned

2349 Archives were scanned

33 Warnings

33 Notes

35050 Objects were scanned with rootkit scan

0 Hidden objects were found

 

FALTA DO SPYWARE DOCTOR !

COMO POSTO ELE SENDO QUE ELE TA EM HTML ? :X

[Power Max 54]

FALTA DO SPYWARE DOCTOR !

COMO POSTO ELE SENDO QUE ELE TA EM HTML ? :X

:seta: Você pode hospedar ele em um site como este abaixo:

http://www.badongo.com

 

Ai depois de hospedar ele você passa o link para a gente poder analisar.

____________________________________

 

:!: Veja que o Avira ainda não está bem configurado de acordo com o tutorial que te passei. Como neste exemplo abaixo, veja que a primeira ação está certa (que é a repair), mas a segunda ação está errada, está marcarda como ignore (ignorar):

 

Primary action......................: repair

Secondary action....................: ignore

 

E por causa de estar configurado desta forma, o Avira detectou vários malwares mas ignorou eles, como você pode ver no exemplo abaixo:

 

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] TR/Crypt.XPACK.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<TkBellExe>=sz:realsched.exe

[NOTE] A backup was created as '4bc8aa77.qua' ( QUARANTINE )

[WARNING] The file was ignored!

:seta: Sugiro que você configure o Avira exatamente como está no tutorial e faça um novo escaneamento completo com ele e poste este log para que possamos analisar juntamente com o log do Spyware Doctor e um novo log do Hijackthis.

[leoinuzuka 0]

AVIRA

 

Avira AntiVir Personal

Report file date: terça-feira, 2 de fevereiro de 2010 10:41

 

Scanning for 1717297 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : USER-9876513123

 

Version information:

BUILD.DAT : 9.0.0.418 21723 Bytes 2/12/2009 16:28:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 13:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 12:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 13:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 12:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 04:17:45

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 04:18:53

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 04:19:14

VBASE004.VDF : 7.10.3.76 2048 Bytes 26/1/2010 04:19:14

VBASE005.VDF : 7.10.3.77 2048 Bytes 26/1/2010 04:19:15

VBASE006.VDF : 7.10.3.78 2048 Bytes 26/1/2010 04:19:15

VBASE007.VDF : 7.10.3.79 2048 Bytes 26/1/2010 04:19:15

VBASE008.VDF : 7.10.3.80 2048 Bytes 26/1/2010 04:19:16

VBASE009.VDF : 7.10.3.81 2048 Bytes 26/1/2010 04:19:16

VBASE010.VDF : 7.10.3.82 2048 Bytes 26/1/2010 04:19:16

VBASE011.VDF : 7.10.3.83 2048 Bytes 26/1/2010 04:19:17

VBASE012.VDF : 7.10.3.84 2048 Bytes 26/1/2010 04:19:17

VBASE013.VDF : 7.10.3.85 2048 Bytes 26/1/2010 04:19:17

VBASE014.VDF : 7.10.3.122 172544 Bytes 29/1/2010 04:19:21

VBASE015.VDF : 7.10.3.123 2048 Bytes 29/1/2010 04:19:22

VBASE016.VDF : 7.10.3.124 2048 Bytes 29/1/2010 04:19:22

VBASE017.VDF : 7.10.3.125 2048 Bytes 29/1/2010 04:19:22

VBASE018.VDF : 7.10.3.126 2048 Bytes 29/1/2010 04:19:23

VBASE019.VDF : 7.10.3.127 2048 Bytes 29/1/2010 04:19:23

VBASE020.VDF : 7.10.3.128 2048 Bytes 29/1/2010 04:19:23

VBASE021.VDF : 7.10.3.129 2048 Bytes 29/1/2010 04:19:24

VBASE022.VDF : 7.10.3.130 2048 Bytes 29/1/2010 04:19:24

VBASE023.VDF : 7.10.3.131 2048 Bytes 29/1/2010 04:19:25

VBASE024.VDF : 7.10.3.132 2048 Bytes 29/1/2010 04:19:25

VBASE025.VDF : 7.10.3.133 2048 Bytes 29/1/2010 04:19:25

VBASE026.VDF : 7.10.3.134 2048 Bytes 29/1/2010 04:19:26

VBASE027.VDF : 7.10.3.135 2048 Bytes 29/1/2010 04:19:26

VBASE028.VDF : 7.10.3.136 2048 Bytes 29/1/2010 04:19:26

VBASE029.VDF : 7.10.3.137 2048 Bytes 29/1/2010 04:19:27

VBASE030.VDF : 7.10.3.138 2048 Bytes 29/1/2010 04:19:27

VBASE031.VDF : 7.10.3.146 79872 Bytes 1/2/2010 04:19:29

Engineversion : 8.2.1.156

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/2/2010 04:20:19

AESCRIPT.DLL : 8.1.3.13 823674 Bytes 2/2/2010 04:20:18

AESCN.DLL : 8.1.4.0 127348 Bytes 2/2/2010 04:20:12

AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 09:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 2/2/2010 04:20:10

AEPACK.DLL : 8.2.0.5 422262 Bytes 2/2/2010 04:20:05

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 09:38:38

AEHEUR.DLL : 8.1.1.1 2322805 Bytes 2/2/2010 04:19:59

AEHELP.DLL : 8.1.10.0 237942 Bytes 2/2/2010 04:19:38

AEGEN.DLL : 8.1.1.86 369012 Bytes 2/2/2010 04:19:35

AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 09:38:26

AECORE.DLL : 8.1.11.1 184694 Bytes 2/2/2010 04:19:31

AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 09:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 10:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/8/2009 17:14:02

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 16:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 12:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 17:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 12:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 17:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 10:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 12:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 17:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 14:25:47

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Arquivos de programas\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: delete

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Start of the scan: terça-feira, 2 de fevereiro de 2010 10:41

 

Starting search for hidden objects.

'46927' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'SkypeNames.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'infocard.exe' - '1' Module(s) have been scanned

Scan process 'wlcomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'filezilla.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'fbserver.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'fbguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

34 processes with 34 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '54' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014519.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b9825db.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017971.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b982660.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP32\A0017972.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4afaf881.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP38\A0018996.exe

[DETECTION] Is the TR/Dldr.Delf.cpb Trojan

[NOTE] A backup was created as '4b98268a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019639.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b9826a5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019664.exe

[DETECTION] Is the TR/Dldr.Delf.cpb Trojan

[NOTE] A backup was created as '4b9826a6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP40\A0019682.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b9826a8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019749.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4b9826ad.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019926.com

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4b9826b2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019927.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4afaf853.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019928.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4b9826b4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019929.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4afaf855.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019994.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4b9826b6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019996.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b9826b5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019997.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4afaf856.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0019999.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b9826b7.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020012.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4afaf857.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020016.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4b9826b8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020018.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] A backup was created as '4afaf858.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP42\A0020042.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4afaf859.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP47\A0022820.rbf

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b9826e1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP53\A0026625.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4b982715.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP53\A0026626.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4afaf9f6.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP53\A0026627.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b982717.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP53\A0026628.exe

[DETECTION] This file has been compressed using unusual runtime compression (PCK/Repacked). Please verify the origin of this file.

[NOTE] A backup was created as '4b982716.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP53\A0026629.exe

[0] Archive type: NSIS

--> ProgramFilesDir/List.dat

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

[NOTE] A backup was created as '4afaf9f8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\UsbFix\Quarantine\E\m9ma.exe.UsbFix

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4bd52723.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\WINDOWS\system32\apcantar.dll

[DETECTION] Is the TR/VB.Downloader.Gen Trojan

[NOTE] A backup was created as '4bcb2899.qua' ( QUARANTINE )

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK library.

[NOTE] The file was deleted!

 

 

End of the scan: terça-feira, 2 de fevereiro de 2010 11:35

Used time: 54:09 Minute(s)

 

The scan has been done completely.

 

9420 Scanned directories

342940 Files were scanned

28 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

28 files were deleted

0 Viruses and unwanted programs were repaired

28 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

342911 Files not concerned

2391 Archives were scanned

2 Warnings

29 Notes

46927 Objects were scanned with rootkit scan

0 Hidden objects were found

 

 

log hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:28:22, on 2/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\FileZilla FTP Client\filezilla.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

c:\arquivos de programas\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.044\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: ApcantarRdp - {AFB2733D-4ED6-483F-B296-8D33A8843230} - C:\WINDOWS\system32\apcantar.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

 

--

End of file - 7676 bytes

 

 

LOG SPYWARE DOCTOR ( HOSPEDEI NA MINHA HOSPEDAGEM MSM :X )

 

http://webradioagitomix.net/log.htm

[Power Max 54]

:) Muitos outros problemas foram removidos do seu PC.

_______________________________

 

:seta: Obs: Se o seu computador ficar lento depois da instalação do Spyware Doctor, clique com o botão do mouse sobre o ícone do Spyware Doctor na barra de tarefas (ao lado do relógio do Windows) e escolha a opção Sair. Aparecerá uma mensagem perguntando se você tem certeza de que deseja fechar o Spyware Doctor, clique em Ok.

 

Aí quando você quizer utilizar novamente o Spyware Doctor é só você ir no menu: Iniciar --> Todos os programas --> Spyware Doctor --> Spyware Doctor.

 

E depois de utilizá-lo basta você realizar o procedimento descrito acima para desativá-lo novamente.

______________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo BitDefender Online:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[leoinuzuka 0]

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 03:02:2010

Time = 13:00:20

Scan Path = C:\;D:\;

 

[Engines Info]

Virus Definitions = 5001847

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)"

Scan plugins = 17

Archive plugins = 44

Unpack plugins = 8

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 9532

Files = 325954

Archives = 6308

Packed files = 16489

Identified viruses = 13

Infected files = 30

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 64

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 48

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000124 = "C:\Documents and Settings\Administrador\Desktop\leonardo\SISTEMAS OPERACIONAIS\Windows_99.iso.iso=>REGISTER.EXE Infected with: Win95.CIH.299"

Line00000123 = "C:\Documents and Settings\Administrador\Desktop\leonardo\SISTEMAS OPERACIONAIS\Windows_99.iso.iso=>REGISTER.EXE Disinfection failed"

Line00000122 = "C:\Documents and Settings\Administrador\Desktop\leonardo\SISTEMAS OPERACIONAIS\Windows_99.iso.iso=>REGISTER.EXE Deleted"

Line00000121 = "C:\Documents and Settings\Administrador\Desktop\leonardo\SISTEMAS OPERACIONAIS\Windows_99.iso.iso Update failed"

 

Line00000114 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351b.qua=>(Quarantine-8) Infected with: Backdoor.Bifrose.AACW"

Line00000113 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351b.qua=>(Quarantine-8) Deleted"

Line00000112 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351b.qua Deleted"

Line00000111 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351e.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000110 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351e.qua=>(Quarantine-8) Disinfection failed"

Line00000109 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351e.qua=>(Quarantine-8) Deleted"

Line00000108 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4a05351e.qua Deleted"

Line00000107 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf853.qua=>(Quarantine-8) Infected with: Backdoor.Bifrose.AACW"

Line00000106 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf853.qua=>(Quarantine-8) Deleted"

Line00000105 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf853.qua Deleted"

Line00000104 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf856.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000103 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf856.qua=>(Quarantine-8) Disinfection failed"

Line00000102 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf856.qua=>(Quarantine-8) Deleted"

Line00000101 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf856.qua Deleted"

Line00000100 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf857.qua=>(Quarantine-8) Infected with: GenPack:Backdoor.Bifrose.ADR"

Line00000099 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf857.qua=>(Quarantine-8) Deleted"

Line00000098 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf857.qua Deleted"

Line00000097 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf858.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.IEZ@auvHbDmG"

Line00000096 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf858.qua=>(Quarantine-8) Disinfection failed"

Line00000095 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf858.qua=>(Quarantine-8) Deleted"

Line00000094 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf858.qua Deleted"

Line00000093 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf859.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000092 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf859.qua=>(Quarantine-8) Disinfection failed"

Line00000091 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf859.qua=>(Quarantine-8) Deleted"

Line00000090 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4afaf859.qua Deleted"

Line00000089 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b30d.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000088 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b30d.qua=>(Quarantine-8) Disinfection failed"

Line00000087 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b30d.qua=>(Quarantine-8) Deleted"

Line00000086 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b30d.qua Deleted"

Line00000085 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32b.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000084 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32b.qua=>(Quarantine-8) Disinfection failed"

Line00000083 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32b.qua=>(Quarantine-8) Deleted"

Line00000082 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32b.qua Deleted"

Line00000081 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32c.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000080 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32c.qua=>(Quarantine-8) Disinfection failed"

Line00000079 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32c.qua=>(Quarantine-8) Deleted"

Line00000078 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32c.qua Deleted"

Line00000077 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32e.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.PT.@ZZ@baayxTmG"

Line00000076 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32e.qua=>(Quarantine-8) Disinfection failed"

Line00000075 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32e.qua=>(Quarantine-8) Deleted"

Line00000074 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b32e.qua Deleted"

Line00000073 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33d.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.EEZ@aannDdkG"

Line00000072 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33d.qua=>(Quarantine-8) Disinfection failed"

Line00000071 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33d.qua=>(Quarantine-8) Deleted"

Line00000070 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33d.qua Deleted"

Line00000069 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33e.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000068 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33e.qua=>(Quarantine-8) Disinfection failed"

Line00000067 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33e.qua=>(Quarantine-8) Deleted"

Line00000066 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33e.qua Deleted"

Line00000065 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33f.qua=>(Quarantine-8) Infected with: GenPack:Backdoor.Bifrose.ADR"

Line00000064 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33f.qua=>(Quarantine-8) Deleted"

Line00000063 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b33f.qua Deleted"

Line00000062 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b340.qua=>(Quarantine-8) Infected with: GenPack:Backdoor.Bifrose.ADR"

Line00000061 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b340.qua=>(Quarantine-8) Deleted"

Line00000060 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b340.qua Deleted"

Line00000059 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b341.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.AEZ@aynkPBkG"

Line00000058 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b341.qua=>(Quarantine-8) Disinfection failed"

Line00000057 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b341.qua=>(Quarantine-8) Deleted"

Line00000056 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b341.qua Deleted"

Line00000055 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b343.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.IEZ@auvHbDmG"

Line00000054 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b343.qua=>(Quarantine-8) Disinfection failed"

Line00000053 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b343.qua=>(Quarantine-8) Deleted"

Line00000052 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b343.qua Deleted"

Line00000051 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b346.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000050 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b346.qua=>(Quarantine-8) Disinfection failed"

Line00000049 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b346.qua=>(Quarantine-8) Deleted"

Line00000048 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b97b346.qua Deleted"

Line00000047 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b98268a.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000046 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b98268a.qua=>(Quarantine-8) Disinfection failed"

Line00000045 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b98268a.qua=>(Quarantine-8) Deleted"

Line00000044 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b98268a.qua Deleted"

Line00000043 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a5.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000042 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a5.qua=>(Quarantine-8) Disinfection failed"

Line00000041 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a5.qua=>(Quarantine-8) Deleted"

Line00000040 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a5.qua Deleted"

Line00000039 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a6.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.GM.0008448C24"

Line00000038 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a6.qua=>(Quarantine-8) Disinfection failed"

Line00000037 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a6.qua=>(Quarantine-8) Deleted"

Line00000036 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a6.qua Deleted"

Line00000035 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a8.qua=>(Quarantine-8) Infected with: Gen:Trojan.Heur.PT.@ZZ@baayxTmG"

Line00000034 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a8.qua=>(Quarantine-8) Disinfection failed"

Line00000033 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a8.qua=>(Quarantine-8) Deleted"

Line00000032 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826a8.qua Deleted"

Line00000031 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b5.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.DEZ@aWDPwSfG"

Line00000030 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b5.qua=>(Quarantine-8) Disinfection failed"

Line00000029 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b5.qua=>(Quarantine-8) Deleted"

Line00000028 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b5.qua Deleted"

Line00000027 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b6.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.EEZ@aannDdkG"

Line00000026 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b6.qua=>(Quarantine-8) Disinfection failed"

Line00000025 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b6.qua=>(Quarantine-8) Deleted"

Line00000024 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b6.qua Deleted"

Line00000023 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b7.qua=>(Quarantine-8) Infected with: GenPack:Backdoor.Bifrose.ADR"

Line00000022 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b7.qua=>(Quarantine-8) Deleted"

Line00000021 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b7.qua Deleted"

Line00000020 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b8.qua=>(Quarantine-8) Infected with: Gen:Packer.PrivateExeProtector.A.AEZ@aynkPBkG"

Line00000019 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b8.qua=>(Quarantine-8) Disinfection failed"

Line00000018 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b8.qua=>(Quarantine-8) Deleted"

Line00000017 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4b9826b8.qua Deleted"

Line00000016 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bc9aa58.qua=>(Quarantine-8)=>UsbFix_Upload_Me/m9ma.exe.UsbFix Infected with: Trojan.PWS.OnlineGames.KCPB"

Line00000015 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bc9aa58.qua=>(Quarantine-8)=>UsbFix_Upload_Me/m9ma.exe.UsbFix Deleted"

Line00000014 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bc9aa58.qua=>(Quarantine-8) Updated"

Line00000013 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bc9aa58.qua Update failed"

Line00000012 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bca1552.qua=>(Quarantine-8)=>UsbFix_Upload_Me/m9ma.exe.UsbFix Infected with: Trojan.PWS.OnlineGames.KCPB"

Line00000011 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bca1552.qua=>(Quarantine-8)=>UsbFix_Upload_Me/m9ma.exe.UsbFix Deleted"

Line00000010 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bca1552.qua=>(Quarantine-8) Updated"

Line00000009 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bca1552.qua Update failed"

Line00000008 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd4b3bd.qua=>(Quarantine-8) Infected with: Trojan.PWS.OnlineGames.KCPB"

Line00000007 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd4b3bd.qua=>(Quarantine-8) Deleted"

Line00000006 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd4b3bd.qua Deleted"

Line00000005 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd52723.qua=>(Quarantine-8) Infected with: Trojan.PWS.OnlineGames.KCPB"

Line00000004 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd52723.qua=>(Quarantine-8) Deleted"

Line00000003 = "C:\Documents and Settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\INFECTED\4bd52723.qua Deleted"

Line00000002 = "C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014506.exe Infected with: Gen:Trojan.Heur.MPacked.KBZ@p4AxKWpGj"

Line00000001 = "C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014506.exe Disinfection failed"

Line00000000 = "C:\System Volume Information\_restore{737C68D0-6CDC-4748-8737-5C6B0EF10F2D}\RP31\A0014506.exe Deleted"

 

 

 

hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:39, on 3/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\LimeWire\LimeWire.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

C:\Arquivos de programas\FileZilla FTP Client\filezilla.exe

C:\Documents and Settings\Administrador\Desktop\Nova pasta (2)\Minimizador.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.022\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Arquivos de programas\AV VCS 3.0 Gold\Vcs3RT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DCB7B9-803F-4036-BCE0-B8A66606E4B7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC811895-81B2-4D4B-A085-C0CBEC145284}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS2\Services\Tcpip\..\{04EC3BB7-D85A-4DB6-B3A3-12B7E4562720}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: ApcantarRdp - {AFB2733D-4ED6-483F-B296-8D33A8843230} - (no file)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe

 

--

End of file - 8097 bytes

 

 

Bom, realmente ele ficou MUITO mais rápido !

Nem sabia que ele era tão rápido assim OO'

 

Bom, mas tipo quando deixo ele ligado ele trava, só clicando naquele botao de reset do cpu.

Mas quando estou mechendo normalmente ele num travo.

Estranho :s

[Power Max 54]

:) Outros problemas foram removidos pelo BitDefender Online.

_____________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

Tutorial do Dr. Web CureIt

 

Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[leoinuzuka 0]

Cara, já tentei um monte de vezes !!

Sempre o computador trava no meio da verificação.

:(

[Power Max 54]

:) Olá leoinuzuka!

 

Desculpe-me pela demora, é que estive muito ocupado nestes dias com a escola e com o trabalho.

___________________________________

 

Cara, já tentei um monte de vezes !!

Sempre o computador trava no meio da verificação.

:seta: Tente executar o Dr. Web CureIt no '>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro. <-- Link!

 

Caso seja possível executá-lo no Modo Seguro poste o log dele em sua próxima resposta juntamente com os outros logs pedidos.

____________________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com o log do Dr. Web CureIt feito no Modo Seguro (caso seja possível) e um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.