Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Meu computador está reiniciando sozinho!
Pelo amor de Deus! Alguém me ajuda, pois tenho trabalhos pra terminar!!
Desde já, agradeço!
Eis o log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:01, on 18/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Pierre\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Pierre\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186](http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044](http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044)O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2614992-E4C4-48C8-92ED-8C2495C47EFF}: NameServer = 200.165.132.154 200.165.132.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9969 bytes
Relatório DDS
DDS (Ver_09-07-30.01) - NTFSx86
Run by Pierre at 21:54:55,77 on qui 24/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1022.432 [GMT -3:00]
AV: avast! antivirus 4.8.1351 [VPS 090924-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Pierre\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\arquiv~1\megaup~1\MEGAUP~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\arquivos de programas\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\arquiv~1\megaup~1\MEGAUP~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\arquivos de programas\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [soundMAXPnP] c:\arquivos de programas\analog devices\core\smax4pnp.exe
mRun: [soundMAX] "c:\arquivos de programas\analog devices\soundmax\Smax4.exe" /tray
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe
mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe
mRun: [googletalk] c:\arquivos de programas\google\google talk\googletalk.exe /autostart
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office10\OSA.EXE
IE: Baixar com o FDM - file://c:\arquivos de programas\free download manager\dllink.htm
IE: Baixar tudo com o FDM - file://c:\arquivos de programas\free download manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\arquivos de programas\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pierre\dadosd~1\mozilla\firefox\profiles\yv39rpnm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=
FF - component: c:\arquivos de programas\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\documents and settings\pierre\dados de aplicativos\mozilla\firefox\profiles\yv39rpnm.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
============= SERVICES / DRIVERS ===============
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-8-30 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2007-9-4 138680]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [2007-9-9 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [2007-9-9 16896]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2007-9-4 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2007-9-4 352920]
S3 nenum13E;nenum13E;\??\c:\docume~1\pierre\config~1\temp\nenum13e.sys --> c:\docume~1\pierre\config~1\temp\nenum13E.sys [?]
=============== Created Last 30 ================
2009-09-15 22:58 <DIR> --d----- c:\documents and settings\pierre\Tracing
2009-09-15 22:56 <DIR> --d----- c:\arquivos de programas\Microsoft
2009-09-15 22:56 <DIR> --d----- c:\arquivos de programas\Windows Live SkyDrive
2009-09-15 22:53 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Windows Live2009-09-08 16:16 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 16:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\PCSuite
2009-09-07 16:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Nokia
2009-09-07 16:35 <DIR> --d----- c:\arquivos de programas\PC Connectivity Solution==================== Find3M ====================
2009-08-30 08:53 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:59 915,456 a------- c:\windows\system32\wininet.dll
2008-03-24 01:53 68,744 a------- c:\docume~1\pierre\dadosd~1\GDIPFONTCACHEV1.DAT
2007-09-11 04:27 56 -c-shr-- c:\windows\system32\EFC3D1300E.sys
2007-09-11 04:27 10,022 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-02 21:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008090220080903\index.dat
============= FINISH: 21:55:18,24 ===============
Relatório Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 30/8/2007 19:20:36
System Uptime: 21/9/2009 23:19:38 (70 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5VD2-VM
Processor: Intel® Core2 CPU 4400 @ 2.00GHz | Socket 775 | 1999/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 44 GiB total, 13,343 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 1,869 GiB free.
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador USB (Universal Serial Bus)
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_81CF1043&REV_86\3&2411E6FE&0&84
Manufacturer:
Name: Controlador USB (Universal Serial Bus)
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_81CF1043&REV_86\3&2411E6FE&0&84
Service:
==== System Restore Points ===================
RP1: 18/9/2009 21:04:52 - Ponto de verificação do sistema
RP2: 19/9/2009 21:20:25 - Ponto de verificação do sistema
RP3: 20/9/2009 22:49:27 - Ponto de verificação do sistema
RP4: 21/9/2009 23:50:10 - Ponto de verificação do sistema
RP5: 23/9/2009 00:25:10 - Ponto de verificação do sistema
RP6: 24/9/2009 00:30:26 - Ponto de verificação do sistema
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0.1
Adobe Reader 8.1.6 - Português
Adobe Shockwave Player 11
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Atualização Crítica para o Windows Media Player 11 (KB959772)
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB968816)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para o Windows Media Player 9 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB939653)
Atualização de Segurança para Windows Internet Explorer 7 (KB942615)
Atualização de Segurança para Windows Internet Explorer 7 (KB944533)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows Internet Explorer 7 (KB953838)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows Internet Explorer 7 (KB969897)
Atualização de Segurança para Windows Internet Explorer 8 (KB969897)
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)
Atualização de Segurança para Windows Internet Explorer 8 (KB972260)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB923689)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB953839)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961371)
Atualização de Segurança para Windows XP (KB961373)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB968537)
Atualização de Segurança para Windows XP (KB969898)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB971557)
Atualização de Segurança para Windows XP (KB971633)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB973346)
Atualização de Segurança para Windows XP (KB973354)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973869)
Atualização para Windows XP (KB951072-v2)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB961503)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB973815)
AutoUpdate
avast! Antivirus
AVIcodec (remove only)
Battlefield 1942
BitLord 1.1
CCleaner (remove only)
Central de Jogos
Championship Manager 01-02
ClocX (1.5b2)
Compatibility Pack for the 2007 Office system
Connection Booster 4.0.0.0
Counter-Strike: Condition Zero
Diablo II
DIKO 2.26
DivX Player
Ferramenta de Carregamento do Windows Live
Free Download Manager 2.5
Full Throttle 1.41
Full Tilt Poker
GOM Player
Google Talk (remove only)
Grand Theft Auto Vice City
Guitar Pro 5.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows Internet Explorer 7 (KB947864)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB970653-v3)
IMG Tool (remove only)
Informações Velox
Java 6 Update 15
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7JMB36X Raid Configurer
K-Lite Mega Codec Pack 3.4.0
KC Softwares SUMo
LightDialer 3.0
LightModem 3.0
Megaupload Toolbar
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
mIRC
Mozilla Firefox (3.0.13)
MSVC80_x86
MSVCRT
MV Internet Optimizer 1.0
Nero 7 Essentials
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OpenOffice.org Installer 1.0
Pacote de Driver do Windows - Nokia Modem (03/05/2008 3.7)
Pacote de Driver do Windows - Nokia Modem (03/13/2008 6.86.0.1)
Pacote de Driver do Windows - Nokia Modem (05/22/2008 3.8)
Pacote de Driver do Windows - Nokia Modem (05/22/2008 7.00.0.1)
Pacote de Driver do Windows - Nokia Modem (06/01/2009 4.1)
Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.3)
Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
Platform
PokerRoom Home Game Organizer
RadLight 4.0 FINAL
Real Alternative 1.60
REALTEK GbE & FE Ethernet PCI NIC Driver
Segoe UI
SoundMAX
StuffPlug 3
VIA Platform Device Manager
Vice City Mod Manager
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Winning Eleven 9
XMedia Recode 2.0.7.0
==== End Of File ===========================
Bom Dia! moicanofacul
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<!> Link-2 --> < ForoSpyware >
<!> Link-3 --> < GeeksToGo >
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
<@> Clique em Ok.
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<@> Terminando,clique Sim ou Yes. --> Aguarde!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
<!> Ps: Anote essas detecções,e dê o OK.
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> /applications/core/interface/imageproxy/imageproxy.php?img=http://www.bleepingcomputer.com/forums/style_emoticons/default/nuke.gif&key=c0e9c30559b25d185ea1b32a97bf019e216efb610a0bc1537235cd4f76019ff4" alt="nuke.gif" />*O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Mesmo depois de usar o ComboFix, o pc agora reinicia também quando eu tento acessar o C:\
Relatório ComboFix
ComboFix 09-09-23.02 - Pierre 25/09/2009 6:43.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1022.524 [GMT -3:00]
Executando de: c:\documents and settings\Pierre\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090924-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1cd11ac7.msi
c:\windows\system32\smll64.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))
.
2009-09-16 01:58 . 2009-09-25 09:34 -------- d-----w- c:\documents and settings\Pierre\Tracing
2009-09-16 01:56 . 2009-09-16 01:56 -------- d-----w- c:\arquivos de programas\Microsoft
2009-09-16 01:56 . 2009-09-16 01:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-09-16 01:53 . 2009-09-16 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-09-08 19:16 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 19:36 . 2009-09-07 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite
2009-09-07 19:36 . 2009-09-07 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2009-09-07 19:35 . 2009-09-07 19:35 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 09:38 . 2008-09-10 02:36 -------- d-----w- c:\documents and settings\Pierre\Dados de aplicativos\Free Download Manager
2009-09-25 09:24 . 2008-07-17 01:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-09-19 12:34 . 2007-09-08 15:21 -------- d-----w- c:\arquivos de programas\Central de Jogos
2009-09-19 12:32 . 2009-03-15 23:38 -------- d-----w- c:\arquivos de programas\Full Tilt Poker
2009-09-18 22:30 . 2009-07-25 16:02 -------- d-----w- c:\arquivos de programas\PokerRoom Home Game Organizer
2009-09-16 01:57 . 2007-08-31 00:23 -------- d-----w- c:\arquivos de programas\MSN Messenger
2009-09-16 01:56 . 2007-09-08 18:52 -------- d-----w- c:\arquivos de programas\Windows Live
2009-09-09 09:17 . 2008-07-17 01:04 -------- d-----w- c:\documents and settings\Pierre\Dados de aplicativos\Nokia
2009-09-09 06:09 . 2008-06-23 15:48 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-09-07 19:36 . 2008-07-17 01:03 -------- d-----w- c:\arquivos de programas\Nokia
2009-09-07 19:34 . 2008-07-17 01:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-09-01 22:20 . 2007-09-06 13:22 -------- d-----w- c:\arquivos de programas\Java
2009-08-30 11:53 . 2007-09-29 02:22 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-17 16:10 . 2007-09-05 02:43 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-09-05 02:43 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-09-05 02:43 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-06 14:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 14:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-09-05 02:44 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-09-05 02:44 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-09-05 02:44 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-09-05 02:43 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2001-09-06 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 08:23 . 2008-12-09 20:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 21:20 . 2008-01-07 04:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 19:03 . 2001-09-06 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2004-08-04 07:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-09-06 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2007-09-11 07:27 . 2007-09-08 16:42 56 -csh--r- c:\windows\system32\EFC3D1300E.sys
2007-09-11 07:27 . 2007-09-08 16:42 10022 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-08-14 352256]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-11 110592]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Arquivos de programas\\BitLord\\BitLord.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Arquivos de programas\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Arquivos de programas\\KONAMI\\Winning Eleven 9\\we9.exe"=
"c:\\Arquivos de programas\\FullT\\mirc.exe"=
"c:\\Arquivos de programas\\Diablo II\\Diablo II.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [30/8/2007 20:33 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/4/2008 11:35 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2008 11:35 20560]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [9/9/2007 12:25 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [9/9/2007 12:25 16896]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
S3 nenum13E;nenum13E;\??\c:\docume~1\Pierre\CONFIG~1\Temp\nenum13E.sys --> c:\docume~1\Pierre\CONFIG~1\Temp\nenum13E.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {F2614992-E4C4-48C8-92ED-8C2495C47EFF} = 200.165.132.154 200.165.132.148
FF - ProfilePath - c:\documents and settings\Pierre\Dados de aplicativos\Mozilla\Firefox\Profiles\yv39rpnm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\documents and settings\Pierre\Dados de aplicativos\Mozilla\Firefox\Profiles\yv39rpnm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 06:46
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2009-09-25 6:47
ComboFix-quarantined-files.txt 2009-09-25 09:47
Pré-execução: 8 pasta(s) 14.353.743.872 bytes disponíveis
Pós execução: 9 pasta(s) 14.326.648.832 bytes disponíveis
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
151 --- E O F --- 2009-09-17 06:00
Relatório Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:17:53, on 25/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186](http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044](http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044)O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2614992-E4C4-48C8-92ED-8C2495C47EFF}: NameServer = 200.165.132.154 200.165.132.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8135 bytes
Boa Tarde! moicanofacul
<@> Identifique a origem do problema,da seguinte forma:
<@> Vá em Iniciar --> Painel de Controle --> Sistema --> Avançado.
<@> Em "Inicialização e Recuperação",clique em Configurações e desmarque: "Reiniciar automaticamente"
<@> Quando ocorrer o erro,novamente,aparecerá uma tela azul relatando a possível origem do problema.
<@> Ps: Relate o erro!
<><><><><><><><><><><>
<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.
<@> Salve-o,no desktop,com o nome: CFScript.txt
>
File::c:\docume~1\pierre\config~1\temp\nenum13e.sys
Driver::
"nenum13e"
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
DDS::
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab<@> Ps: Não utilizem este script em outra máquina!
<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
<@> Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />
<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Mesmo após mexer no sistema, quando eu tento acessar o C:\, não surge mensagem de erro nenhuma; ele continua reiniciando.
Relatório atualizado ComboFix:
ComboFix 09-09-25.01 - Pierre 26/09/2009 7:43.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1022.544 [GMT -3:00]
Executando de: c:\documents and settings\Pierre\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Pierre\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090926-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\docume~1\pierre\config~1\temp\nenum13e.sys"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\pierre\config~1\temp\nenum13e.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NENUM13E
-------\Service_nenum13E
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))
.
2009-09-16 01:58 . 2009-09-26 10:31 -------- d-----w- c:\documents and settings\Pierre\Tracing
2009-09-16 01:56 . 2009-09-16 01:56 -------- d-----w- c:\arquivos de programas\Microsoft
2009-09-16 01:56 . 2009-09-16 01:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-09-16 01:53 . 2009-09-16 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-09-08 19:16 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 19:36 . 2009-09-07 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite
2009-09-07 19:36 . 2009-09-07 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2009-09-07 19:35 . 2009-09-07 19:35 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 10:29 . 2007-09-29 02:22 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-25 09:38 . 2008-09-10 02:36 -------- d-----w- c:\documents and settings\Pierre\Dados de aplicativos\Free Download Manager
2009-09-25 09:24 . 2008-07-17 01:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-09-19 12:34 . 2007-09-08 15:21 -------- d-----w- c:\arquivos de programas\Central de Jogos
2009-09-19 12:32 . 2009-03-15 23:38 -------- d-----w- c:\arquivos de programas\Full Tilt Poker
2009-09-18 22:30 . 2009-07-25 16:02 -------- d-----w- c:\arquivos de programas\PokerRoom Home Game Organizer
2009-09-16 01:57 . 2007-08-31 00:23 -------- d-----w- c:\arquivos de programas\MSN Messenger
2009-09-16 01:56 . 2007-09-08 18:52 -------- d-----w- c:\arquivos de programas\Windows Live
2009-09-09 09:17 . 2008-07-17 01:04 -------- d-----w- c:\documents and settings\Pierre\Dados de aplicativos\Nokia
2009-09-09 06:09 . 2008-06-23 15:48 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-09-07 19:36 . 2008-07-17 01:03 -------- d-----w- c:\arquivos de programas\Nokia
2009-09-07 19:34 . 2008-07-17 01:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-09-01 22:20 . 2007-09-06 13:22 -------- d-----w- c:\arquivos de programas\Java
2009-08-17 16:10 . 2007-09-05 02:43 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-09-05 02:43 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-09-05 02:43 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-06 14:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 14:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-09-05 02:44 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-09-05 02:44 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-09-05 02:44 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-09-05 02:43 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2001-09-06 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 08:23 . 2008-12-09 20:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 21:20 . 2008-01-07 04:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 19:03 . 2001-09-06 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2004-08-04 07:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-09-06 12:00 915456 ------w- c:\windows\system32\wininet.dll
2007-09-11 07:27 . 2007-09-08 16:42 56 -csh--r- c:\windows\system32\EFC3D1300E.sys
2007-09-11 07:27 . 2007-09-08 16:42 10022 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-25_09.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-26 10:49 . 2009-09-26 10:49 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat
+ 2009-09-26 10:51 . 2009-09-26 10:51 16384 c:\windows\Temp\Perflib_Perfdata_34c.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-08-14 352256]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-11 110592]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Arquivos de programas\\BitLord\\BitLord.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Arquivos de programas\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Arquivos de programas\\KONAMI\\Winning Eleven 9\\we9.exe"=
"c:\\Arquivos de programas\\FullT\\mirc.exe"=
"c:\\Arquivos de programas\\Diablo II\\Diablo II.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [30/8/2007 20:33 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/4/2008 11:35 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2008 11:35 20560]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [9/9/2007 12:25 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [9/9/2007 12:25 16896]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pierre\Dados de aplicativos\Mozilla\Firefox\Profiles\yv39rpnm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\documents and settings\Pierre\Dados de aplicativos\Mozilla\Firefox\Profiles\yv39rpnm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 07:50
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr
c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-09-26 7:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-09-26 10:53
ComboFix2.txt 2009-09-25 09:47
Pré-execução: 8 pasta(s) 14.324.428.800 bytes disponíveis
Pós execução: 9 pasta(s) 14.222.643.200 bytes disponíveis
179 --- E O F --- 2009-09-17 06:00
Relatório atualizado Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:55:28, on 26/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186](http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044](http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044)O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2614992-E4C4-48C8-92ED-8C2495C47EFF}: NameServer = 200.165.132.154 200.165.132.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8104 bytes
Observação:
O computador não segue uma constante. Ele já reiniciou nos seguintes momentos:
- Antes de terminar de carregar totalmente um jogo (Counter-Strike);
- Durante um jogo (Winning Eleven);
- Quando cliquei pra abrir o "Meu Computador" (umas 3x);
- Quando cliquei pra abrir o "C:\" (umas 10x);Porém devo deixar claro que não é sempre que ele reinicia na execução destas tarefas. Por exemplo: consigo abrir o C:\ tranquilamente agora de manhã, mas à tarde ele reinicia quando faço isso.
Espero ter conseguido ser claro quanto ao problema.
Muito agradecido pela ajuda!
Boa Noite! moicanofacul
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
<><><><><><><><><><>
<@> Faça um escaneamento,online,em: < Eset Nod32 >
<@> Utilize o navegador Internet Explorer.
<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.
<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.
<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )
<><><><><><><><><><>
<!> Ps: Caso,continue esse problema,poste-o em: < Hardware - Geral >
Abraços!
Desculpe a demora.
Ontem fiz o que me mandou, porém o Eset não criou relatório nenhum!
Fiz a primeira a vez. O Eset excluiu um arquivo infectado, mas não gerou nenhum relatório.
Então fiz uma segunda vez com o objetivo de ter esse relatório. O Eset não encontrou nada infectado e, novamente, não gerou nenhum relatório.
O que faço? Melhor aguardar pra ver se o problema acontece novamente ou existe algum outro relatório semelhante ao do Eset?
Abraços.
>
Desculpe a demora.
Ontem fiz o que me mandou, porém o Eset não criou relatório nenhum!
Fiz a primeira a vez. O Eset excluiu um arquivo infectado, mas não gerou nenhum relatório.
Então fiz uma segunda vez com o objetivo de ter esse relatório. O Eset não encontrou nada infectado e, novamente, não gerou nenhum relatório.
O que faço? Melhor aguardar pra ver se o problema acontece novamente ou existe algum outro relatório semelhante ao do Eset?
Abraços.
<><><><><><><><><><>
Opa! moicanofacul
<!> Mesmo não ocorrendo o problema,utilize a ferramenta Stinger.
<><><><><><><><><><>
<@> Baixe: < McAfee Avert Stinger >
<@> Salve-o em Arquivos de programas!
<@> Clique em Add,e adicione as demais unidades de disco que possua. ( *Por exemplo, a unidade **D:\* )
<@> Em seguida,clique em "Preferences",para configurar seu scan.
<@> Marque,abaixo,as opções:
Boot sectors
Repair <-- Por default,encontra-se marcada!
Scan self extracting executables
Check files for MIME contente
Check files for UUEncoded content
Scan inside compressed files
Scan subdirectories
Report applications
Scan all files
<@> Ps: Muitas caixas estarão marcadas,bastando completar algumas.
<@> Ps: Ajuste a sensibilidade para "Medium" --> OK.
<@> Clique em "Scan now".
<@> Aguarde o término do Scan.
<@> Clique em File --> Save report to file --> OK.
<@> Poste: c:\arquivos de programas\stinger 1001624.txt <--
<><><><><><><><><><>
<@> Faça um scan online em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://virscan.org/images/av/kaspersky.gif&key=fd207cf2d79f14a429349c1122107ed5b6e1688bd3c6ab440413ff32e41f37f1" alt="kaspersky.gif" /> >
<@> Utilize para isso,o navegador Internet Explorer.
<@> Acesse o site,e clique em Kaspersky Online Scanner.
<@> Na próxima página,clique em: I Accept
<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.
<@> Na próxima página,clique em: My Computer e faça o scan.
<@> Tenha paciência!
<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.
<@> Terminando,salve e poste o relatório.
<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )
<@> Salve o resultado como .txt,segundo a imagem abaixo:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif&key=12df84cc9364ed13311153b7405127e0f208cd4a0679232596972a39ca5dfe36" alt="Kas-Savetxt.gif" />
<@> Poste,também,HijackThis atualizado.
Abraços!
Stinger
McAfee® Stinger Version 10.0.1.624 built on Jul 6 2009
Copyright © 2009 McAfee, Inc. All Rights Reserved.
Virus data file v1000 created on Jul 6 2009.
Ready to scan for 897 viruses, trojans and variants.
Scan initiated on Sun Oct 04 23:10:38 2009
Number of clean files: 277209
Kapersky
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 6, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 06, 2009 02:29:27
Records in database: 2919830--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 144342
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:50:06
File name / Threat / Threats count
C:\Arquivos de programas\FullT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
Selected area has been scanned.
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:50:46, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Pierre\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186](http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188928062186)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044](http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188937092044)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2614992-E4C4-48C8-92ED-8C2495C47EFF}: NameServer = 200.165.132.154 200.165.132.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8367 bytes
Bom Dia! moicanofacul
<!> Caso não utilize esse programa: mIRC,pode remove-lo.
C:\Arquivos de programas\FullT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
<!> Seu log está limpo! :bye:
<!> Tudo bem!
Abraços!
Desinstalação efetuada.
Muitíssimo obrigado!!
Caso ocorra do problema aparecer novamente, volto pra este tópico ou abro um outro em Hardware?
>
Desinstalação efetuada.
Muitíssimo obrigado!!
Caso ocorra do problema aparecer novamente, volto pra este tópico ou abro um outro em Hardware?
<><><><><><><><><>
Bom Dia! moicanofacul
<!> Caso ocorra,abra outro Tópico na área Hardware Geral.
<!> Estando a máquina sem problemas,este Tópico será movido,em 3 dias,para Casos Resolvidos.
Abraços!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Tarde! moicanofacul
<!> O log não apresenta entradas ruins.
<><><><><><><><><><>
<@> Baixe: < DDS > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.
<@> Estando desconectado,execute a ferramenta! --> Duplo clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://img.bleepingcomputer.com/dds/icon.jpg&key=77ec3f21ddbab31402a4e91f931d86be6d85ae573a6742c8368040ee57805ce5" alt="icon.jpg" />.
<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--
<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.
<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--
<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.
<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.
<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!
Abraços!