[Resolvido!] Trojans no Arranque Impossíveis de Eliminar

[paulopereira 0]

Eu tenho instalado o kaspersky 7.0 no pc e nunca tive problemas de maior, até há duas semanas. Daí para cá, sempre que inicio o computador, aparece-me sempre um aviso de infecção por trojans. O kaspersky supostamente trata do assunto mas o facto é que, em cada arranque, o problema volta a se verificar. E o computador já encravou várias vezes no arranque, nestes últimos tempos.

 

Os tronjans que o kaspersky isola são os seguintes:

 

- Trojan-Dropper.Win32.agent.ahkb

- Trojan.Win32.VB.kdd

 

Já tentei resolver o problema com o Ad-ware da Lavasoft e com o Spybot, mas sem sucesso.

 

Agradecia sinceramente que dessem uma opinião sobre o meu problema.

 

Obrigado e um abraço

[Silas Martins 0]

Siga as instruções Abaixo

1ºPasso

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui aproximadamente 32 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

2º Passo:

Gere um log do Hijackthis conforme as instruções e poste ele em sua próxima resposta, juntamente com o resultado do Kaspersky Virus Removal Tool.

 

Aguardo retorno.

[paulopereira 0]

Francamente agradecido pela resposta. Vou fazer tudo o que sugeriu e volto o mais rápido possível com o resultado. Obrigado de novo.

[paulopereira 0]

Aparentemente está resolvido! MUITISSIMO OBRIGADO PELA AJUDA, sinceramente.

 

Aqui vai o resumo do relatório do kaspersky (o ficheiro tinha 143Mb, não consegui colar aqui tudo).

 

Scan

----

Scanned: 1204469

Detected: 1

Untreated: 0

Start time: 19-03-2009 19:36:52

Duration: 04:36:56

Finish time: 20-03-2009 0:13:48

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan-Downloader.Win32.Injecter.ckr File: C:\Documents and Settings\Administrador\Definições locais\Temporary Internet Files\Content.IE5\6D5Q11HL\getfile-090213-dns[1].gif//#

 

E aqui vai o do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0:19:36, on 20-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [soundMAX] C:\Programas\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-6QSMO.lnk = C:\Documents and Settings\Administrador\Ambiente de trabalho\Virus Removal Tool\is-6QSMO\startup.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8520 bytes

 

De novo, o meu MUITO OBRIGADO

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em StartScan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman

[paulopereira 0]

Aqui os resultados no Norman:

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/03/20 09:48:35

 

Norman Scanner Engine Version: 6.00.06

Nvcbin.def Version: 6.00.00, Date: 2009/03/20 09:48:35, Variants: 3017079

 

Scan started: 20/03/2009 13:57:27

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: PC195201846944\Administrador

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll" -> ""

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 2668

Number of processes/threads scanned: 2642

Number of processes/threads not scanned: 26

Number of infected processes/threads terminated: 0

Total scanning time: 1m 11s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\Programas\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error (0x0022000A))

C:\Programas\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

 

Scanning: E:\*.*

 

Scanning: D:\*.*

 

Scanning: F:\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 212957

Number of archives unpacked: 7040

Number of files scanned: 212932

Number of files not scanned: 25

Number of files skipped due to exclude list: 0

Number of infected files found: 1

Number of infected files repaired/deleted: 0

Number of infections removed: 0

Total scanning time: 1h 3m 32s

 

Aqui os do HiJack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:16:24, on 20-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\wmiprevse.exe

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [soundMAX] C:\Programas\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-6QSMO.lnk = C:\Documents and Settings\Administrador\Ambiente de trabalho\Virus Removal Tool\is-6QSMO\startup.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9924 bytes

 

Está resolvido o problema?

[paulopereira 0]

O computador está a ter muitos problemas no arranque. Está a encravar vezes sucessivas, às vezes só o consigo chegar ao ambiente de trabalho à 3ª ou 4ª tentativa. Alguma razão em especial??

[Silas Martins 0]

Esses problemas talvez estejam relacionados a infecção.

Siga as instruções abaixo:

Baixe o Sophos Anti-Rootkit.

 

1. Preencha o formulário com os dados solicitados. Clique em Submit. Efetue o download salvando-o em seu desktop;

 

2. Após o término do download o executável sarsfx.exe será embutido em seu desktop. Dê duplo-clique sobre o sarsfx.exe. Aceite a licença. Clique em Install;

 

3. Depois de executado o processo haverá uma pasta denominada C:\SOPHTEMP alocada no C. Entre nesta pasta e dê duplo-clique sobre sargui.exe. Execute uma verificação (por padrão todos os itens estarão marcados);

 

4. Deixe o programa rodar até que o mesmo mostre a janela com os prováveis problemas (localização e nome do arquivo no disco). Pouse o mouse sobre os problemas encontrados e verifique qual é a recomendação dada para ele. Marcados os arquivos a serem removidos, clique em Clean Up;

 

PS.: Somente execute a limpeza caso haja a seguinte mensagem em Removable --> Yes (clean up recommended) <--;

 

5. Finalizada a limpeza o programa irá requerer a Reinicialização (clique em Restart Now);

 

6. Quando o PC reiniciar abrir-se-á uma caixa de diálogo com o resultado final do Scan. Preciso que você copie e cole o conteúdo da caixa de diálogo em sua próxima resposta. Poste também um novo log do HijackThis.

[paulopereira 0]

Não pude completar os pontos 5 e 6, porque não pude eliminar nenhum ficheiro.

 

O que apareceu no fim da verificação, ao pousar o mouse nos problemas encontrados foi isto:

 

Area: Local hard drives

Description: Unknown hidden file

Location: C:\Documents and Settings\Administrador\Definições locais\Temporary Internet Files\Content.IE5\GY9EFWG2\site=ojogo&chansm=ojogo&adsize=1x1&typesm=bannertext&pagetype=hp&tile=43232249[1]

Removable: Yes (but clean up not recommended for this file)

Notes: (no more detail available)

 

Quanto ao HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:28:38, on 22-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\wmiprevse.exe

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [soundMAX] C:\Programas\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9911 bytes

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Aguardo retorno

[paulopereira 0]

Cá vai o combofix:

 

ComboFix 09-03-19.02 - Administrador 2009-03-22 19:10:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1015.573 [GMT 0:00]

Executando de: c:\documents and settings\Administrador\Os meus documentos\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\IE4 Error Log.txt

c:\windows\setup.exe

c:\windows\system\smss.exe

c:\windows\system32\vbbho.tlb

E:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SVCHOST

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))

.

 

2009-03-22 14:04 . 2009-03-22 14:04 <DIR> d-------- c:\programas\Sophos

2009-03-20 22:25 . 2009-03-20 22:25 <DIR> d-------- c:\documents and settings\Administrador\Application Data\uniblue

2009-03-20 22:24 . 2009-03-20 22:24 <DIR> d-------- c:\programas\Uniblue

2009-03-20 21:31 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2009-03-20 21:28 . 2009-03-20 21:31 <DIR> d-------- c:\windows\system32\XPSViewer

2009-03-20 21:28 . 2009-03-20 21:28 <DIR> d-------- c:\programas\Reference Assemblies

2009-03-20 21:28 . 2009-03-20 21:28 <DIR> d-------- c:\programas\MSBuild

2009-03-20 21:27 . 2009-03-20 21:27 224 --a------ c:\windows\system32\spupdsvc.inf

2009-03-20 21:26 . 2009-03-20 21:27 <DIR> d-------- C:\07d39b07cf06cf551be9072bd14880a5

2009-03-20 21:26 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2009-03-20 21:26 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll

2009-03-20 21:26 . 2008-07-06 10:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-03-20 21:26 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2009-03-20 21:26 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll

2009-03-20 21:26 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll

2009-03-20 21:26 . 2008-07-06 12:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-03-20 21:16 . 2009-03-20 21:16 <DIR> dr-h----- C:\AHCache

2009-03-19 19:36 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\31530453.sys

2009-03-19 19:28 . 2009-03-22 14:28 <DIR> d-------- C:\Hijack

2009-03-19 16:58 . 2009-03-19 16:58 <DIR> d-------- c:\programas\SecureW2

2009-03-18 23:06 . 2009-03-20 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-16 23:06 . 2009-03-20 16:20 54,156 --ah----- c:\windows\QTFont.qfn

2009-03-16 23:06 . 2009-03-16 23:06 1,409 --a------ c:\windows\QTFont.for

2009-03-15 23:16 . 2009-03-18 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-11 12:44 . 2009-03-11 12:44 <DIR> d-------- c:\windows\tracing

2009-03-04 23:42 . 2009-03-04 23:42 <DIR> d-------- c:\programas\Macromedia

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-22 19:20 35,316,768 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-22 19:17 1,397,792 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-03-22 19:16 473,948 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-22 19:16 132,044 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-03-22 19:01 --------- d-----w c:\programas\FlashGet

2009-03-22 18:58 --------- d-----w c:\documents and settings\Administrador\Application Data\HPAppData

2009-03-22 17:35 --------- d-----w c:\documents and settings\Administrador\Application Data\uTorrent

2009-03-22 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-03-18 15:51 --------- d-----w c:\programas\Piolet

2009-03-04 23:42 --------- d--h--w c:\programas\InstallShield Installation Information

2009-02-03 17:51 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-03 17:51 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-01 15:47 --------- d-----w c:\documents and settings\Administrador\Application Data\Nokia Multimedia Player

2008-12-03 10:04 607,640 ----a-w c:\documents and settings\Administrador\jre-6u11-windows-i586-p-iftw.exe

2006-10-04 10:40 56 --sha-w c:\windows\SMINST\hpboot.sys

2008-09-23 16:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008092320080924\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

"wmiprevse"="c:\windows\system32\wmiprevse.exe" [2009-02-16 81920]

"QuickTime Task"="c:\programas\QuickTime\qttask.exe" [2006-10-18 155648]

"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

BTTray.lnk - c:\programas\Software WIDCOMM\Bluetooth\BTTray.exe [2006-01-18 581693]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41 40960 c:\programas\HPQ\IAM\Bin\AsWlnPkg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli AsWlnPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=c:\windows\system\smss.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Arranque^Adobe Gamma.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Arranque\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Arranque^is-6QSMO.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Arranque\is-6QSMO.lnk

backup=c:\windows\pss\is-6QSMO.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^DVD Check.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Inicialização rápida do HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Inicialização rápida do HP Image Zone.lnk

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-27 18:03 152872 c:\programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2006-01-26 13:35 172094 c:\programas\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]

--------- 2007-11-06 10:08 397312 c:\programas\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2007-07-17 10:03 868352 c:\programas\Creative\Sync Manager Unicode\CTSyncU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-09-14 20:09 157592 c:\programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-10-14 20:17 49152 c:\programas\Hp\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

--a------ 2007-08-22 15:31 80896 c:\programas\Hp\Digital Imaging\bin\HpqSRmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2006-02-14 09:49 454656 c:\programas\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 c:\programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]

--a------ 2006-02-14 10:56 122880 c:\programas\HPQ\HP ProtectTools Security Manager\pthosttr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2006-03-23 09:38 131072 c:\programas\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-10-18 16:08 155648 c:\programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2005-05-20 08:11 925696 c:\programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-24 14:34 136600 c:\programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a--c--- 2006-03-03 16:46 761948 c:\programas\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

--a------ 2005-11-08 10:59 184320 c:\programas\InterVideo\DVD Check\DVDCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2007-01-05 19:08 204288 c:\programas\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2006-01-30 01:00 88203 c:\windows\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Programas\\Piolet\\Piolet.exe"=

"c:\\Programas\\Ficheiros comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Programas\\FlashGet\\flashget.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programas\\MSN Messenger\\livecall.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Programas\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programas\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programas\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programas\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Programas\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

 

R1 is-6QSMOdrv;is-6QSMOdrv;c:\windows\system32\drivers\31530453.sys [2009-03-19 148496]

R2 ASChannel;Canal de comunicação local;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-19 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-19 8320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83662958-36be-11dc-8190-0016417beb77}]

\Shell\AutoRun\command - Aprendilandia10.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.pt/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: &Transfere tudo pelo FlashGet - c:\programas\FlashGet\jc_all.htm

IE: &Transfere usando FlashGet - c:\programas\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-22 19:19:37

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\26.tmp"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1588)

c:\programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

c:\programas\HPQ\IAM\Bin\AsWlnPkg.dll

 

- - - - - - - > 'lsass.exe'(1644)

c:\programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\programas\HPQ\IAM\bin\AsWlnPkg.dll

c:\programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\dllhost.exe

c:\programas\HPQ\IAM\Bin\asghost.exe

c:\windows\system32\igfxsrvc.exe

c:\programas\Software WIDCOMM\Bluetooth\BTStackServer.exe

c:\windows\system32\msdtc.exe

c:\programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

c:\windows\system32\CTSVCCDA.EXE

c:\programas\Java\jre6\bin\jqs.exe

c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\mqsvc.exe

c:\programas\Windows Media Player\wmpnetwk.exe

c:\programas\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-22 19:26:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-22 19:26:09

 

Pré-execução: 26.105.384.960 bytes livres

Pós execução: 26,461,437,952 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

273 --- E O F --- 2009-03-22 03:14:23

 

Aqui o HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:02, on 22-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\wmiprevse.exe

C:\Programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9514 bytes

[Silas Martins 0]

*Baixe o USBFix e salve-o no desktop

 

*Desative temporariamente seu antivírus

*Instale o programa (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter)

*Duplo clique no ícone criado no desktop

*O PC será reiniciado. Mantenha o Pendrive no local. Não remova!!

*Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...

*Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

*Cole o resultado criado em C:\UsbFix.txt e novo log do hijack

[paulopereira 0]

É normal isto dar tanto trabalho?

 

Aqui o USBFix:

 

-------------- UsbFix V2.395 ---------------

 

* User : Administrador - PC195201846944

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 17:18:07 le 23-03-2009

* Windows Xp - Internet Explorer 7.0.5730.13

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\DllHost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\1.tmp\b2e.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade fixa

 

E: - Unidade fixa

 

F: - Unidade de CD-ROM

 

 

+- Contenu de l'autorun : F:\autorun.inf

 

[autorun]

OPEN=autorun.exe

--------------- [ Registre / Startup ] ----------------

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

MsmqIntCert REG_SZ regsvr32 /s mqrt.dll

DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE

igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe

igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe

CognizanceTS REG_SZ rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

Recguard REG_SZ C:\WINDOWS\Sminst\Recguard.exe

Reminder REG_SZ C:\WINDOWS\Creator\Remind_XP.exe

Scheduler REG_SZ C:\WINDOWS\SMINST\Scheduler.exe

wmiprevse REG_SZ C:\WINDOWS\system32\wmiprevse.exe

QuickTime Task REG_SZ "C:\Programas\QuickTime\qttask.exe" -atboottime

AVP REG_SZ "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe

msnmsgr REG_SZ "C:\Programas\MSN Messenger\msnmsgr.exe" /background

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-3618487637-108555910-3165516689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-436374069-1644491937-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83662958-36be-11dc-8190-0016417beb77}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-3618487637-108555910-3165516689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83662958-36be-11dc-8190-0016417beb77}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-436374069-1644491937-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83662958-36be-11dc-8190-0016417beb77}\Shell\AutoRun\command

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - E:\info.exe

Echec de la supression !! - F:\autorun.exe

Echec de la supression !! - F:\autorun.inf

Echec de la supression !! - F:\setup.exe

Echec de la supression !! - F:\autorun.inf

 

--------------- ! Fin du rapport ! ----------------

 

Aqui o HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:45:31, on 23-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wmiprevse.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9608 bytes

[Silas Martins 0]

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

 

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

No mais o log ta limpo.

Aguardo retorno.

[paulopereira 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:54:26, on 23-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wmiprevse.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\PROGRA~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch_1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Transfere tudo pelo FlashGet - C:\Programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Transfere usando FlashGet - C:\Programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Estatísticas do Anti-vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/...NG/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159874187660

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159890383359

O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9227 bytes

[paulopereira 0]

O PC está livre de vírus entao?

[Silas Martins 0]

Você efetuou a ultima instrução que forneci?

Quanto ao log só restam essas entradas nulas.

Log Limpo

O problema persiste?

[paulopereira 0]

Já não há alerta de vírus e ele voltou a reinicar bem. MUITISSIMO AGRADECIDO, a sério. O vosso trabalho aqui não tem preço.

 

Um grande abraço de Portugal,

 

Paulo Pereira

[Silas Martins 0]

Obrigado disponha sempre.

Caso Resolvido

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.