[Arquivado] Não consigo instalar Anti-Virus

[DidoLaco 0]

EStou com problemas na instalação de Anti-Virus

Nenhum deles instala

Fiz uma rápida busca na internet e percebi que várias pessoas estão com este problema

E também verifiquei o modo em que elas conseguiram se livrar dele.

 

Eli Bagle

F-Secure Blacklight

 

Não encontraram nada.

 

Por isso segue a Log do Hijackthis para analise

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:29:25, on 13/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20772)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

--

End of file - 7395 bytes

 

 

No Aguardo.

Obrigado!

[DigRam 144]

Boa Noite! DidoLaco

 

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[DidoLaco 0]

Boa Noite DigRam!

 

Desde já agradeço pela sua ajuda.

 

Segue Log do ComboFix como solicitado.

 

ComboFix 08-07-13.6 - Fernando 2008-07-13 23:36:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.681 [GMT -3:00]

Executando de: C:\Documents and Settings\Fernando\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

 

2008-07-13 23:32 . 2008-07-13 23:32 <DIR> d-------- C:\WINDOWS\LastGood

2008-07-13 15:55 . 2008-07-13 16:09 <DIR> d-------- C:\Arquivos de programas\PokerStars

2008-07-13 14:19 . 2008-07-13 14:29 <DIR> d-------- C:\HiJAckThis

2008-07-13 13:57 . 2008-07-13 13:57 268 --ah----- C:\sqmdata19.sqm

2008-07-13 13:57 . 2008-07-13 13:57 244 --ah----- C:\sqmnoopt19.sqm

2008-07-13 13:48 . 2008-07-13 13:48 268 --ah----- C:\sqmdata18.sqm

2008-07-13 13:48 . 2008-07-13 13:48 244 --ah----- C:\sqmnoopt18.sqm

2008-07-13 13:45 . 2008-07-13 13:45 268 --ah----- C:\sqmdata17.sqm

2008-07-13 13:45 . 2008-07-13 13:45 244 --ah----- C:\sqmnoopt17.sqm

2008-07-13 13:10 . 2008-07-13 13:10 268 --ah----- C:\sqmdata16.sqm

2008-07-13 13:10 . 2008-07-13 13:10 244 --ah----- C:\sqmnoopt16.sqm

2008-07-13 13:09 . 2008-07-13 14:00 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-12 12:42 . 2008-07-13 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-09 10:55 . 2007-09-02 14:33 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll

2008-07-09 10:50 . 2008-07-09 10:50 <DIR> d-------- C:\Automap

2008-06-28 17:10 . 2008-06-28 17:12 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys

2008-06-28 16:38 . 2008-06-28 16:38 <DIR> d-------- C:\Arquivos de programas\Atari

2008-06-23 21:22 . 2008-06-23 21:22 <DIR> d-------- C:\Documents and Settings\Fernando\Dados de aplicativos\AVGTOOLBAR

2008-06-23 20:52 . 2008-06-23 20:52 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Dados de aplicativos\Orbit

2008-06-23 20:49 . 2008-02-09 21:15 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Modelos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Meus documentos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> dr------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Menu Iniciar

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Favoritos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> dr-h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Dados de aplicativos

2008-06-23 20:49 . 2008-07-13 23:38 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Configurações locais

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Ambiente de rede

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Ambiente de impressão

2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d---s---- C:\Documents and Settings\Administrador

2008-06-20 14:36 . 2008-06-20 14:36 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 07:44 . 2008-06-20 07:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 06:32 . 2008-06-20 06:32 225,920 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-15 23:52 . 2008-06-15 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-06-15 23:43 . 2008-06-15 23:43 732 --a------ C:\removebrazip.bat

2008-06-15 23:18 . 2008-06-15 23:49 <DIR> d-------- C:\Arquivos de programas\BraZip

2008-06-15 22:30 . 2008-06-15 22:30 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys

2008-06-15 22:30 . 2008-06-15 22:30 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys

2008-06-14 13:56 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 13:56 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:56 . 2008-05-08 09:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:47 . 2008-06-14 13:47 268 --ah----- C:\sqmdata15.sqm

2008-06-14 13:47 . 2008-06-14 13:47 244 --ah----- C:\sqmnoopt15.sqm

2008-06-14 13:46 . 2008-06-14 13:46 <DIR> d-------- C:\Arquivos de programas\Telefonica

2008-06-14 13:46 . 2003-03-18 15:02 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-06-14 13:38 . 2008-06-14 13:38 268 --ah----- C:\sqmdata14.sqm

2008-06-14 13:38 . 2008-06-14 13:38 244 --ah----- C:\sqmnoopt14.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 18:40 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Tibia

2008-07-13 17:14 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\MegauploadToolbar

2008-07-12 18:34 --------- d-----w C:\Arquivos de programas\eMule

2008-07-09 13:50 --------- d-----w C:\Arquivos de programas\Tibia

2008-06-28 19:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-20 17:36 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:36 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-16 02:34 141,312 ----a-w C:\WINDOWS\system32\taskmgr.exe

2008-06-15 16:37 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe

2008-06-15 04:53 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Orbit

2008-05-30 02:22 --------- d-----w C:\Arquivos de programas\EditPlus 2

2008-05-07 04:55 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 04:55 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2008-02-10 00:24 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008020920080210\index.dat

2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2008-02-22 22:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-21 18:40 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-06-15 13:35 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 5898240]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2008-06-15 13:35 132496]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-06-15 13:38 155648]

"Lexmark X1100 Series"="C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2008-06-15 13:35 57344]

"SoundMan"="SOUNDMAN.EXE" [2008-06-15 13:37 577536 C:\WINDOWS\soundman.exe]

"nwiz"="nwiz.exe" [2008-06-15 13:38 1519616 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-21 18:40 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-15 22:30]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-15 22:30]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 20:50]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-28 17:12]

S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 18:28]

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-ares - C:\Arquivos de programas\Ares\Ares.exe

HKLM-Run-avast! - C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

Notify-WgaLogon - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-13 23:39:00

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-13 23:40:59

ComboFix-quarantined-files.txt 2008-07-14 02:40:28

 

Pre-Run: 19,328,925,696 bytes disponíveis

Post-Run: 19,431,309,312 bytes disponíveis

 

137 --- E O F --- 2008-07-14 00:14:05

 

 

Sou meio leigo no assunto e não entendi o que aconteceu durante o processo,

mas teve q hora que apareceu que a memória não pode ser lida.

Cliquei ok e o programa continuou normalmente(aparentemente).

 

Nova Log do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:00, on 13/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20772)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\HiJAckThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

--

End of file - 6692 bytes

 

 

Continuo no aguardo.

Obrigado!

[DigRam 144]

Bom Dia! DidoLaco

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Antes de seguir,vamos providenciar a instalação do RC!

-------------------------------------

<!> Vá ao site da Microsoft: < Link >

 

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

 

 

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

 

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

 

 

<!> Terminando,poste os relatórios:

 

<!> C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[DidoLaco 0]

Bom dia! DigRam

 

Fiz tudo como solicitado e aí vai as logs atualizadas do ComboFix:

 

ComboFix 08-07-13.6 - Fernando 2008-07-14 1:16:53.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.744 [GMT -3:00]

Executando de: C:\Documents and Settings\Fernando\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Fernando\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

 

2008-07-13 23:44 . 2008-07-13 23:44 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-13 23:44 . 2008-07-13 23:44 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-13 15:55 . 2008-07-14 01:11 <DIR> d-------- C:\Arquivos de programas\PokerStars

2008-07-13 14:19 . 2008-07-13 23:43 <DIR> d-------- C:\HiJAckThis

2008-07-13 13:57 . 2008-07-13 13:57 268 --ah----- C:\sqmdata19.sqm

2008-07-13 13:57 . 2008-07-13 13:57 244 --ah----- C:\sqmnoopt19.sqm

2008-07-13 13:48 . 2008-07-13 13:48 268 --ah----- C:\sqmdata18.sqm

2008-07-13 13:48 . 2008-07-13 13:48 244 --ah----- C:\sqmnoopt18.sqm

2008-07-13 13:45 . 2008-07-13 13:45 268 --ah----- C:\sqmdata17.sqm

2008-07-13 13:45 . 2008-07-13 13:45 244 --ah----- C:\sqmnoopt17.sqm

2008-07-13 13:10 . 2008-07-13 13:10 268 --ah----- C:\sqmdata16.sqm

2008-07-13 13:10 . 2008-07-13 13:10 244 --ah----- C:\sqmnoopt16.sqm

2008-07-13 13:09 . 2008-07-13 14:00 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-12 12:42 . 2008-07-13 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-09 10:55 . 2007-09-02 14:33 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll

2008-07-09 10:50 . 2008-07-09 10:50 <DIR> d-------- C:\Automap

2008-06-28 17:10 . 2008-06-28 17:12 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys

2008-06-28 16:38 . 2008-06-28 16:38 <DIR> d-------- C:\Arquivos de programas\Atari

2008-06-23 21:22 . 2008-06-23 21:22 <DIR> d-------- C:\Documents and Settings\Fernando\Dados de aplicativos\AVGTOOLBAR

2008-06-23 20:52 . 2008-06-23 20:52 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Dados de aplicativos\Orbit

2008-06-23 20:49 . 2008-02-09 21:15 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Modelos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Meus documentos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> dr------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Menu Iniciar

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Favoritos

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> dr-h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Dados de aplicativos

2008-06-23 20:49 . 2008-07-14 01:18 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Configurações locais

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Ambiente de rede

2008-06-23 20:49 . 2008-02-09 19:04 <DIR> d--h----- C:\Documents and Settings\Administrador.FERNANDO-3761D5\Ambiente de impressão

2008-06-23 20:49 . 2008-06-23 20:49 <DIR> d-------- C:\Documents and Settings\Administrador.FERNANDO-3761D5

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-06-23 19:57 . 2008-07-14 01:18 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-06-23 19:57 . 2008-06-23 20:25 <DIR> d---s---- C:\Documents and Settings\Administrador

2008-06-20 14:36 . 2008-06-20 14:36 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 07:44 . 2008-06-20 07:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 06:32 . 2008-06-20 06:32 225,920 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-15 23:52 . 2008-06-15 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-06-15 23:43 . 2008-06-15 23:43 732 --a------ C:\removebrazip.bat

2008-06-15 23:18 . 2008-06-15 23:49 <DIR> d-------- C:\Arquivos de programas\BraZip

2008-06-15 22:30 . 2008-06-15 22:30 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys

2008-06-15 22:30 . 2008-06-15 22:30 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys

2008-06-14 13:56 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 13:56 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:56 . 2008-05-08 09:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:47 . 2008-06-14 13:47 268 --ah----- C:\sqmdata15.sqm

2008-06-14 13:47 . 2008-06-14 13:47 244 --ah----- C:\sqmnoopt15.sqm

2008-06-14 13:46 . 2008-06-14 13:46 <DIR> d-------- C:\Arquivos de programas\Telefonica

2008-06-14 13:46 . 2003-03-18 15:02 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-06-14 13:38 . 2008-06-14 13:38 268 --ah----- C:\sqmdata14.sqm

2008-06-14 13:38 . 2008-06-14 13:38 244 --ah----- C:\sqmnoopt14.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 18:40 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Tibia

2008-07-13 17:14 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\MegauploadToolbar

2008-07-12 18:34 --------- d-----w C:\Arquivos de programas\eMule

2008-07-09 13:50 --------- d-----w C:\Arquivos de programas\Tibia

2008-06-28 19:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-20 17:36 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:36 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-16 02:34 141,312 ----a-w C:\WINDOWS\system32\taskmgr.exe

2008-06-15 16:37 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe

2008-06-15 04:53 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Orbit

2008-05-30 02:22 --------- d-----w C:\Arquivos de programas\EditPlus 2

2008-05-07 04:55 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 04:55 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2008-02-10 00:24 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008020920080210\index.dat

2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2008-02-22 22:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-13_23.40.12.76 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-14 02:30:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-14 02:44:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-21 18:40 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-06-15 13:35 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 5898240]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2008-06-15 13:35 132496]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-06-15 13:38 155648]

"Lexmark X1100 Series"="C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2008-06-15 13:35 57344]

"SoundMan"="SOUNDMAN.EXE" [2008-06-15 13:37 577536 C:\WINDOWS\soundman.exe]

"nwiz"="nwiz.exe" [2008-06-15 13:38 1519616 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-21 18:40 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-15 22:30]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-15 22:30]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 20:50]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-28 17:12]

S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 18:28]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 01:18:19

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-14 1:21:03

ComboFix-quarantined-files.txt 2008-07-14 04:20:08

 

Pre-Run: 20,387,790,848 bytes disponíveis

Post-Run: 20,359,086,080 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

141 --- E O F --- 2008-07-14 00:14:05

 

--------------------------------------------------------------------

E do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:22:00, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20772)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJAckThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

--

End of file - 6604 bytes

 

No Aguardo de Novas Instruções

Obrigado!

[DigRam 144]

Bom Dia! DidoLaco

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

 

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

 

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (file missing)

<@> Marque,àcima,as entradas! << Assinale as caixinhas!

<@> À seguir,clique em Fixchecked!

-------------------------------------------

<@> Vá ao Windows Update,e busque a atualização SP3.

<@> Terminando de instalar o pacote,reinicie o computador!

<@> Poste,na sua resposta: HijackThis,atualizado.

 

Abraços!

[DidoLaco 0]

Boa Noite! DigRam

 

Não consegui achar o SP3 no Windows Update

Fiz o pedido, e segue Log do HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:13, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20772)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJAckThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

--

End of file - 6084 bytes

 

 

Obrigado!

[DigRam 144]

Boa Noite! DidoLaco

 

<@> Faça o download do ATF Cleaner.

<@> Baixe-o para o Desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Abra o ATF Cleaner.

<@> Em Select Files to Delete,clique em: Select All >> Empty Selected.

<@> Na janela que abrir:Done,clique em Ok.

<@> Na limpeza do Firefox,temos: Clique em Firefox >> Select All >> Sim.

<@> Saia do programa,e reinicie o computador!

-------------------------------

<@> Como o pacote SP3,possui 302Mb é recomendável sua instalação,por intermédio de CD-ROM ou pendrive.

<@> Caso faça a opção pelo download,vá a este endereço: < SP3 >

-------------------------------

<@> Após a instalação da atualização,veja se já pode rodar algum antivírus.

<@> Faça a opção pelo Avira,que é um ótimo antivírus.

 

Abraços!

[DidoLaco 0]

Bom Dia DigRam!

 

Fiz como o pedido, só ainda não consegui instalar o SP3

 

Instalei o Avira como recomendado,

Unico problema a versão veio em alemão, tem como alterar para português?

 

Obrigado pela Ajuda.

 

Abraços!

[DigRam 144]

Opa! DidoLaco

Boa Tarde!

 

Fiz como o pedido, só ainda não consegui instalar o SP3

<!> Se o SO não for original,voçê não conseguirá instalar a atualização!

----------------------------

Instalei o Avira como recomendado,

Unico problema a versão veio em alemão, tem como alterar para português?

<!> Estranho!Baixei o meu do mesmo endereço,e ele está em Português.Voçê verificou a opção de linguas,durante a instalação?

----------------------------

>@< Baixe: < CCleaner >

>@< Salve-o no Desktop!

>@< Com a opção < Limpador >,já selecionada,clique em Analisar.

>@< Aguarde o progresso!

>@< Terminando,clique em Executar Cleaner.

>@< Na janela que surgir,dê o Ok.

>@< Aguarde o progresso!

----------------------------

>@< Selecionando a opção Registro,clique em Procurar erros.

>@< Terminando,clique em Corrigir erros selecionados...

>@< Na pergunta,clique em Sim!

>@< Nomeie os backups e clique em Salvar.

>@< Na janela que aparecer,clique em: Corrigir todos os erros selecionados

>@< Clique em Ok >> Fechar.

----------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

<!> O log está limpo!

<!> Bom trabalho! :thumbsup:

 

Abraços!

[DidoLaco 0]

<!> Se o SO não for original,voçê não conseguirá instalar a atualização!

----------------------------

O SO é Original!

Deu arquivo corrompido

Acontece muito aqui em casa por causa das falhas de transimssão da internet

Que mesmo sendo de 2mb estou com problemas na fiação o que causa pequenas quedas

E acaba corrompendo os arquivos

Hoje vou baixar de novo!

<!> Estranho!Baixei o meu do mesmo endereço,e ele está em Português.Voçê verificou a opção de linguas,durante a instalação?

 

Estranho também porque não houve escolha de idioma

Depois tento de novo

Já usei o Avira, então conheço as opções básicas.

 

----------------------------------

O que tinha no Meu Log que impedia a execução de anti-virus?

 

 

 

 

EDITANDO

 

Baixei novamente o Avira e o SP3

 

O Avira instalou novamente em alemão, e não existe opção para mudança de idioma

O SP3 baixou e no final da descompactação dá arquivo corrompido, segunda ou terça vo ver se baixou no trampo e ponho no pen drive

 

Por fim baixei o Avast e por enquanto está normal!

 

Obrigado pela Ajuda

 

Acho que já pode dar como resolvido

Qualquer coisa peço reabertura do tópico!

[DigRam 144]

Bom Dia! DidoLaco

 

Á pedido do Membro,este Tópico foi reaberto!

------------------------

<@> BAIXE: < Kaspersky Virus Removal Tool >

------------------------

<@> Faça o download da atualização mais recente! << Observe as datas!

<@> Salve-o em Arquivos de Programas!

<@> Reinicie o computador,em Modo de Segurança! << Importante!

<@> Execute a ferramenta,com um duplo-clique,em seu executável.

<@> Abrir-se-á a seguinte janela:

 

 

<@> Na opção: Manual Cure,marque todas as caixas e clique em Scan.

<@> Terminando o scan,copie e poste o relatório + HijackThis,atualizado.

 

Ps: Confirme a solicitação,de remoção aos arquivos detectados!

 

Abraços!

[DidoLaco 0]

Boa Tarde DigRam!

 

Tentei escanear com a ferramenta porém em 1 hora havia terminado apenas 20%, ainda hoje reiniciarei a ferramenta e postarei o resultado.

Só por desencargo de consciência, segue log do HJT.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:05, on 27/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20772)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HiJAckThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [is-VIDI2] "C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

--

End of file - 5526 bytes

 

 

Uma Coisa que estranhei na guia de inicialização

 

 

Nunca tinha visto as entradas ntuser.

[DigRam 144]

Boa Noite! DidoLaco

 

Em termos bastante genéricos,o arquivo NTUSER contém informações do perfil da tua conta no windows. Entre elas, dados sobre o desktop,preferências,ícones,pastas,configurações pessoais sobre aplicativos (e.g. navegador web, cliente de e-mail),entre outros.

Ele pode ser local ou de roaming. (móvel)

É desse modo então,que se torna possível que diferentes usuários tenham características distintas de ambiente num mesmo computador.

Ele fica "bloqueado" para exclusão quando é utilizado pelo sistema operacional (durante o processo de logon). Se você excluir manualmente esse arquivo,terás que reconfigurar todo teu perfil. Não aconselho isso, a não ser em casos onde você esteja querendo apagar o usuário e toda estrutura correspondente em C:\Documents and settings.

( Emerson Silva ) --> Link: < http://br.answers.yahoo.com/question/index...16112909AASalIV >

<!> Portanto,os ficheiros são legítimos.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.