[Resolvido!]Lentidão e pop-ups. Acho que é trojan!

[jhol___ 0]

Por favor pessoal, essa situação está atrapalhando muito meu trabalho. Agradeço demais quem puder tirar um tempo pra me ajudar...

 

É minha primeira vez aqui, espero ter feito tudo dentro das normas. Pelo que li por aqui o primeiro passo seria um log feito pelo HijackThis, aí está:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:28:01, on 14/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1602E4-CC4E-4C78-A574-CBB96731DC03}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

[DigRam 144]

Bom Dia jhol__!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[jhol___ 0]

Bom dia DigRam!

 

Brigadão pela atenção cara. Seguem os logs!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:11:43, on 15/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1602E4-CC4E-4C78-A574-CBB96731DC03}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

 

--------------------------------------------------------------------------------------------------------------------------------------

 

 

 

ComboFix 07-09-14.2 - "Jhol" 2007-09-15 11:04:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.100 [GMT -3:00]

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\WebAssist.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))

.

 

2007-09-15 11:03 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-14 19:15 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\MegauploadToolbar

2007-09-14 19:15 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-09-14 10:34 <DIR> d-------- C:\HijackThis

2007-09-14 09:50 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2007-09-14 09:50 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2007-09-14 09:50 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-09-14 09:50 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2007-09-14 09:50 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2007-09-14 09:50 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2007-09-14 09:50 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2007-09-14 09:50 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2007-09-14 04:02 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-09-14 04:02 249,856 --------- C:\WINDOWS\Setup1.exe

2007-09-14 04:02 <DIR> d-------- C:\Arquivos de programas\Despertador

2007-09-11 09:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-09-11 09:04 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2007-09-11 08:59 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-09-10 18:29 <DIR> d-------- C:\Arquivos de programas\ActivationManager

2007-09-09 17:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-09-09 11:20 <DIR> d-------- C:\Downloads

2007-09-09 11:20 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Orbit

2007-09-09 11:20 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2007-09-08 00:32 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-09-08 00:31 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\uTorrent

2007-09-05 16:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-09-05 16:39 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-08-23 23:51 1,188 --a------ C:\WINDOWS\mozver.dat

2007-08-23 23:48 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-23 23:48 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Talkback

2007-08-22 16:28 <DIR> d-------- C:\Arquivos de programas\PC Wizard 2007

2007-08-21 07:33 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-08-20 09:22 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-20 09:07 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Media Player Classic

2007-08-20 08:10 <DIR> d-------- C:\Arquivos de programas\NeXus RV10 & MKV Filtres

2007-08-20 08:08 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2007-08-18 20:41 11,342 --a------ C:\WINDOWS\system32\winmds.exe

2007-08-18 19:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet

2007-08-18 17:02 <DIR> d-------- C:\WINDOWS\pss

2007-08-18 16:50 <DIR> d-------- C:\Arquivos de programas\Bonjour

2007-08-18 16:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2007-08-18 15:54 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Google

2007-08-18 15:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-08-18 15:53 <DIR> d-------- C:\Arquivos de programas\Google

2007-08-18 15:45 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-08-18 13:56 <DIR> d-------- C:\Arquivos de programas\Project64 1.6

2007-08-18 13:55 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\WinRAR

2007-08-18 12:40 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-18 12:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-18 12:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-08-18 12:26 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-08-18 11:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-08-18 10:15 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-18 10:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-18 09:59 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-08-18 09:55 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-08-18 09:55 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2007-08-18 09:48 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-08-18 09:46 <DIR> dr-h----- C:\MSOCache

2007-08-18 09:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

2007-08-18 09:34 <DIR> d-------- C:\Arquivos de programas\MagicISO

2007-08-18 05:12 <DIR> d-------- C:\Arquivos de programas\eMule

2007-08-18 04:56 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Image Zone Express

2007-08-18 04:50 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\Corel

2007-08-18 04:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Corel

2007-08-18 04:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-08-18 04:37 8 -r-hs---- C:\WINDOWS\system32\B8B9A4F011.sys

2007-08-18 04:37 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-08-18 04:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

2007-08-18 04:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2007-08-18 04:27 <DIR> d-------- C:\Arquivos de programas\Corel

2007-08-18 04:17 26,176 --a------ C:\WINDOWS\system32\Lo7iUDtl.exe

2007-08-18 03:48 <DIR> d-------- C:\DOCUME~1\Jhol\Contacts

2007-08-18 03:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-18 03:48 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-18 03:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-18 03:46 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-18 03:23 <DIR> d-------- C:\DOCUME~1\Jhol\DADOSD~1\HP

2007-08-18 03:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

2007-08-18 03:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-08-18 03:20 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2007-08-18 03:19 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-08-18 03:19 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-08-18 03:19 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-08-18 03:19 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-08-18 03:19 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-08-18 03:19 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-08-18 03:19 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-08-18 03:14 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-08-18 03:14 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-08-18 03:14 <DIR> d-------- C:\Arquivos de programas\HP

2007-08-18 03:13 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll

2007-08-18 03:13 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll

2007-08-18 03:13 14,916 --------- C:\WINDOWS\hphmdl12.dat

2007-08-18 03:13 126,119 --a------ C:\WINDOWS\HPHins12.dat

2007-08-18 03:03 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-18 03:03 <DIR> d-------- C:\Arquivos de programas\honestech

2007-08-18 03:02 <DIR> d-------- C:\Arquivos de programas\Webcam

2007-08-18 03:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-17 23:33 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-04 08:09 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2007-09-04 08:09 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS

2007-08-18 02:56 --------- d-------- C:\Arquivos de programas\CONEXANT

2007-08-18 02:42 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-18 02:38 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

 

.

Contents of the 'Scheduled Tasks' folder

"2007-09-15 03:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 12:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 13:00:00 C:\WINDOWS\Tasks\At11.job"

"2007-09-15 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 17:00:00 C:\WINDOWS\Tasks\At15.job"

"2007-09-14 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 19:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 04:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 22:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 23:00:00 C:\WINDOWS\Tasks\At21.job"

"2007-09-15 00:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 01:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-15 03:00:00 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 04:00:00 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 05:00:00 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 07:00:00 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 08:00:00 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 09:00:00 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 10:00:00 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 11:00:00 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 12:00:00 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 13:00:00 C:\WINDOWS\Tasks\At35.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 14:00:00 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 15:00:00 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 16:00:00 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 17:00:00 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 18:00:00 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 19:00:01 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 20:00:00 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 21:00:00 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 22:00:00 C:\WINDOWS\Tasks\At44.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 23:00:00 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 00:00:00 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 01:00:00 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-15 02:00:00 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\system32\winmds.exe

"2007-09-14 07:00:00 C:\WINDOWS\Tasks\At5.job"

"2007-09-14 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

"2007-09-14 11:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\Lo7iUDtl.exe

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-15 11:08:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-15 11:09:47 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-15 11:09

.

--- E O F ---

[DigRam 144]

Boa Noite jhol__!

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\system32\Lo7iUDtl.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

_____________________

 

>@< Faça e poste um nôvo log,do HijackThis + Avenger.txt,na sua resposta.

 

Abraços!

[jhol___ 0]

Boa tarde, Dig Ram. Seguem os logs como você me pediu:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:52:44, on 16/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1602E4-CC4E-4C78-A574-CBB96731DC03}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

 

---------------------------------------------------------------------------------------------------------------------------------------------

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\psrtvwii

 

*******************

 

Script file located at: \??\C:\flckmbjs.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\Lo7iUDtl.exe deleted successfully.

File C:\WINDOWS\system32\winmds.exe deleted successfully.

File C:\WINDOWS\Tasks\At1.job deleted successfully.

File C:\WINDOWS\Tasks\At10.job deleted successfully.

File C:\WINDOWS\Tasks\At11.job deleted successfully.

File C:\WINDOWS\Tasks\At12.job deleted successfully.

File C:\WINDOWS\Tasks\At13.job deleted successfully.

File C:\WINDOWS\Tasks\At14.job deleted successfully.

File C:\WINDOWS\Tasks\At15.job deleted successfully.

File C:\WINDOWS\Tasks\At16.job deleted successfully.

File C:\WINDOWS\Tasks\At17.job deleted successfully.

File C:\WINDOWS\Tasks\At18.job deleted successfully.

File C:\WINDOWS\Tasks\At19.job deleted successfully.

File C:\WINDOWS\Tasks\At2.job deleted successfully.

File C:\WINDOWS\Tasks\At20.job deleted successfully.

File C:\WINDOWS\Tasks\At21.job deleted successfully.

File C:\WINDOWS\Tasks\At22.job deleted successfully.

File C:\WINDOWS\Tasks\At23.job deleted successfully.

File C:\WINDOWS\Tasks\At24.job deleted successfully.

File C:\WINDOWS\Tasks\At25.job deleted successfully.

File C:\WINDOWS\Tasks\At26.job deleted successfully.

File C:\WINDOWS\Tasks\At27.job deleted successfully.

File C:\WINDOWS\Tasks\At28.job deleted successfully.

File C:\WINDOWS\Tasks\At29.job deleted successfully.

File C:\WINDOWS\Tasks\At3.job deleted successfully.

File C:\WINDOWS\Tasks\At30.job deleted successfully.

File C:\WINDOWS\Tasks\At31.job deleted successfully.

File C:\WINDOWS\Tasks\At32.job deleted successfully.

File C:\WINDOWS\Tasks\At33.job deleted successfully.

File C:\WINDOWS\Tasks\At34.job deleted successfully.

File C:\WINDOWS\Tasks\At35.job deleted successfully.

File C:\WINDOWS\Tasks\At36.job deleted successfully.

File C:\WINDOWS\Tasks\At37.job deleted successfully.

File C:\WINDOWS\Tasks\At38.job deleted successfully.

File C:\WINDOWS\Tasks\At39.job deleted successfully.

File C:\WINDOWS\Tasks\At4.job deleted successfully.

File C:\WINDOWS\Tasks\At40.job deleted successfully.

File C:\WINDOWS\Tasks\At41.job deleted successfully.

File C:\WINDOWS\Tasks\At42.job deleted successfully.

File C:\WINDOWS\Tasks\At43.job deleted successfully.

File C:\WINDOWS\Tasks\At44.job deleted successfully.

File C:\WINDOWS\Tasks\At45.job deleted successfully.

File C:\WINDOWS\Tasks\At46.job deleted successfully.

File C:\WINDOWS\Tasks\At47.job deleted successfully.

File C:\WINDOWS\Tasks\At48.job deleted successfully.

File C:\WINDOWS\Tasks\At5.job deleted successfully.

File C:\WINDOWS\Tasks\At6.job deleted successfully.

File C:\WINDOWS\Tasks\At7.job deleted successfully.

File C:\WINDOWS\Tasks\At8.job deleted successfully.

File C:\WINDOWS\Tasks\At9.job deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

Valew pela força!!

[DigRam 144]

Boa Tarde jhol__!

 

>@< Com o HijackThis,dê Fix,nestas entradas:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

_______________________

 

>@< Crie um Ponto de Restauração,ao executar estes procedimentos.

>@< Para a limpeza e otimização do SO,baixe:

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa de limpeza,é fantástico,pois além de remover: Cookies,históricos e temporários.Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Terminando,reinicie o computador e execute,novamente,o Advanced WindowsCare.

___________________

 

>@< Poste,na sua resposta,um novo Log do HJT e,diga se o problema de lentidão foi reduzido ou eliminado.

 

Abraços!

[Amanenti 0]

DigRam estou com um problema tipo esse; um pouco mais complicado.Depois por favor vai no meu tópico e e ajuda!?Grato

[jhol___ 0]

Valeu Dig Ram

 

Parece que está tudo ok agora, não vejo nenhum problema aparente. Brigadão!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 01:32:56, on 17/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\oodag.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1602E4-CC4E-4C78-A574-CBB96731DC03}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

[DigRam 144]

Boa Tarde jhol__!

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< Bom trabalho!

>@< Log Limpo!

 

Abraços!

[jhol___ 0]

Obrigado mesmo, Dig Ram!Belo trabalho esse que vocês prestam aqui, muito útil pra galera toda. Parabêns!!!O computador de todos nós agradece \o/

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.