Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá pessoal, estou criando este topico para dizer que meu pc do nada começou a ficar lento na inicialização. Até ontem ele iniciava em cerca de 35 segundos, naquela parte que fica processando o windows exp com as barrinhas passando era muito ligeiro e agora do nada ta muito lento. A unica coisa que eu percebi de estranho nele foi que quando eu inicio um jogo chamado RisingForce Online, antigamente ele entrava em modo full screen normal e agora ele abre uma janela do windows chamada "Active Movie Window". De resto não percebi nenhuma diferença... vou enviar o log do hijack e peço que por favor me ajudem. Abraços e fiquem com Deus.
Log do Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:04, on 15/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7749 bytes
DigRam meu amigo, se estiver por ae, você que ja conhece bem meu pc rs. ajuda plx :)
Olá Antonio, fiz td e vou postar os logs aki para você, desde ja agradeço, abraço.
Logo do combo.fix:
ComboFix 10-05-19.02 - user 19/05/2010 21:57:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2045.1394 [GMT -3:00]
Executando de: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\3753519.dll
c:\windows\system32\8893845.dll
c:\windows\system32\csrcs.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-20 to 2010-05-20 ))))))))))))))))))))))))))))
.
2010-05-20 00:17 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\88475aa.dll
2010-05-20 00:17 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\69f5988.dll
2010-05-20 00:15 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\77aae86.dll
2010-05-20 00:15 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2f156680.dll
2010-05-19 23:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\91eefc0.dll
2010-05-19 23:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2fa3b85e.dll
2010-05-19 23:16 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\805557a.dll
2010-05-19 22:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\a0bcd4c.dll
2010-05-19 22:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\1d77b898.dll
2010-05-19 22:56 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\40f9ce.dll
2010-05-19 22:56 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\1a5b3588.dll
2010-05-19 22:50 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\f543864.dll
2010-05-19 22:50 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\8d163ec.dll
2010-05-19 20:59 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\cbf24d2.dll
2010-05-19 20:59 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2a1b8736.dll
2010-05-19 19:25 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\fc49800.dll
2010-05-19 19:25 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\37813da6.dll
2010-05-19 19:08 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\30a63940.dll
2010-05-19 19:08 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\258e556.dll
2010-05-17 23:01 . 2010-05-17 23:04 -------- d-----w- c:\arquivos de programas\Satsuki Decoder Pack
2010-05-17 22:00 . 2010-05-17 22:00 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\TeamViewer
2010-05-17 22:00 . 2010-05-17 22:00 -------- d-----w- c:\documents and settings\user\temp
2010-05-17 19:28 . 2010-05-17 19:28 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Publish Providers
2010-05-17 19:28 . 2010-05-17 22:10 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Sony
2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\arquivos de programas\Vstplugins
2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony
2010-05-06 11:42 . 2010-05-06 11:42 -------- d-----w- c:\windows\system32\Nova pasta
2010-05-02 00:25 . 2010-05-02 00:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles
2010-04-25 01:33 . 2010-04-25 01:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-22 15:49 . 2010-04-22 15:49 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\dvdcss
2010-04-22 15:36 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\vlc
2010-04-22 15:35 . 2010-04-22 15:35 -------- d-----w- c:\arquivos de programas\VideoLAN
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 15:39 . 2010-04-17 14:08 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\TS3Client
2010-05-15 06:10 . 2008-05-05 05:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Skype
2010-05-15 04:14 . 2008-05-05 05:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\skypePM
2010-05-12 10:26 . 2010-04-11 15:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Dropbox
2010-05-10 18:19 . 2008-01-19 07:30 -------- d-----w- c:\arquivos de programas\Tibia
2010-05-09 01:02 . 2008-02-09 11:23 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\LimeWire
2010-05-08 16:51 . 2008-04-24 06:10 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\teamspeak2
2010-04-25 00:45 . 2009-11-29 21:53 -------- d-----w- c:\arquivos de programas\PokerStars
2010-04-11 15:57 . 2010-04-11 15:57 89831 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\Uninstall.exe
2010-04-05 12:13 . 2010-04-05 12:08 -------- d-----w- c:\arquivos de programas\NCSoft
2010-04-05 12:13 . 2008-01-16 16:21 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-04-05 12:07 . 2010-04-05 12:07 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2010-03-04 10:30 . 2001-10-28 18:07 67450 ----a-w- c:\windows\system32\perfc016.dat
2010-03-04 10:30 . 2001-10-28 18:07 425426 ----a-w- c:\windows\system32\perfh016.dat
2010-03-04 10:29 . 2010-03-04 10:29 152576 ----a-w- c:\documents and settings\user\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-04 10:29 . 2009-11-23 20:29 79488 ----a-w- c:\documents and settings\user\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\Dropbox.exe
2009-02-11 11:41 . 2009-02-11 11:57 2576 --sha-r- c:\windows\system32\DirectX\Dinput\desktop.inf.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 16:03 1230080 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"nwiz"="nwiz.exe" [2007-06-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 56928]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 10:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=
"c:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=
"c:\\Arquivos de programas\\Movie Maker\\moviemk.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Arquivos de programas\\Real Alternative\\settings.exe"=
"c:\\WINDOWS\\system32\\mshearts.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Tibia\\TibiCAM\\TibiCAM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\condition zero\\hl.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\dedicated server\\hlds.exe"=
"c:\\CCR INC\\RFOnline\\RF.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\dedicated server\\hltv.exe"=
"c:\\Arquivos de programas\\Sony Interactive\\Twisted Metal 2\\TM2.EXE"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\day of defeat\\hl.exe"=
"e:\\Level Up! Games\\RF Online\\RF.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Documents and Settings\\user\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2\\srcds.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\counter-strike\\hl.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/12/2009 12:56 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/8/2009 07:36 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/8/2009 07:36 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [31/8/2009 07:36 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [31/8/2009 07:36 297752]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8/4/2005 19:46 162176]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mWindow Title =
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\qcm48twq.default\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.AddRemove-Juliana Góes - c:\arquivos de programas\Juliana Góes\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 22:01
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2010-05-19 22:02:22
ComboFix-quarantined-files.txt 2010-05-20 01:02
Pré-execução: 18 pasta(s) 12.918.530.048 bytes disponíveis
Pós execução: 20 pasta(s) 13.663.846.400 bytes disponíveis
Log do Malware~:
Malwarebytes' Anti-Malware 1.34
Versão do banco de dados: 1879
Windows 5.1.2600 Service Pack 2
19/5/2010 22:06:41
mbam-log-2010-05-19 (22-06-41).txt
Tipo de Verificação: Rápida
Objetos verificados: 67519
Tempo decorrido: 2 minute(s), 11 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
(Nenhum ítem malicioso foi detectado)
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:22, on 19/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7436 bytes
Esperando novas instruções, obrigado desde já.
:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
_________________________________
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Estas entradas acima no Hosts foi você que acrescentou?
_________________________________
:seta: Siga as dicas deste tutorial:
Tutorial do Norman Malware Cleaner
_________________________________
Malwarebytes' Anti-Malware 1.34Versão do banco de dados: 1879
Windows 5.1.2600 Service Pack 2
19/5/2010 22:06:41
mbam-log-2010-05-19 (22-06-41).txt
Tipo de Verificação: Rápida
No seu log do Malwarebytes está constando que você fez só uma verificação rápida e é muito importante fazer uma Verificação Completa com ele.
*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).
* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal
*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"
*Clique no botão: "Verificar"
* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”
*Ao término do scan, clique em "OK" > "Mostrar Resultados"
*Selecione todas as entradas e clique em "Remover Selecionados"
*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"
*Um log será apresentado com o resultado das ações
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.
*Ao término do processo, reinicie o PC em Modo Normal.
* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.
*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.
Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está seu PC depois disto.
>
:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
_________________________________
>
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Estas entradas acima no Hosts foi você que acrescentou?
_________________________________
:seta: Siga as dicas deste tutorial:
Tutorial do Norman Malware Cleaner
_________________________________
Malwarebytes' Anti-Malware 1.34Versão do banco de dados: 1879
Windows 5.1.2600 Service Pack 2
19/5/2010 22:06:41
mbam-log-2010-05-19 (22-06-41).txt
Tipo de Verificação: Rápida
No seu log do Malwarebytes está constando que você fez só uma verificação rápida e é muito importante fazer uma Verificação Completa com ele.
*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).
* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal
*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"
*Clique no botão: "Verificar"
* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”
*Ao término do scan, clique em "OK" > "Mostrar Resultados"
*Selecione todas as entradas e clique em "Remover Selecionados"
*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"
*Um log será apresentado com o resultado das ações
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.
*Ao término do processo, reinicie o PC em Modo Normal.
* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.
*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.
Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está seu PC depois disto.
Olá Antonio, tenho estado ocupado com a faculdade e por isso só consegui finalizar o processo agora. Estas entradas fui eu mesmo que adicionei, são para um "anti-cheater" em um jogo online. Bem após tudo o processo Antonio, ae vao os logs dos 2 anti-malwares e do Hijack atualizado. Notei meu pc mais rapido, só que hoje quando estava mexendo nele, do nada começou a abrir uma janela do IE (uso mozila como padrao) com uma pagina daquelas tipo pop-up, entrei no IE e tentei deletar a pagina do historico, porém ela volta...(aqui no historico a pagina está como ad.harrenmedianetwork.com) Acho que não é nada demais, porém após você vizualizar os logs, espero que possa me dizer o que é rs. Bem ai vão os logs, espero que estejam todos limpos e corretos :).
Log do Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.34
Versão do banco de dados: 1879
Windows 5.1.2600 Service Pack 2
25/5/2010 22:38:34
mbam-log-2010-05-25 (22-38-34).txt
Tipo de Verificação: Completa (C:\|E:\|F:\|)
Objetos verificados: 209400
Tempo decorrido: 58 minute(s), 13 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 1
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
(Nenhum ítem malicioso foi detectado)
Log do Norman Malware Cleaner:
Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/05/25 10:16:50
Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 10:16:50, Variants: 5779226
Scan started: 25/05/2010 21:53:50
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: MICRO2\user
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe csrcs.exe" -> "Explorer.exe"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Scanning bootsectors...
Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s
Scanning running processes and process memory...
C:\WINDOWS\system32\csrcs.exe (Infected with AutoRun.BHAO)
Terminated process
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run -> csrcs = "C:\WINDOWS\system32\csrcs.exe"
Deleted file
Number of processes/threads found: 3743
Number of processes/threads scanned: 3743
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 1
Total scanning time: 1m 44s
Scanning file system...
Scanning: prescan
Scanning: C:\.
C:\Arquivos de programas\AMR Converter Pro\AMR Converter Pro.exe (Infected with Malware.DLPH)
Removed link file: C:\Documents and Settings\All Users\Desktop\AMR Converter Pro.lnk
Deleted file
C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe (Infected with W32/Smalldrp.ACPY)
Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe = "C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM"
Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe = "C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM"
Deleted file
C:\CCR INC\RFOnline\System\FileData.z/./System/FileData.dat (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\offline\59737481\6AE473CA\AMR Converter Pro.exe (Infected with Malware.DLPH)
Deleted file
C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))
C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))
C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))
C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057))
C:\Documents and Settings\All Users\Documentos\hvtzdc.exe (Infected with AutoRun.BHAO)
Deleted file
C:\Documents and Settings\user\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\61\58bf333d-45b45fd2/Inicio.class (Infected with JAVA/DLoader.A)
Deleted file
C:\Documents and Settings\user\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\12c83dbf-3b72951f/d8z (Infected with W32/Agent.MQTY.dropper)
Deleted file
C:\Documents and Settings\user\Desktop\AT\BBB\Playboy_Especial_2009_10_Brasil.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Filmes\xmn_orns_wvrn.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\Downloads\crepusculo(2).rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\Downloads\hq04.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\Downloads\hqhen08.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\Downloads\PPZ-Ariane-Gonzale.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\Downloads\qmqrsumlro.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\PB-AsMelhoresDaFazenda+www.sexymaioresde18.blogspot.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Desktop\Installers\tibicam_8.11.zip/TibiCAM/TibiCAM.exe (Infected with W32/Smalldrp.ACPY)
Deleted file
C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar/Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Patch\patch.exe (Infected with W32/Suspicious_Gen2.dam)
Deleted file
C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar/Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Motion blends.exe (Infected with Suspicious_Gen2.ADZET)
Deleted file
C:\Documents and Settings\user\Meus documentos\Downloads\VIP201004_Cacau.BBB10.rar/VIP201004_Cacau.BBB10\+FOTOS.URL (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\user\Meus documentos\Sum[1].Eletrohits.vol5_www.coletaneascompletas.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\user\Meus documentos\Sum[1].Eletrohits.vol5_www.coletaneascompletas.com.rar/+ Musicas\Todas as Faixas do CD.exe (Infected with W32/Obfuscated.O!genr)
Deleted file
C:\Kombo.exe\NirCmdC.cfexe (Infected with Malware.JSER)
Deleted file
C:\LinhaDefensiva\exec\download.exe (Infected with Suspicious_Gen.CQSA)
Deleted file
C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir (Infected with AutoRun.BHAO)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP273\A0818770.exe (Infected with AutoRun.BHAO)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829492.exe (Infected with AutoRun.BHAO)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829494.exe (Infected with Malware.DLPH)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829495.exe (Infected with W32/Smalldrp.ACPY)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829496.exe (Infected with Malware.DLPH)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829497.exe (Infected with AutoRun.BHAO)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829500.exe (Infected with Suspicious_Gen.CQSA)
Deleted file
C:\WINDOWS\Juliana Góes.scr (Infected with W32/DLoader.KFZD)
Deleted file
C:\WINDOWS\Natália Casassola.scr (Infected with W32/DLoader.KFZD)
Deleted file
Scanning: E:\.
E:\Back MD\Mu\GameGuard\GameMon.des (Infected with SDBot.gen8)
Deleted file
E:\Back MD\Mu\main.exe (Infected with W32/Obfuscated.AK!genr)
Deleted file
E:\Back MD\Mu\mu.exe (Infected with W32/Obfuscated.AK!genr)
Deleted file
E:\Backup Games\Tibia\Tibia.exe (Infected with W32/Tibia.ACE)
Deleted file
E:\Backup Games\Tibia\TibiCAM\TibiCAM.exe (Infected with W32/Smalldrp.ACPY)
Deleted file
E:\Level Up! Games\RF Online\System\FileData.z/./System/FileData.dat (Error whilst scanning file: I/O Error (0x00220005))
E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829503.des (Infected with SDBot.gen8)
Deleted file
E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829504.exe (Infected with W32/Obfuscated.AK!genr)
Deleted file
E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829505.exe (Infected with W32/Obfuscated.AK!genr)
Deleted file
E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829506.exe (Infected with W32/Tibia.ACE)
Deleted file
E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829507.exe (Infected with W32/Smalldrp.ACPY)
Deleted file
Scanning: F:\.
F:\aeae\MVW\pl0508.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
Scanning: C:\System Volume Information\.
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829501.scr (Infected with W32/DLoader.KFZD)
Deleted file
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829502.scr (Infected with W32/DLoader.KFZD)
Deleted file
Scanning: postscan
Running post-scan cleanup routine:
Number of files found: 228322
Number of archives unpacked: 1014
Number of files scanned: 228304
Number of files not scanned: 18
Number of files skipped due to exclude list: 0
Number of infected files found: 34
Number of infected files repaired/deleted: 34
Number of infections removed: 34
Total scanning time: 1h 20m 6s
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:54, on 25/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Ufyqea.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\DOCUME~1\user\CONFIG~1\Temp\Umh.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\user\CONFIG~1\Temp\Umh.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7371 bytes
Fiz esse processo todo agora de noite. Durante o processo, o IE do nada abriram janelas do IE com aquelas paginas que não tenho noção de onde vieram e como começaram a abrir, espero que esteja tudo bem. Aguardo novas instruções e desde já agradeço, abraço.
Olá Antonio, acabei de finalizar o scan online usando o ActiveScan 2.0 do Panda antivirus. Aqui vai o relatorio do bloco de notas, desde já agradeço.
Relatório do ActiveScan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-05-26 01:20:56
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@atdmt[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@bs.serving-sys[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@server.iad.liveperson[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@statse.webtrendslive[2].txt
00170553 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ig.com[1].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@terra.com[1].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@uol.com[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@questionmarket[1].txt
00209833 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@acesso.uol.com[1].txt
01674996 Application/Psexec.A HackTools No 0 Yes No c:\kombo.exe\psexec.cfexe
06125448 BAT/Autorun.JVF Virus/Worm No 1 Yes No c:\windows\system32\autorun.in
06125448 BAT/Autorun.JVF Virus/Worm No 1 Yes No c:\windows\system32\autorun.i
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\docume~1\user\config~1\temp\umh.exe
No c:\windows\ufyqea.exe
No c:\windows\system32\sshnas21.dll
No c:\documents and settings\user\configurações locais\temp\umf.exe
No c:\documents and settings\user\configurações locais\temp\umg.exe
No c:\documents and settings\user\configurações locais\temp\umh.exe
No c:\documents and settings\user\configurações locais\temporary internet files\content.ie5\0x6j896v\install[1].48534.exe
No c:\documents and settings\user\desktop\installers\tibia810.exe
No c:\documents and settings\user\meus documentos\msncleaner(www.portalmes.com).zip[msncleaner (www.portalmes.com).exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
219830 HIGH MS10-029
219822 HIGH MS10-021
219821 HIGH MS10-020
219647 HIGH MS10-018
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217832 HIGH MS10-006
217831 HIGH MS10-005
217169 HIGH MS10-002
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
191618 HIGH MS08-025
191617 HIGH MS08-024
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
;===================================================================================================================================================================================
Aguardando instruções. Desde já agradeço. Abraço.
:) Muitos problemas foram removidos. Mas ainda há outros problemas em seu PC.
_______________________________
:seta: Siga, por gentileza, as dicas destes tutoriais:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix
Tutorial do antivirus Nod32 Online
_______________________________
:seta: Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com o log que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e um novo log do Hijackthis e nos diga como está o PC após estes procedimentos.
Ficamos no aguardo.
Boa tarde Antonio. Estou enviando os logs dos procedimentos que você me pediu para fazer, aguardando instruções, abraço.
Log do UsbFix:
############################## | UsbFix V6.115 |
User : user (Administradores) # MICRO2
Update on 26/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:51:13 | 26/5/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel® Core2 Duo CPU E6750 @ 2.66GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ (!) Disabled | Updated ]
C:\ -> Disco fixo local # 74,6 Go (6,52 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco fixo local # 74,31 Go (14,32 Go free) # NTFS
F:\ -> Disco fixo local # 83,98 Go (79,02 Go free) # NTFS
G:\ -> Disco removível # 3,73 Go (1,77 Go free) [KINGSTON] # FAT32
################## | Ficheiros # pastas infeciosos |
Supprimido ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimido ! C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
Supprimido ! C:\WINDOWS\System32\sshnas21.dll
Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\a.dat
Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\Umf.exe
Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\Umg.exe
Supprimido ! C:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003
Supprimido ! E:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003
Supprimido ! F:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003
G:\autorun.inf -> ficheiro chamado : "G:\isbtLb.exe" ( Presente ! )
Supprimido ! G:\isbtLb.exe
Supprimido ! G:\autorun.inf
Supprimido ! G:\nds0q.exe
Supprimido ! G:\viuoqu.exe
Supprimido ! G:\viuoqu.scr
Supprimido ! C:\WINDOWS\Ufyqea.exe
################## | Registro |
Supprimido ! [HKCU\SOFTWARE\M5T8QL3YW3]
Supprimido ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimido ! [HKCU\SOFTWARE\QZAIB7KITK]
Supprimido ! [HKCU\SOFTWARE\XML]
Supprimido ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M5T8QL3YW3"
Supprimido ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimido ! [HKLM\SYSTEM\ControlSet002\Services\SSHNAS]
Supprimido ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
Supprimido ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Listing |
[16/01/2008 13:04|--a------|0] C:\AUTOEXEC.BAT
[11/02/2009 17:58|--a------|178597] C:\bankerfix.exe
[16/01/2008 13:00|--a------|211] C:\Boot.bak
[11/02/2009 09:32|-rahs----|281] C:\boot.ini
[28/10/2001 15:06|-rahs----|4952] C:\Bootfont.bin
[04/08/2004 08:00|--a------|261856] C:\cmldr
[19/05/2010 22:02|--a------|14547] C:\ComboFix.txt
[16/01/2008 13:04|--a------|0] C:\CONFIG.SYS
[16/01/2008 13:04|-rahs----|0] C:\IO.SYS
[05/05/2010 06:22|-rahs----|0] C:\khx
[16/01/2008 13:21|--a------|197] C:\lan.log
[16/01/2008 13:04|-rahs----|0] C:\MSDOS.SYS
[11/02/2009 09:26|--a------|257] C:\MSNCleaner.txt
[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 22:59|-rahs----|251168] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/04/2009 23:14|--a------|0] C:\random
[17/01/2008 03:26|--a------|206] C:\realtek.log
[17/01/2008 03:26|--a------|575] C:\RHDSetup.log
[20/10/2008 07:43|--a------|921632] C:\StiImg.dat
[26/05/2010 13:03|--a------|3255] C:\UsbFix.txt
[21/03/2010 16:03|--a------|59180650] E:\filme pb 1.wmv
[05/05/2010 06:22|-rahs----|0] E:\khx
[27/03/2010 20:03|--a------|97374612] E:\pb do xadrez.wmv
[27/03/2010 20:16|--a------|146726612] E:\pb do xadrez_0001.wmv
[18/03/2010 11:58|--a------|8548590] E:\rf test 1.wmv
[18/03/2010 12:05|--a------|8427498] E:\rf test 2.wmv
[18/03/2010 12:09|--a------|8627582] E:\rf test 2_0001.wmv
[07/02/2010 14:48|--a------|983624462] F:\Avatar.DVDScr.Leg.by.B4rm4n-www.clubwarez.ws.avi
[01/02/2010 04:20|--a------|155103386] F:\Flash.Forward.S01E02.HDTV.XviD-NoTV.rmvb
[01/02/2010 05:56|--a------|148636560] F:\Flashforward[ 01x03 _ks series.rmvb
[05/05/2010 06:22|-rahs----|0] F:\khx
[29/10/2009 20:58|--a------|651776] G:\Fenomenos de transporte.ppt
[21/01/2010 23:43|--a------|2209792] G:\The Beatles - Help!.mp3
[31/10/2009 12:59|--a------|5609646] G:\Kings of Leons - Use Somebody.mp3
[31/10/2009 21:43|--a------|3265720] G:\Kings Of Leon - --- is On Fire.mp3
[15/02/2010 23:47|--a------|3353613] G:\Lady GaGa - Paparrazzi.mp3
[13/11/2009 14:45|--a------|44907] G:\884611222284.pdf
[19/07/2009 12:33|--a------|4553956] G:\Yes Man ~ Munchausen by proxy & Zooey Deschanel.mp3
[01/01/2010 11:09|--a------|4214161] G:\Shiny Toy Guns - Stripped.mp3
[15/11/2009 18:38|--a------|109056] G:\trabalho biotrans.ppt
[18/11/2009 08:10|--a------|763392] G:\TM 2009.ppt
[22/11/2009 21:34|--a------|11577209] G:\Analítica 2.rar
[30/12/2009 21:25|--a------|5218219] G:\004_Markus Enochson - For You to See (feat_ Masaya) (Tiger Stripes vocal remix).mp3
[30/01/2010 20:27|--a------|6266109] G:\Kaskade & Deadmau5 - Move For Me.mp3
[10/02/2010 23:44|--a------|11761499] G:\02. Lady Gaga - Bad Romance (Album Version).mp3
[17/04/2009 22:32|--a------|4245885] G:\Andrea Bocceli & Laura Pausini - Vivo por ella (Span).MP3
[19/04/2009 12:12|--a------|4260806] G:\Andrea Bocelli & Giorgia - Vivo Per Lei (Italian).mp3
[01/08/2009 12:23|--a------|5460471] G:\Nickelback - Never Gonna Be Alone.mp3
[26/02/2010 16:35|--a------|65320685] G:\DBBR_Dragon_Ball_GT_31.rmvb
[04/03/2010 08:50|--a------|5536253] G:\Jay-Z - Empire State of Mind (feat Alicia Keys).mp3
[11/05/2010 23:37|--a------|219648] G:\trabalho do soccol 4.doc
[11/05/2010 23:40|--a------|62976] G:\capa trab soccol44.doc
[04/03/2010 06:56|--a------|59482] G:\Formulário 2010.pdf
[12/05/2010 11:11|--a------|49664] G:\trabalho aula pratica ferm.doc
[16/05/2010 21:03|--a------|1590272] G:\Trabalho soccol slides.ppt
[16/05/2010 21:38|--a------|64512] G:\texto soccol.doc
[17/05/2010 11:26|--a------|7438848] G:\apresentacao_final.ppt
[17/05/2010 00:13|--a------|92672] G:\texto soccol1.doc
[11/05/2010 16:19|--a------|28088797] G:\Bioreactor Design_4_0_321_4+dotnet.zip
[19/05/2010 07:23|--a------|32] G:\site bioreac.txt
[25/05/2010 00:03|--a------|313856] G:\trabalho soccol meios de cultivo.doc
[24/05/2010 23:01|--a------|62976] G:\capa trab inoculo.doc
[24/05/2010 23:26|--a------|1796096] G:\trabalho do soccol de inóculo.doc
[24/05/2010 23:56|--a------|62976] G:\capa trab meios de cultivo.doc
[23/09/2009 12:49|--a------|54031] G:\20092-cf061-lista-1.pdf
[10/12/2009 10:30|--a------|53422] G:\20092-cf061-lista-4.pdf
[17/12/2009 18:08|--a------|1328640] G:\Provas 1,2,3.doc
[04/02/2009 09:05|--a------|384686] G:\pokblue-port.zip
[04/02/2009 09:21|--a------|659797] G:\VisualBoyAdvance-1.8.0-beta3.zip
[06/01/2010 13:06|--a------|63488] G:\cola para apresentação.doc
[16/01/2010 19:46|--a------|19265735] G:\Pokemon+Online+1.2.rar
[06/01/2010 19:49|--a------|19433095] G:\Christmas_Edition.rar
[07/02/2010 14:48|--a------|983624462] G:\Avatar.DVDScr.Leg.by.B4rm4n-www.clubwarez.ws.avi
[27/01/2010 01:16|--a------|6931456] G:\Boneca.pps
[28/11/2009 23:13|--a------|147334733] G:\FF_101_www.downloadscorp.com.rmvb
[01/02/2010 05:56|--a------|148636560] G:\Flashforward[ 01x03 _ks series.rmvb
[01/02/2010 04:20|--a------|155103386] G:\Flash.Forward.S01E02.HDTV.XviD-NoTV.rmvb
[14/11/2009 00:56|--a------|5901952] G:\Kaskade - Angel On My Shoulder.mp3
[02/01/2010 18:20|--a------|11365659] G:\Kaskade - I Remember (Strobelite Edit).mp3
[24/02/2010 22:57|--a------|2178] G:\fontes rf.txt
[19/02/2010 15:57|--a------|18264] G:\SS forum.JPG
[24/02/2010 20:49|--a------|29771] G:\forum 2.JPG
[16/01/2010 03:51|--a------|1539979] G:\1203315054467uq4.gif
[19/01/2010 17:08|--a------|1551141] G:\geronimooooooooooo.gif
[17/02/2010 14:14|--a------|96] G:\ticket.txt
[16/02/2010 19:41|--a------|1725] G:\cali.txt
[12/01/2010 13:16|--a------|1064] G:\dup.txt
[20/01/2010 20:39|--a------|52223] G:\fudeo.jpg
[27/12/2009 23:17|--a------|9326341] G:\Requiem For A Dream - Clint Mansell - Lux Aeterna (Full Orch.mp3
[27/12/2009 22:55|--a------|3750765] G:\Requiem For A Dream Soundtrack - Lux Aeterna.mp3
################## | Vaccinação |
################## | Upload |
Favor enviar o arquivo : C:\UsbFix_Upload_Me_MICRO2.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição .
################## | ! Fim do relatório # UsbFix V6.115 ! |
Log do Nod32 online:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
C:\UsbFix_Upload_Me_MICRO2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Arquivos de programas\UsbFix\Tools\Proc.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\user\Desktop\Installers\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829624.dll a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0830642.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umf.exe.UsbFix a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\C\WINDOWS\system32\sshnas21.dll.UsbFix a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\G\isbtlb.exe.UsbFix Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\G\nds0q.exe.UsbFix Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\G\viuoqu.exe.UsbFix Win32/AutoRun.VB.GG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\G\viuoqu.scr.UsbFix Win32/AutoRun.VB.GG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
No progama Antonio, o que devo fazer? Deletar os arquivos da quarentena ou restaurá-los?
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:25, on 26/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7669 bytes
Desde já agradeço, abraço e fique com Deus.
Muitos outros problemas foram removidos.
_________________________
No progama Antonio, o que devo fazer? Deletar os arquivos da quarentena ou restaurá-los?
Pode deletá-los.
________________________
:seta: Siga as dicas deste tutorial:
Tutorial do antivírus BitDefender Online
Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Windows\BDOSCAN8\bdoscan.log
Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.
Ficamos no aguardo de sua resposta.
Boa Noite Antonio, aqui vai os logs do bitdefender e do hijack atualizado, no aguardo de novas instruções. Meu pc está iniciando normalmente denovo e aquela janela de pop-up parou de abrir, mas mesmo assim agaurdo novas instruções, desde já agradeço, abraço e fique com Deus.
Log do Bitdefender:
[General]
App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8"
Date = 26:05:2010
Time = 18:45:21
Scan Path = C:\;D:\;E:\;F:\;
[Engines Info]
Virus Definitions = 6095974
Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Apr 09 2010)"
Scan plugins = 17
Archive plugins = 43
Unpack plugins = 10
E-mail plugins = 6
System plugins = 4
[scan Statistics]
Folders = 8274
Files = 311524
Archives = 3583
Packed files = 17089
Identified viruses = 3
Infected files = 7
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 6
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 27
[scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0
[scan Results]
Line00000016 = "C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar=>Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Art effects.exe Detected with: Adware.Generic.64429"
Line00000015 = "C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar=>Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Art effects.exe Disinfection failed"Line00000014 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Infected with: Gen:Variant.Renos.14"
Line00000013 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Disinfection failed"
Line00000012 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Deleted"
Line00000011 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Infected with: Gen:Variant.Renos.14"
Line00000010 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Disinfection failed"
Line00000009 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Deleted"
Line00000008 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Infected with: Gen:Variant.Renos.14"
Line00000007 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Disinfection failed"
Line00000006 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Deleted"
Line00000005 = "C:\UsbFix\Quarantine\G\autorun.inf.UsbFix Infected with: Trojan.AutorunINF.Gen"
Line00000004 = "C:\UsbFix\Quarantine\G\autorun.inf.UsbFix Deleted"
Line00000003 = "C:\WINDOWS\system32\autorun.i Infected with: Trojan.AutorunINF.Gen"
Line00000002 = "C:\WINDOWS\system32\autorun.i Deleted"
Line00000001 = "C:\WINDOWS\system32\autorun.in Infected with: Trojan.AutorunINF.Gen"
Line00000000 = "C:\WINDOWS\system32\autorun.in Deleted"
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:30, on 26/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7626 bytes
Mais problemas foram eliminados pelo BitDefender Online.
____________________________
:seta: Você está usando uma versão antiga do Avg (que é a versão 8 dele). Sugiro que desinstale-o e baixe um ótimo antivirus como o Avira Antivir 10. Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:
'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 10 free (instalação e configuração)
'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html]Tutorial do Avira Antivir 10 free (como usá-lo corretamente)
___________________________________
* Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start AntiVir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.
Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.
_______________________________________________________________
:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start AntiVir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.
Ficamos no aguardo de sua resposta.
Olá Antonio, aqui vai o log do scan do Avira, creio que meu pc já está melhor e parece mais rapido, abraço e fique com Deus.
Log do Avira:
Avira AntiVir Personal
Report file date: quarta-feira, 26 de maio de 2010 21:42
Scanning for 2163364 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MICRO2
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/4/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 27/5/2010 00:33:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 27/5/2010 00:33:43
LUKE.DLL : 10.0.2.3 104296 Bytes 7/3/2010 21:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 11/2/2010 02:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 12:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 22:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 20:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 19:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 14:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/4/2010 00:33:43
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/4/2010 00:33:43
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/4/2010 00:33:43
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/4/2010 00:33:43
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/4/2010 00:33:43
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/4/2010 00:33:43
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/4/2010 00:33:43
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/4/2010 00:33:43
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/4/2010 00:33:43
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/4/2010 00:33:43
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/4/2010 00:33:43
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/4/2010 00:33:43
VBASE017.VDF : 7.10.6.206 120320 Bytes 26/4/2010 00:33:43
VBASE018.VDF : 7.10.6.232 99328 Bytes 28/4/2010 00:33:43
VBASE019.VDF : 7.10.7.2 155648 Bytes 30/4/2010 00:33:43
VBASE020.VDF : 7.10.7.26 119808 Bytes 4/5/2010 00:33:43
VBASE021.VDF : 7.10.7.51 118272 Bytes 6/5/2010 00:33:43
VBASE022.VDF : 7.10.7.75 404992 Bytes 10/5/2010 00:33:43
VBASE023.VDF : 7.10.7.100 125440 Bytes 13/5/2010 00:33:43
VBASE024.VDF : 7.10.7.119 177664 Bytes 17/5/2010 00:33:43
VBASE025.VDF : 7.10.7.139 129024 Bytes 19/5/2010 00:33:43
VBASE026.VDF : 7.10.7.157 145920 Bytes 21/5/2010 00:33:43
VBASE027.VDF : 7.10.7.173 147456 Bytes 25/5/2010 00:33:43
VBASE028.VDF : 7.10.7.174 2048 Bytes 25/5/2010 00:33:43
VBASE029.VDF : 7.10.7.175 2048 Bytes 25/5/2010 00:33:43
VBASE030.VDF : 7.10.7.176 2048 Bytes 25/5/2010 00:33:43
VBASE031.VDF : 7.10.7.181 75776 Bytes 26/5/2010 00:33:43
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 27/5/2010 00:33:43
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 27/5/2010 00:33:43
AESCN.DLL : 8.1.6.1 127347 Bytes 27/5/2010 00:33:43
AESBX.DLL : 8.1.3.1 254324 Bytes 27/5/2010 00:33:43
AERDL.DLL : 8.1.4.6 541043 Bytes 27/5/2010 00:33:43
AEPACK.DLL : 8.2.1.1 426358 Bytes 27/5/2010 00:33:43
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 27/5/2010 00:33:43
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 27/5/2010 00:33:43
AEHELP.DLL : 8.1.11.3 242039 Bytes 27/5/2010 00:33:43
AEGEN.DLL : 8.1.3.9 377203 Bytes 27/5/2010 00:33:43
AEEMU.DLL : 8.1.2.0 393588 Bytes 27/5/2010 00:33:43
AECORE.DLL : 8.1.15.3 192886 Bytes 27/5/2010 00:33:43
AEBB.DLL : 8.1.1.0 53618 Bytes 27/5/2010 00:33:43
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2010 15:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/1/2010 15:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/2/2010 19:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 27/5/2010 00:33:43
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 27/5/2010 00:33:43
AVARKT.DLL : 10.0.0.14 227176 Bytes 27/5/2010 00:33:43
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/1/2010 12:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2010 15:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2010 18:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2010 17:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 16:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 27/5/2010 00:33:43
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Arquivos de programas\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: quarta-feira, 26 de maio de 2010 21:42
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '58' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'firefox.exe' - '87' Module(s) have been scanned
Scan process 'WgaTray.exe' - '46' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'TeamSpeak.exe' - '54' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '8' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'avgnsx.exe' - '33' Module(s) have been scanned
Scan process 'avgrsx.exe' - '8' Module(s) have been scanned
Scan process 'avgemc.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '6' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'MDM.EXE' - '22' Module(s) have been scanned
Scan process 'jqs.exe' - '87' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '31' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '24' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '29' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '97' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Boot sector 'E:\'
[iNFO] No virus was found!
Boot sector 'F:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '975' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Arquivos de programas\TibiaCam TV Lite\play-00000008.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydf back-door program
[NOTE] A backup was created as '4eca6a39.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00000108.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydk back-door program
[NOTE] A backup was created as '565d459e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00000208.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyeq back-door program
[NOTE] A backup was created as '04021f76.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00000408.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyes back-door program
[NOTE] A backup was created as '623550b4.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00000508.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyev back-door program
[NOTE] A backup was created as '27b17d8a.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00010108.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyde back-door program
[NOTE] A backup was created as '58aa4feb.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00010208.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyep back-door program
[NOTE] A backup was created as '141263a1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00010308.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyew back-door program
[NOTE] A backup was created as '680a23f0.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00010408.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydj back-door program
[NOTE] A backup was created as '45500cbd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00020408.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyet back-door program
[NOTE] A backup was created as '5c383727.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Arquivos de programas\TibiaCam TV Lite\play-00020907.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydh back-door program
[NOTE] A backup was created as '30641b17.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831667.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydf back-door program
[NOTE] A backup was created as '41b60f4e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831668.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydk back-door program
[NOTE] A backup was created as '4fac3f89.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831669.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyeq back-door program
[NOTE] A backup was created as '0a8546cb.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831670.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyes back-door program
[NOTE] A backup was created as '038e4260.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831671.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyev back-door program
[NOTE] A backup was created as '5bcf5b09.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831672.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyde back-door program
[NOTE] A backup was created as '773b22c5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831673.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyep back-door program
[NOTE] A backup was created as '49c54210.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831674.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyew back-door program
[NOTE] A backup was created as '2acb6963.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831675.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydj back-door program
[NOTE] A backup was created as '0c03297e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831676.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyet back-door program
[NOTE] A backup was created as '3e9752db.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831677.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydh back-door program
[NOTE] A backup was created as '34d279a5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'E:\'
Begin scan in 'F:\'
End of the scan: quinta-feira, 27 de maio de 2010 03:07
Used time: 5:25:17 Hour(s)
The scan has been done completely.
36089 Scanned directories
1675708 Files were scanned
22 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
22 files were deleted
0 Viruses and unwanted programs were repaired
22 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1675686 Files not concerned
9811 Archives were scanned
0 Warnings
22 Notes
766716 Objects were scanned with rootkit scan
0 Hidden objects were found
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:53, on 27/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8040 bytes
Ps: Instalei o avira porém n desisntalei o AVG, vou usar um e enquanto esse estiver ligado, vou deixar o outro desligado.
Ps: Instalei o avira porém n desisntalei o AVG, vou usar um e enquanto esse estiver ligado, vou deixar o outro desligado
Sim, mas neste caso sugiro que você desinstale esta versão do Avg que já está antiga e instale o novo Avg 9 seguindo as dicas deste tutorial:
Tutorial do Avg 9 Free (como instalá-lo corretamente)
Depois disto atualize o Avg 9 (faça um update) e à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.
________________________________
:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
______________________________
:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):
http://swandog46.geekstogo.com/avenger2/download.php
*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:
Files to delete:C:\WINDOWS\system32\csrcs.exe
*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*O relatório será criado em C:\avenger.txt
______________________________
:seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:
Tutorial do Spyware Doctor Starter Edition
Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto e se algum virus foi removido pelo Avg 9.
Ficamos no aguardo.
Olá Antonio, estou passando o AVG no pc, porém ja conclui as outras etapas. Como disse anteriormente, meu pc está normal, melhor do que estava no inicio do topico. Vou mandar os logs, tanto do avenger, como do hijack e do spydoc atualizados.
Log do avenger:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\csrcs.exe" not found!
Deletion of file "C:\WINDOWS\system32\csrcs.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Log do Spydoc atualizado: ps: (ficou um negócio absurdamente grande no bloco de notas, pois o formato original era .htm, então postei no megaupload., o tamanho do arquivo eh pequeno, porém o texto é muito grande para postar aqui.)
http://www.megaupload.com/?d=QIFK16D1
Log do Hijack atualizado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:07, on 28/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Hijack\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7452 bytes
Aguardando novas instruções, desde já agradeço, fique com Deus, abraço.
B) Vários outros problemas foram removidos pelo Spyware Doctor e Hijackthis.
Obs: Se o seu computador ficar lento depois da instalação do Spyware Doctor, clique com o botão do mouse sobre o ícone do Spyware Doctor na barra de tarefas (ao lado do relógio do Windows) e escolha a opção Sair. Aparecerá uma mensagem perguntando se você tem certeza de que deseja fechar o Spyware Doctor, clique em Ok.
Aí quando você quizer utilizar novamente o Spyware Doctor é só você ir no menu: Iniciar --> Todos os programas --> Spyware Doctor --> Spyware Doctor.
E depois de utilizá-lo basta você realizar o procedimento descrito acima para desativá-lo novamente.
__________________________
:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
__________________________
Olá Antonio, estou passando o AVG no pc
:seta: Depois que o escaneamento com o Avg 9 tiver terminado, você nos diz, por gentileza, se alguns outros problemas foram removidos por ele e como está o PC depois disto.
Ficamos na espera.
Olá Antonio, desculpe a demora da resposta porém estava muito ocupado com a faculdade. Estou enviando o resultado do AVG, que finlamente não encontrou problema algum.
Resultado do AVG:
"Verificação ""Verificar todo o computador"" foi concluída."
"Nenhuma infecção foi encontrada durante esta verificação"
"Pastas selecionadas para verificação:";"Verificar todo o computador"
"Verificação iniciada: ";"terça-feira, 1 de junho de 2010, 17:04:56"
"Teste concluído:";"terça-feira, 1 de junho de 2010, 17:27:59 (23 minuto(s) 2 segundo(s))"
"Total de objetos verificados:";"322459"
"Usuário que iniciou o teste:";"user"
Para terminar após usar a ferramenta de "Fix Checked" do hijack nos itens que você citou, passei o hijack denovo e estou enviando este log, mas creio que está tudo OK. Meu pc está mais rapido tanto no iniciar quanto no desligar, creio que todos os problemas foram resolvidos. Peço que olhe o log e apenas me confirme isso, mas desde já agradeço e se tiver mais algumas instruções para correções de outros possiveis problemas, estou no aguardo. Abraço e fique com Deus.
Log do Hijack 01/06/2010 atualizado :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:41, on 1/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Valve\Steam\Steam.exe
C:\WINDOWS\system32\dllhost.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\Arquivos de programas\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\AVG\AVG9\avgui.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7861 bytes
Creio que está tudo OK. Meu pc está mais rapido tanto no iniciar quanto no desligar, creio que todos os problemas foram resolvidos. Peço que olhe o log e apenas me confirme isso, mas desde já agradeço e se tiver mais algumas instruções para correções de outros possiveis problemas, estou no aguardo.
:) Ficamos felizes que os problemas foram resolvidos. Só há mais estes passos importantes a serem feitos:
:seta: <@> Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" />
<@> Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
____________________________
:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:
___________________________
:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:
________________________________
:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
Escolhendo Programas que Iniciam com o PC
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________
:seta: Se o seu Windows for original, baixe e instale o Service Pack 3:
http://www.superdownloads.com.br/download/61/windows-service-pack/
________________________________
:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
______________________________
:) Foi um prazer ajudar, conte sempre conosco!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
:) Olá Iceds!
:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:
Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>
O log do Combofix estará em C:\ComboFix.txt
_______________________________
:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware
_______________________________
:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com o log que estará em C:\ComboFix.txt e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.
Ficamos no aguardo.