Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
PC tem apresentado lentidão e toda vez que tento usar o windows explorer ou abro a pasta meu computador ele trava e aparece a mensagem "não responde".
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:43, on 19/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6464 bytes
Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 3201
Windows 5.1.2600 Service Pack 3
20/11/2009 06:22:54
mbam-log-2009-11-20 (06-22-54).txt
Tipo de Verificação: Completa (C:\|)
Objetos verificados: 245414
Tempo decorrido: 2 hour(s), 7 minute(s), 52 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
(Nenhum ítem malicioso foi detectado)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:26:19, on 20/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Last.fm\LastFM.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6228 bytes
Bom Dia! keysha
<@> Faça um scan online em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://virscan.org/images/av/kaspersky.gif&key=fd207cf2d79f14a429349c1122107ed5b6e1688bd3c6ab440413ff32e41f37f1" alt="kaspersky.gif" /> > <-- Link!
<@> Utilize para isso,o navegador Internet Explorer.
<@> Acesse o site,e clique em Verificação On-line Kaspersky.
<@> Na próxima página,clique em: I Accept
<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.
<@> Na próxima página,clique em: My Computer e faça o scan.
<@> Tenha paciência!
<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.
<@> Terminando,salve e poste o relatório.
<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )
<@> Salve o resultado como .txt,segundo a imagem abaixo:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif&key=12df84cc9364ed13311153b7405127e0f208cd4a0679232596972a39ca5dfe36" alt="Kas-Savetxt.gif" />
<@> Poste,também,HijackThis atualizado.
Abraços!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, November 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, November 21, 2009 01:13:37
Records in database: 3252592--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - Folder:
C:\
Scan statistics:
Objects scanned: 76402
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 09:38:16
No threats found. Scanned area is clean.
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:07, on 25/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Last.fm\LastFM.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sublime\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6507 bytes
Tô començando a achar que meu problema é de hardware mesmo, a lentidão diminuiu, mas se tento fazer mais de uma coisa já trava. Se estou fazendo download de um vídeo, não consigo nem mover conteúdo de uma pasta para outra.
Boa Noite! keysha
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<!> Link-2 --> < ForoSpyware >
<!> Link-3 --> < GeeksToGo >
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Ps: A execução,por comando,também é possível:
<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
<@> Clique em Ok.
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<@> Terminando,clique Sim ou Yes. --> Aguarde!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.
<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
<!> Ps: Anote essas detecções,e dê o OK.
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste: C:\ComboFix.txt
Abraços!
Quando começou a rodar o ComboFix ele avisou que o AVG Anti-Virus Free estava ativo, mas procurei e não achei nenhum arquivo e esse anti-virus já foi desinstalado há muito tempo. Continuei "por minha própria conta e risco".
Segue log do ComboFix:
ComboFix 09-12-07.01 - Sublime 07/12/2009 20:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.768.410 [GMT -2:00]
Executando de: c:\documents and settings\Sublime\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrador.CASA-394B976A04\Dados de aplicativos\inst.exe
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera \AMCap.lnk
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera \Uninstall.lnk
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-07 to 2009-12-07 ))))))))))))))))))))))))))))
.
2009-12-07 22:06 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-11-24 18:46 . 2009-11-24 19:08 -------- d-----w- C:\Mari
2009-11-24 18:14 . 2009-11-24 18:14 -------- d-----w- c:\arquivos de programas\Cool Record Edit Pro
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Malwarebytes
2009-11-20 04:13 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
2009-11-20 04:13 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-11-16 09:03 . 2009-11-16 09:03 -------- d-----w- c:\documents and settings\Sublime\.thumb
2009-11-10 13:52 . 2009-11-10 13:58 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\ICQ
2009-11-10 13:14 . 2009-11-10 13:58 -------- d-----w- c:\arquivos de programas\ICQ6.5
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 16:14 . 2009-08-18 13:12 1 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-07 00:35 . 2009-07-03 02:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 03:01 . 2009-08-18 03:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Spyware Terminator
2009-12-04 21:52 . 2009-07-29 12:34 3494195 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-04 20:27 . 2009-12-04 21:59 1785856 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-12-04 20:08 . 2009-12-04 21:59 1960960 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-11-29 23:34 . 2009-07-06 14:57 -------- d-----w- c:\arquivos de programas\Spyware Terminator
2009-11-29 20:27 . 2009-07-28 01:38 -------- d-----w- c:\arquivos de programas\Last.fm
2009-11-23 03:23 . 2009-11-23 13:40 1773056 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-11-23 03:16 . 2009-08-18 08:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\uTorrent
2009-11-17 13:49 . 2009-11-17 15:27 1780224 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-11-16 09:22 . 2007-04-28 18:12 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-11-16 09:15 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy
2009-11-16 09:14 . 2009-07-09 05:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP
2009-11-16 08:57 . 2009-07-31 06:49 -------- d-----w- c:\arquivos de programas\AviSynth 2.5
2009-11-16 08:28 . 2009-11-16 08:31 5711872 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-11-16 08:28 . 2009-11-16 08:32 1764352 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-11-13 04:38 . 2009-04-13 23:16 -------- d-----w- c:\arquivos de programas\eMule
2009-11-10 13:56 . 2007-04-28 17:36 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-11-06 14:00 . 2009-11-06 14:09 1745920 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-11-05 19:20 . 2009-11-06 06:17 1744384 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-11-05 08:52 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator
2009-11-04 19:14 . 2009-11-04 19:15 1750016 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-11-04 19:11 . 2009-08-27 07:22 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Ashampoo
2009-11-04 19:07 . 2009-07-31 00:31 -------- d-----w- c:\arquivos de programas\Ashampoo
2009-11-03 01:12 . 2009-11-03 11:39 1742336 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-10-31 03:16 . 2009-10-07 21:14 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\gtk-2.0
2009-10-29 05:55 . 2007-05-02 21:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-10-27 02:50 . 2008-06-08 00:01 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-10-26 20:21 . 2008-12-14 19:26 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-10-26 18:19 . 2008-02-07 12:59 -------- d-----w- c:\arquivos de programas\DivX
2009-10-23 23:08 . 2009-10-23 23:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2009-10-23 23:08 . 2009-03-07 22:15 -------- d-----w- c:\arquivos de programas\QuickTime
2009-10-23 23:07 . 2009-10-23 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer
2009-10-17 07:28 . 2009-10-17 14:35 1710592 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-10-13 16:56 . 2009-10-13 16:58 1727488 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Soulseek
2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\arquivos de programas\SoulseekNS
2009-10-06 14:32 . 2009-10-06 14:35 1703424 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-09-21 01:04 . 2009-09-21 01:06 1694208 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-09-15 01:39 . 2009-09-15 01:40 1689088 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-09-09 06:59 . 2000-01-01 03:05 1694208 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2007-10-22 05:49 . 2007-10-22 05:49 1805306 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 867848 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 807132 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 49392 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 44850 ----a-w- c:\arquivos de programas\dxdllreg_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 21744 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 200010 ----a-w- c:\arquivos de programas\NOV2007_XACT_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 1712608 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 151512 ----a-w- c:\arquivos de programas\NOV2007_XACT_x86.cab
2007-02-16 14:31 . 2008-02-21 03:43 227328 ----a-w- c:\arquivos de programas\mpTrim.exe
2003-09-10 23:51 . 2008-04-20 06:27 1626172 ----a-w- c:\arquivos de programas\CDex.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"SpywareTerminatorUpdate"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-06 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-06 2173440]
"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Sublime\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador.CASA-394B976A04^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]
backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 06:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-01-28 16:16 1228800 ----a-r- c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-01-26 16:07 5529600 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-01-26 16:07 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-01-26 16:07 1490944 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
2009-07-21 08:23 345600 ----a-w- c:\arquivos de programas\Kat MP3 Recorder\Kat MP3 Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 03:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2007-05-09 13:46 835584 ----a-w- c:\windows\vsnp325.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2007-04-21 12:30 270336 ----a-w- c:\windows\tsnp325.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrador.CASA-394B976A04\\Meus documentos\\Downloads\\utorrent.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/7/2009 00:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/7/2009 00:38 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/7/2009 12:57 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/7/2009 06:35 108289]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [6/7/2009 11:32 10343168]
S2 avg8emc;AVG Free8 E-mail Scanner; [x]
S2 avg8wd;AVG Free8 WatchDog; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Scan Suplementar -------
.
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/371762-pc-lento-e-nao-responde/
FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe
AddRemove-HijackThis - C:\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 20:22
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2009-12-07 20:25
ComboFix-quarantined-files.txt 2009-12-07 22:25
Pré-execução: 15 pasta(s) 107.943.116.800 bytes disponíveis
Pós execução: 19 pasta(s) 108.168.712.192 bytes disponíveis
Bom Dia! keysha
<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.
<@> Salve-o,no Desktop,com o nome: CFScript.txt
>
Driver::"AvgLdx86"
"AvgTdiX"
"avg8emc"
"avg8wd"
<@> Ps: É recomendável que esteja desconectado,ao rodar o script.
<@> Ps: Desabilite,temporariamente,seu antivírus.
<@> Ps: Não utilizem este script em outra máquina!
<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
<@> Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />
<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Bom dia!
ComboFix 09-12-07.01 - Sublime 09/12/2009 9:21.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.768.441 [GMT -2:00]
Executando de: c:\documents and settings\Sublime\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Sublime\Desktop\CFScript.txt
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVG8EMC
-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Legacy_AVGTDIX
-------\Service_avg8emc
-------\Service_avg8wd
-------\Service_AvgLdx86
-------\Service_AvgTdiX
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))
.
2009-12-08 05:02 . 2009-12-08 05:02 -------- d-----w- c:\arquivos de programas\Real Alternative
2009-12-07 22:06 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-11-24 18:46 . 2009-11-24 19:08 -------- d-----w- C:\Mari
2009-11-24 18:14 . 2009-11-24 18:14 -------- d-----w- c:\arquivos de programas\Cool Record Edit Pro
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Malwarebytes
2009-11-20 04:13 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
2009-11-20 04:13 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-11-16 09:03 . 2009-11-16 09:03 -------- d-----w- c:\documents and settings\Sublime\.thumb
2009-11-10 13:52 . 2009-11-10 13:58 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\ICQ
2009-11-10 13:14 . 2009-11-10 13:58 -------- d-----w- c:\arquivos de programas\ICQ6.5
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 01:27 . 2009-08-18 13:12 1 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-08 00:03 . 2009-07-09 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 00:35 . 2009-07-03 02:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 03:01 . 2009-08-18 03:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Spyware Terminator
2009-12-04 20:27 . 2009-12-04 21:59 1785856 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-12-04 20:08 . 2009-12-04 21:59 1960960 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-11-29 23:34 . 2009-07-06 14:57 -------- d-----w- c:\arquivos de programas\Spyware Terminator
2009-11-29 20:27 . 2009-07-28 01:38 -------- d-----w- c:\arquivos de programas\Last.fm
2009-11-23 03:23 . 2009-11-23 13:40 1773056 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-11-23 03:16 . 2009-08-18 08:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\uTorrent
2009-11-17 13:49 . 2009-11-17 15:27 1780224 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-11-16 09:22 . 2007-04-28 18:12 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-11-16 09:15 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy
2009-11-16 09:14 . 2009-07-09 05:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP
2009-11-16 08:57 . 2009-07-31 06:49 -------- d-----w- c:\arquivos de programas\AviSynth 2.5
2009-11-16 08:28 . 2009-11-16 08:31 5711872 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-11-16 08:28 . 2009-11-16 08:32 1764352 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-11-13 04:38 . 2009-04-13 23:16 -------- d-----w- c:\arquivos de programas\eMule
2009-11-10 13:56 . 2007-04-28 17:36 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-11-06 14:00 . 2009-11-06 14:09 1745920 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-11-05 19:20 . 2009-11-06 06:17 1744384 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-11-05 08:52 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator
2009-11-04 19:14 . 2009-11-04 19:15 1750016 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-11-04 19:11 . 2009-08-27 07:22 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Ashampoo
2009-11-04 19:07 . 2009-07-31 00:31 -------- d-----w- c:\arquivos de programas\Ashampoo
2009-11-03 01:12 . 2009-11-03 11:39 1742336 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-10-31 03:16 . 2009-10-07 21:14 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\gtk-2.0
2009-10-29 05:55 . 2007-05-02 21:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-10-27 02:50 . 2008-06-08 00:01 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-10-26 20:21 . 2008-12-14 19:26 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-10-26 18:19 . 2008-02-07 12:59 -------- d-----w- c:\arquivos de programas\DivX
2009-10-23 23:08 . 2009-10-23 23:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2009-10-23 23:08 . 2009-03-07 22:15 -------- d-----w- c:\arquivos de programas\QuickTime
2009-10-23 23:07 . 2009-10-23 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer
2009-10-17 07:28 . 2009-10-17 14:35 1710592 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-10-13 16:56 . 2009-10-13 16:58 1727488 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-10-06 14:32 . 2009-10-06 14:35 1703424 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-09-21 01:04 . 2009-09-21 01:06 1694208 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-09-15 01:39 . 2009-09-15 01:40 1689088 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2007-10-22 05:49 . 2007-10-22 05:49 1805306 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 867848 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 807132 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 49392 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 44850 ----a-w- c:\arquivos de programas\dxdllreg_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 21744 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 200010 ----a-w- c:\arquivos de programas\NOV2007_XACT_x64.cab
2007-10-22 05:49 . 2007-10-22 05:49 1712608 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x86.cab
2007-10-22 05:49 . 2007-10-22 05:49 151512 ----a-w- c:\arquivos de programas\NOV2007_XACT_x86.cab
2007-02-16 14:31 . 2008-02-21 03:43 227328 ----a-w- c:\arquivos de programas\mpTrim.exe
2003-09-10 23:51 . 2008-04-20 06:27 1626172 ----a-w- c:\arquivos de programas\CDex.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-07_22.22.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 11:32 . 2009-12-09 11:32 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2000-01-01 02:02 . 2000-01-01 02:02 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2008-09-10 19:56 . 2009-10-09 18:00 185920 c:\windows\system32\rmoc3260.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"SpywareTerminatorUpdate"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-06 3055616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-06 2173440]
"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Sublime\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador.CASA-394B976A04^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]
backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 06:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-01-28 16:16 1228800 ----a-r- c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-01-26 16:07 5529600 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-01-26 16:07 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-01-26 16:07 1490944 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
2009-07-21 08:23 345600 ----a-w- c:\arquivos de programas\Kat MP3 Recorder\Kat MP3 Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 03:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2007-05-09 13:46 835584 ----a-w- c:\windows\vsnp325.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2007-04-21 12:30 270336 ----a-w- c:\windows\tsnp325.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrador.CASA-394B976A04\\Meus documentos\\Downloads\\utorrent.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/7/2009 12:57 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/7/2009 06:35 108289]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [6/7/2009 11:32 10343168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Scan Suplementar -------
.
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/371762-pc-lento-e-nao-responde/
FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 09:33
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
c:\docume~1\Sublime\CONFIG~1\Temp\~DFDB4B.tmp 98304 bytes
Varredura completada com sucesso
arquivos/ficheiros ocultos: 1
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-12-09 09:39 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-12-09 11:39
ComboFix2.txt 2009-12-07 22:25
Pré-execução: 18 pasta(s) 106.912.481.280 bytes disponíveis
Pós execução: 19 pasta(s) 106.794.778.624 bytes disponíveis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:08, on 9/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sublime\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5770 bytes
Boa Tarde! keysha
<@> Para desinstalar o Malwarebytes,dê duplo-clique no arquivo em destaque.
<@> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--
<@> Reinicie o computador,após a conclusão!
<><><><><><><><><><><>
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.
< /applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" /> >
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\combofix" /uninstall
<@> Clique OK.
<><><><><><><><><><><>
<@> Baixe: < TFC > ( by Old Timer )
<!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html >
<@> Salve-o no desktop!
<@> Feche todos os programas! ( Internet,navegador,etc... )
<@> Execute TFC.exe,com um duplo-clique.
<@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador
<@> Clique em Start --> Aguarde!
<@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot )
<><><><><><><><><><><><>
<!> Seus logs estão limpos!
Abraços!
Obrigada, DigRam!
Feliz Natal para todos do iMasters!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Tarde! keysha
<@> Abra o Spybot Search & Destroy!
<@> No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme!
<@> Clique no botão Ferramentas e depois em Residente.
<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( *Proteção **geral** das configurações de sistema* )
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.malwarebytes.org/images/marcinsig.gif&key=2c45e7fd674c4b18d376ffbe83bf82547806ac60e230409c7eb4c31999009760" alt="marcinsig.gif" /> >
<@> < Link - 2 >
<@> < Link - 3 >
<@> Atualize o programa!
<@> Escolha o escaneamento Completo!
<@> Desabilite programas de proteção,ao executar o malwarebytes.
<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!
<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.
<@> Para maiores detalhes: < Link >
<><><><><><><><><><>
<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.
Abraços!