Publicado em 9 de nov.

[Resolvido!] Pc ta lento, e reiniciando sozinho

Boa tarde!

meu pc está muito lento..

tanto a internet como o computador em geral

eh agora ele está reiniciando sozinho, nao sei o motivo :(

obs: notei que ele ficou lento quando coloquei um acelerador de video e download DAP.

espero que vo6 possam me ajudar igual da ultima vez (agradeço ao Sr.DigRam, que resolvou meu problema)

[OFF] por favor algum moderador, pode apagar este topico aqui ( http://forum.imasters.com.br/index.php?/topic/368301-nao-consigo-instalar-antivirus/page__s__7cc14adbfb0538f20d5e20b3492eb039 ) dei meu login pro meu primo pra ele mas ele nem se interessou ) podem excluir

aqui vai o log do HijackThis do meu PC

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:14, on 9/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

End of file - 10414 bytes

Abraços

Discussão (27)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

DigRam· 13 de nov.

Boa Noite! danmex

<!> Desinstale os softwares,que causaram seus problemas.

<><><><><><><><><><><>

<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )

<!> Link-2 --> < ForoSpyware >

<!> Link-3 --> < GeeksToGo >

<!> Link-4 --> < como usar o combofix >

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> /applications/core/interface/imageproxy/imageproxy.php?img=http://www.bleepingcomputer.com/forums/style_emoticons/default/nuke.gif&key=c0e9c30559b25d185ea1b32a97bf019e216efb610a0bc1537235cd4f76019ff4" alt="nuke.gif" />*O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

danmex· 13 de nov.

Boa noite DigRAm

aqui vai os relatorios que você pediu!

ComboFix 09-11-13.06 - and 13/11/2009 21:38.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.664 [GMT -2:00]

Executando de: c:\documents and settings\and\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\docume~1\and\CONFIG~1\Temp\E_N4

c:\docume~1\and\CONFIG~1\Temp\E_N4\cnvpe.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\dp1.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\eAPI.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\HtmlView.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\krnln.fnr

c:\docume~1\and\CONFIG~1\Temp\E_N4\spec.fne

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Legacy_ASC3360PR

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))

2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\teamspeak2

2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-12 04:46 . 2009-11-12 04:46 15240 ----a-w- c:\documents and settings\and\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2009-11-11 16:45 . 2009-11-11 16:45 -------- d-----w- c:\arquivos de programas\Robster Productions

2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- c:\windows\system32\msmq

2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- C:\Inetpub

2009-11-09 18:15 . 2009-11-09 18:15 401720 ----a-w- C:\HiJackThis.exe

2009-11-06 04:33 . 2009-11-10 15:53 -------- d-----w- c:\arquivos de programas\DreaMule

2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\documents and settings\and\Configuraes locais

2009-11-03 17:13 . 2009-11-03 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-11-03 16:59 . 2009-11-03 16:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-10-26 16:06 . 2009-10-26 16:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-10-26 16:06 . 2009-10-26 16:06 -------- d-----w- c:\arquivos de programas\TP-LINK

2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\windows\system32\drivers\rt73.sys

2009-10-26 16:05 . 2009-10-26 16:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver

2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\rt73.sys

2009-10-26 16:05 . 2008-07-10 21:34 528384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\RaInst.exe

2009-10-26 16:05 . 2007-05-17 13:17 192512 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\CoInstaller.dll

2009-10-26 16:05 . 2006-11-02 09:21 319456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\difxapi.dll

2009-10-26 16:05 . 2006-11-02 02:33 77312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\devcon.exe

2009-10-21 06:03 . 2009-10-21 06:03 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Octoshape

2009-10-16 06:19 . 2009-10-16 06:19 -------- d-----w- c:\windows\PaltalkScene

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-11-13 23:46 . 2009-09-18 21:30 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Skype

2009-11-13 23:28 . 2009-09-18 21:32 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\skypePM

2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\arquivos de programas\DAP

2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-11-13 23:26 . 2009-10-08 22:35 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-13 23:25 . 2009-09-15 03:06 -------- d-----w- c:\arquivos de programas\Steam

2009-11-13 01:58 . 2009-09-29 04:58 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-11-13 01:53 . 2009-09-15 02:59 -------- d-----w- c:\arquivos de programas\Valve

2009-11-10 15:50 . 2009-09-18 21:29 -------- d-----w- c:\arquivos de programas\Google

2009-11-03 17:02 . 2009-10-05 10:00 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 16:07 . 2008-04-14 07:00 48628 ----a-w- c:\windows\system32\perfc016.dat

2009-10-26 16:07 . 2008-04-14 07:00 344380 ----a-w- c:\windows\system32\perfh016.dat

2009-10-26 16:05 . 2009-09-15 02:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-16 21:18 . 2009-10-13 22:12 -------- d-----w- c:\arquivos de programas\NitroPC

2009-10-09 05:44 . 2009-10-09 05:44 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Broad Intelligence

2009-10-09 05:42 . 2009-10-09 05:42 -------- d-----w- c:\arquivos de programas\MediaCoder

2009-10-08 15:57 . 2009-10-08 15:57 -------- d-----w- c:\arquivos de programas\MSECache

2009-10-01 09:42 . 2009-10-01 09:41 -------- d-----w- c:\arquivos de programas\Java

2009-10-01 09:41 . 2009-10-01 09:41 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-01 09:40 . 2009-10-01 09:40 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-09-25 02:06 . 2009-09-21 01:33 2218400 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-25 02:06 . 2009-09-21 01:33 189122592 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\arquivos de programas\Avira

2009-09-20 20:48 . 2009-09-15 03:50 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-20 16:44 . 2009-09-20 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2009-09-20 15:37 . 2009-07-14 18:10 1519616 ----a-w- c:\windows\system32\nwiz.exe

2009-09-20 15:37 . 2009-09-15 02:24 46592 ----a-w- c:\windows\SOUNDMAN.EXE

2009-09-18 22:06 . 2009-09-18 22:06 0 ----a-w- c:\windows\nsreg.dat

2009-09-18 21:32 . 2009-09-18 21:32 32 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Skype

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-09-18 15:41 . 2009-09-18 15:41 28242 ----a-w- c:\windows\system32\regsvc.dll.zip

2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Malwarebytes

2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-17 01:07 . 2009-09-15 04:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-15 23:38 . 2009-09-15 23:38 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Media Player Classic

2009-09-15 17:59 . 2009-09-15 17:59 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-09-15 06:45 . 2009-09-15 06:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-09-15 03:25 . 2009-09-15 03:25 -------- d-----w- c:\arquivos de programas\Topro

2009-09-15 03:02 . 2009-09-15 03:02 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2009-09-15 02:27 . 2009-09-15 02:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-09-15 02:24 . 2009-09-15 02:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-15 01:45 . 2009-09-15 01:45 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-15 01:43 . 2009-09-15 01:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-15 01:42 . 2009-09-15 01:42 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-09-15 01:41 . 2009-09-15 01:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESTsoft

2009-09-15 01:38 . 2009-09-24 05:18 71680 ----a-w- c:\documents and settings\Administrador\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:51 71680 ----a-w- c:\documents and settings\and\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:47 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:38 71680 ----a-w- c:\documents and settings\Default User\GLB799.tmp

2009-09-15 01:35 . 2009-09-15 01:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-09-15 01:32 . 2009-09-15 01:32 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-11 14:15 . 2008-04-14 07:00 136704 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2008-04-14 07:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:29 . 2008-04-14 07:00 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:29 . 2009-09-15 01:35 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:29 . 2008-04-14 07:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:03 . 2009-03-21 14:20 247326 ----a-w- c:\windows\system32\strmdll.dll

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\regsvc.dll ... está faltando !!

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 21898024]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2009-09-20 172032]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-09-20 46592]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-09-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-08-29 124928]

c:\documents and settings\and\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike source\\hl2.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\WINDOWS\\SOUNDMAN.EXE"=

"d:\\anderson arquivos\\HD 2\\Programas\\DVD Anderson\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jqsnotify.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"d:\\anderson arquivos\\HD 2\\Programas\\Meus documentos\\roteadores\\SpeedTouch_upgrade_wizard_R4421\\SpeedTouch 510 v6\\SetupWizard\\stInstall.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [17/4/2009 18:51 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [17/4/2009 18:51 52736]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/9/2009 20:50 108289]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [26/10/2009 14:06 69632]

R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.SYS [15/9/2009 01:25 196548]

--- =Outros Serviços/Drivers Na Memória ---

NewlyCreated - MBR

Deregistered - mbr

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-13 c:\windows\Tasks\OGALogon.job

c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

------- Scan Suplementar -------

uStart Page = hxxp://search.speedbit.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7} = 200.165.132.154

TCP: {300EDF33-DB30-43FA-AC3E-CF080FC6BB5F} = 200.165.132.154

FF - ProfilePath - c:\documents and settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-WindowsLivePhone - c:\arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

HKLM-Run-tppoll - c:\program files\Topro\tppoll.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-13 21:45

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - > 'explorer.exe'(3928)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

------------------------ Outros Processos em Execução ------------------------

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

**************************************************************************

Tempo para conclusão: 2009-11-13 21:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-13 23:48

Pré-execução: 4.900.159.488 bytes disponíveis

Pós execução: 5.334.990.848 bytes disponíveis

- End Of File - - 8D468A3772817ACD6F10C184418B27DD

------------x------------x---------------x------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:54:22, on 13/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background