[Resolvido!] Pc demora muito a desligar

[PatríciaF 0]

Boa tarde.

O meu pc inicia bem, ou seja, nao demora muito tempo. No entanto ultimamente tem demorado muito para executar a acção de desligar.

Eu vou ao menu iniciar e clico em desligar. Aparece a caixa e volto a seleccionar e desse momento até aquele em que processos começam todos a desligar-se e aparece o ecra azul do windows a dizer que o pc está a desligar-se demora imenso tempo.

Será que me podem ajudar?

 

Aqui fica o log do Hijckthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:45:45, on 27-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATKOSD2\ATKOSD2.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\ASUS\ATK Media\DMEDIA.EXE

C:\Programas\ASUS\Power4 Gear\BatteryLife.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\KBFiltr.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKOSD2] "C:\Programas\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Programas\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Broken Internet access because of LSP provider 'c:\programas\bonjour\mdnsnsp.dll' missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227916222906

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programas\ATKGFNEX\GFNEXSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 8581 bytes

[PedroN 1]

Faça o download do bankerfix clicando no link abaixo:

http://www.linhadefensiva.org/dl/bankerfix

 

- Salve a ferramenta no seu disco rígido.

- Dê um duplo-clique no bankerfix.exe.

- Uma janela pedirá a confirmação para a instalação da ferramenta. Clique em Sim.

- Feche todas as janelas e programas, com exceção do BankerFix

- Agora é so aguarda a execução do bankerfix.

- O relatório da ferramenta, informando sobre todos os arquivos detectados e removidos, fica no arquivo relatorio.txt, presente na pasta C:\LinhaDefensiva poste-o na sua proxima resposta junto com o log do hijackthis.

[PatríciaF 0]

Log do hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:37:02, on 27-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATKOSD2\ATKOSD2.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\ASUS\ATK Media\DMEDIA.EXE

C:\Programas\ASUS\Power4 Gear\BatteryLife.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\KBFiltr.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKOSD2] "C:\Programas\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Programas\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Broken Internet access because of LSP provider 'c:\programas\bonjour\mdnsnsp.dll' missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227916222906

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programas\ATKGFNEX\GFNEXSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8007 bytes

 

 

 

 

 

relatório do bankerfix

 

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-03-27 - 19:36

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[PatríciaF 0]

Relatório do combofix:

 

ComboFix 09-03-26.03 - Ticia 2009-03-27 23:57:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.3071.2307 [GMT 0:00]

Executando de: c:\documents and settings\Ticia\Ambiente de trabalho\ComboFix.exe

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)

FW: ZoneAlarm Security Suite Firewall *disabled*

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))

.

 

2009-03-27 19:35 . 2009-03-27 19:38 <DIR> d-------- C:\LinhaDefensiva

2009-03-27 19:34 . 2009-03-27 19:34 178,597 --a------ C:\bankerfix.exe

2009-03-27 18:41 . 2009-03-27 18:41 <DIR> d-------- C:\!KillBox

2009-03-26 10:09 . 2009-03-26 10:09 <DIR> d-------- c:\programas\Wireless Console 2

2009-03-25 14:01 . 2009-03-25 20:46 <DIR> d-------- c:\programas\MODEM MF622

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-03-25 14:00 . 2009-03-25 14:01 <DIR> d-------- c:\windows\system32\SupportAppPT

2009-03-19 14:29 . 2009-03-19 14:29 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-13 18:55 . 2009-03-13 19:18 <DIR> d-------- c:\documents and settings\Ticia\Application Data\fretsonfire

2009-03-12 17:37 . 2009-03-22 20:38 <DIR> d-------- c:\documents and settings\Ticia\Application Data\MailFrontier

2009-03-12 14:34 . 2009-02-15 23:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll

2009-03-11 16:51 . 2004-09-21 11:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-03-09 20:25 . 2009-03-09 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii

2009-03-09 20:24 . 2009-03-09 20:24 <DIR> d-------- c:\windows\Nanny Mania 2

2009-03-05 10:44 . 2009-03-05 10:44 <DIR> d-------- c:\programas\Trend Micro

2009-03-01 17:02 . 2009-03-01 17:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-27 23:58 36,365,088 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-27 23:46 --------- d-----w c:\documents and settings\Ticia\Application Data\uTorrent

2009-03-27 19:30 --------- d-----w c:\documents and settings\Ticia\Application Data\WTablet

2009-03-27 19:29 470,036 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-27 19:12 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet

2009-03-27 11:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-26 10:09 --------- d--h--w c:\programas\InstallShield Installation Information

2009-03-23 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-03-20 21:25 202,040 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-20 21:25 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-20 19:35 --------- d-----w c:\documents and settings\Ticia\Application Data\Skype

2009-03-20 18:52 --------- d-----w c:\documents and settings\Ticia\Application Data\skypePM

2009-03-19 14:29 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-13 16:03 85,279 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_13_15_16_16_small.dmp.zip

2009-03-11 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-10 14:15 61,959 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_10_09_20_42_small.dmp.zip

2009-03-09 16:38 --------- d-----w c:\documents and settings\Ticia\Application Data\MySQL

2009-03-06 10:34 4,996,980 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-02-28 23:41 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-27 09:44 --------- d-----w c:\programas\Microsoft Silverlight

2009-02-24 14:27 --------- d-----w c:\programas\ASUS

2009-02-24 14:26 --------- d-----w c:\documents and settings\Ticia\Application Data\InstallShield

2009-02-22 14:48 587,264 ----a-w c:\windows\Internet Logs\xDB4E.tmp

2009-02-21 01:02 --------- d-----w c:\programas\Play+Smile

2009-02-20 17:32 --------- d-----w c:\programas\JavaSoft

2009-02-20 13:58 3,039,232 ----a-w c:\windows\Internet Logs\xDB4D.tmp

2009-02-20 13:57 281,600 ----a-w c:\windows\Internet Logs\xDB4C.tmp

2009-02-20 13:36 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-02-19 09:40 --------- d-----w c:\documents and settings\Ticia\Application Data\QuosaDDM

2009-02-19 00:02 --------- d-----w c:\programas\Windows Live

2009-02-18 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk

2009-02-18 11:01 3,018,240 ----a-w c:\windows\Internet Logs\xDB49.tmp

2009-02-18 11:01 283,648 ----a-w c:\windows\Internet Logs\xDB48.tmp

2009-02-16 17:58 2,994,176 ----a-w c:\windows\Internet Logs\xDB47.tmp

2009-02-15 23:10 72,584 ----a-w c:\windows\zllsputility.exe

2009-02-13 20:12 --------- d-----w c:\documents and settings\Ticia\Application Data\sqliteadmin.AB5DC2BFE1CC17E8B3ABCCFCE6D8E2C1E705E08D.1

2009-02-12 11:34 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime

2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 20:05 41,686,530 ----a-w c:\windows\system32\xa28912437.exe

2009-02-06 20:05 41,686,530 ----a-w c:\windows\system32\xa28910140.exe

2009-02-04 14:50 --------- d-----w c:\programas\Tablet

2009-02-02 18:42 --------- d-----w c:\programas\Ficheiros comuns\SourceTec

2009-02-02 18:41 --------- d-----w c:\programas\SourceTec

2009-02-02 15:44 --------- d-----w c:\documents and settings\Ticia\Application Data\ViquaSoft

2009-02-02 15:43 41,686,530 ----a-w c:\windows\system32\xa13429156.exe

2009-02-02 15:43 41,686,530 ----a-w c:\windows\system32\xa13427953.exe

2009-02-02 15:42 41,686,530 ----a-w c:\windows\system32\xa13333234.exe

2009-02-02 15:42 41,686,530 ----a-w c:\windows\system32\xa13330406.exe

2009-01-29 16:22 2,784,768 ----a-w c:\windows\Internet Logs\xDB43.tmp

2009-01-29 16:22 2,670,592 ----a-w c:\windows\Internet Logs\xDB42.tmp

2009-01-29 12:10 --------- d-----w c:\programas\AGEIA Technologies

2009-01-29 12:09 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-01-28 16:21 2,769,920 ----a-w c:\windows\Internet Logs\xDB1A6.tmp

2009-01-28 16:21 2,747,904 ----a-w c:\windows\Internet Logs\xDB1A7.tmp

2009-01-28 13:47 --------- d-----w c:\programas\Nokia

2009-01-28 13:39 --------- d--h--w c:\documents and settings\Ticia\Application Data\ijjigame

2009-01-21 09:25 2,204,160 ----a-w c:\windows\Internet Logs\xDB3D.tmp

2009-01-20 23:27 2,662,912 ----a-w c:\windows\Internet Logs\xDB38.tmp

2009-01-16 20:21 2,650,112 ----a-w c:\windows\Internet Logs\xDB2E.tmp

2009-01-12 12:36 2,606,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp

2008-12-30 12:02 3,146,240 ----a-w c:\windows\Internet Logs\xDB15.tmp

2008-12-30 12:02 2,573,824 ----a-w c:\windows\Internet Logs\xDB16.tmp

2008-11-29 17:09 22,328 ----a-w c:\documents and settings\Ticia\Application Data\PnkBstrK.sys

2008-11-29 01:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008112920081130\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]

"ATKOSD2"="c:\programas\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]

"ATKHOTKEY"="c:\programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]

"ATKMEDIA"="c:\programas\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]

"Power_Gear"="c:\programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ACMON"="c:\programas\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]

"ZoneAlarm Client"="c:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-19 148888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]

"Wireless Console 2"="c:\programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-12-04 185872]

"SkyTel"="SkyTel.EXE" [2006-05-20 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Ticia^Menu Iniciar^Programas^Arranque^Iniciação Rápida do Microsoft Office OneNote 2007.lnk]

path=c:\documents and settings\Ticia\Menu Iniciar\Programas\Arranque\Iniciação Rápida do Microsoft Office OneNote 2007.lnk

backup=c:\windows\pss\Iniciação Rápida do Microsoft Office OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 c:\programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 c:\programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 16:09 1695232 c:\programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-02-22 05:46 13508608 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-02-22 05:46 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 c:\programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-31 19:42 32768 c:\programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-08-10 21:11 573440 c:\programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-12-04 17:51 185872 c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-07 02:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-02-22 05:46 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2006-11-18 01:21 16270848 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

 

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2008-11-29 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2008-11-29 5248]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-01-29 36608]

R3 ITECIR;ITE EC CIR Driver (RTC);c:\windows\system32\drivers\ITECIR.sys [2008-11-28 9728]

S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2008-11-29 93440]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-21 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-21 8320]

S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4969f654-1945-11de-aef7-001fc682c9d9}]

\Shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll

MSConfigStartUp-PCSuiteTrayApplication - c:\programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

 

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Ticia\Application Data\Mozilla\Firefox\Profiles\j8148gnc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-27 23:58:23

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-03-27 23:59:36

ComboFix-quarantined-files.txt 2009-03-27 23:59:34

 

Pré-execução: 106.060.918.784 bytes livres

Pós execução: 106,115,620,864 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

209 --- E O F --- 2009-03-14 21:50:38

 

 

 

Relatório do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0:01:52, on 28-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATKOSD2\ATKOSD2.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\ASUS\ATK Media\DMEDIA.EXE

C:\Programas\ASUS\Power4 Gear\BatteryLife.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\KBFiltr.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKOSD2] "C:\Programas\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Programas\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227916222906

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programas\ATKGFNEX\GFNEXSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7480 bytes

 

 

Obrigado pela disponibilidade :)

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\LinhaDefensiva

C:\!KillBox

File::

C:\bankerfix.exe

F:\AutoRun.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4969f654-1945-11de-aef7-001fc682c9d9}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

No mais o log estar limpo.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

- Para dúvidas ainda de alguma infecção faça um scan online

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

 

Não esqueça de postar o resultado aqui para análise.

 

Abraços.

[PatríciaF 0]

Relatório do combofix:

 

ComboFix 09-03-26.03 - Ticia 2009-03-28 11:14:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.3071.2563 [GMT 0:00]

Executando de: c:\documents and settings\Ticia\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Ticia\Ambiente de trabalho\CFScript.txt

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)

FW: ZoneAlarm Security Suite Firewall *disabled*

* Criado um novo ponto de restauro

 

FILE ::

C:\bankerfix.exe

F:\AutoRun.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\bankerfix.exe

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2009-03-27.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))

.

 

2009-03-26 10:09 . 2009-03-26 10:09 <DIR> d-------- c:\programas\Wireless Console 2

2009-03-25 14:01 . 2009-03-25 20:46 <DIR> d-------- c:\programas\MODEM MF622

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys

2009-03-25 14:01 . 2007-06-18 17:33 101,120 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-03-25 14:00 . 2009-03-25 14:01 <DIR> d-------- c:\windows\system32\SupportAppPT

2009-03-19 14:29 . 2009-03-19 14:29 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-13 18:55 . 2009-03-13 19:18 <DIR> d-------- c:\documents and settings\Ticia\Application Data\fretsonfire

2009-03-12 17:37 . 2009-03-22 20:38 <DIR> d-------- c:\documents and settings\Ticia\Application Data\MailFrontier

2009-03-12 14:34 . 2009-02-15 23:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll

2009-03-11 16:51 . 2004-09-21 11:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-03-09 20:25 . 2009-03-09 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii

2009-03-09 20:24 . 2009-03-09 20:24 <DIR> d-------- c:\windows\Nanny Mania 2

2009-03-05 10:44 . 2009-03-05 10:44 <DIR> d-------- c:\programas\Trend Micro

2009-03-01 17:02 . 2009-03-01 17:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-28 11:16 41,095,968 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-28 11:10 --------- d-----w c:\documents and settings\Ticia\Application Data\uTorrent

2009-03-28 00:06 --------- d-----w c:\documents and settings\Ticia\Application Data\WTablet

2009-03-28 00:05 497,852 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-27 19:12 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet

2009-03-27 11:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-26 10:09 --------- d--h--w c:\programas\InstallShield Installation Information

2009-03-23 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-03-20 21:25 202,040 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-20 21:25 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-20 19:35 --------- d-----w c:\documents and settings\Ticia\Application Data\Skype

2009-03-20 18:52 --------- d-----w c:\documents and settings\Ticia\Application Data\skypePM

2009-03-19 14:29 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-13 16:03 85,279 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_13_15_16_16_small.dmp.zip

2009-03-11 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-10 14:15 61,959 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_10_09_20_42_small.dmp.zip

2009-03-09 16:38 --------- d-----w c:\documents and settings\Ticia\Application Data\MySQL

2009-03-06 10:34 4,996,980 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-02-28 23:41 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-27 09:44 --------- d-----w c:\programas\Microsoft Silverlight

2009-02-24 14:27 --------- d-----w c:\programas\ASUS

2009-02-24 14:26 --------- d-----w c:\documents and settings\Ticia\Application Data\InstallShield

2009-02-22 14:48 587,264 ----a-w c:\windows\Internet Logs\xDB4E.tmp

2009-02-21 01:02 --------- d-----w c:\programas\Play+Smile

2009-02-20 17:32 --------- d-----w c:\programas\JavaSoft

2009-02-20 13:58 3,039,232 ----a-w c:\windows\Internet Logs\xDB4D.tmp

2009-02-20 13:57 281,600 ----a-w c:\windows\Internet Logs\xDB4C.tmp

2009-02-20 13:36 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-02-19 09:40 --------- d-----w c:\documents and settings\Ticia\Application Data\QuosaDDM

2009-02-19 00:02 --------- d-----w c:\programas\Windows Live

2009-02-18 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk

2009-02-18 11:01 3,018,240 ----a-w c:\windows\Internet Logs\xDB49.tmp

2009-02-18 11:01 283,648 ----a-w c:\windows\Internet Logs\xDB48.tmp

2009-02-16 17:58 2,994,176 ----a-w c:\windows\Internet Logs\xDB47.tmp

2009-02-15 23:10 72,584 ----a-w c:\windows\zllsputility.exe

2009-02-13 20:12 --------- d-----w c:\documents and settings\Ticia\Application Data\sqliteadmin.AB5DC2BFE1CC17E8B3ABCCFCE6D8E2C1E705E08D.1

2009-02-12 11:34 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime

2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 20:05 41,686,530 ----a-w c:\windows\system32\xa28912437.exe

2009-02-06 20:05 41,686,530 ----a-w c:\windows\system32\xa28910140.exe

2009-02-04 14:50 --------- d-----w c:\programas\Tablet

2009-02-02 18:42 --------- d-----w c:\programas\Ficheiros comuns\SourceTec

2009-02-02 18:41 --------- d-----w c:\programas\SourceTec

2009-02-02 15:44 --------- d-----w c:\documents and settings\Ticia\Application Data\ViquaSoft

2009-02-02 15:43 41,686,530 ----a-w c:\windows\system32\xa13429156.exe

2009-02-02 15:43 41,686,530 ----a-w c:\windows\system32\xa13427953.exe

2009-02-02 15:42 41,686,530 ----a-w c:\windows\system32\xa13333234.exe

2009-02-02 15:42 41,686,530 ----a-w c:\windows\system32\xa13330406.exe

2009-01-29 16:22 2,784,768 ----a-w c:\windows\Internet Logs\xDB43.tmp

2009-01-29 16:22 2,670,592 ----a-w c:\windows\Internet Logs\xDB42.tmp

2009-01-29 12:10 --------- d-----w c:\programas\AGEIA Technologies

2009-01-29 12:09 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-01-28 16:21 2,769,920 ----a-w c:\windows\Internet Logs\xDB1A6.tmp

2009-01-28 16:21 2,747,904 ----a-w c:\windows\Internet Logs\xDB1A7.tmp

2009-01-28 13:47 --------- d-----w c:\programas\Nokia

2009-01-28 13:39 --------- d--h--w c:\documents and settings\Ticia\Application Data\ijjigame

2009-01-21 09:25 2,204,160 ----a-w c:\windows\Internet Logs\xDB3D.tmp

2009-01-20 23:27 2,662,912 ----a-w c:\windows\Internet Logs\xDB38.tmp

2009-01-16 20:21 2,650,112 ----a-w c:\windows\Internet Logs\xDB2E.tmp

2009-01-12 12:36 2,606,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp

2008-12-30 12:02 3,146,240 ----a-w c:\windows\Internet Logs\xDB15.tmp

2008-12-30 12:02 2,573,824 ----a-w c:\windows\Internet Logs\xDB16.tmp

2008-11-29 17:09 22,328 ----a-w c:\documents and settings\Ticia\Application Data\PnkBstrK.sys

2008-11-29 01:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008112920081130\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-27_23.58.56,35 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-27 23:51:43 708,888 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat

+ 2009-03-28 11:11:33 712,332 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat

+ 2009-03-28 00:06:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_600.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]

"ATKOSD2"="c:\programas\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]

"ATKHOTKEY"="c:\programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]

"ATKMEDIA"="c:\programas\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]

"Power_Gear"="c:\programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"ACMON"="c:\programas\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]

"ZoneAlarm Client"="c:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-19 148888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]

"Wireless Console 2"="c:\programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-12-04 185872]

"SkyTel"="SkyTel.EXE" [2006-05-20 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Ticia^Menu Iniciar^Programas^Arranque^Iniciação Rápida do Microsoft Office OneNote 2007.lnk]

path=c:\documents and settings\Ticia\Menu Iniciar\Programas\Arranque\Iniciação Rápida do Microsoft Office OneNote 2007.lnk

backup=c:\windows\pss\Iniciação Rápida do Microsoft Office OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 c:\programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 c:\programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 16:09 1695232 c:\programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-02-22 05:46 13508608 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-02-22 05:46 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 c:\programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-31 19:42 32768 c:\programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-08-10 21:11 573440 c:\programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-12-04 17:51 185872 c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-07 02:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-02-22 05:46 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2006-11-18 01:21 16270848 c:\windows\RTHDCPL.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

 

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2008-11-29 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2008-11-29 5248]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-01-29 36608]

R3 ITECIR;ITE EC CIR Driver (RTC);c:\windows\system32\drivers\ITECIR.sys [2008-11-28 9728]

S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2008-11-29 93440]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-21 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-21 8320]

S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Ticia\Application Data\Mozilla\Firefox\Profiles\j8148gnc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-28 11:16:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-03-28 11:18:14

ComboFix-quarantined-files.txt 2009-03-28 11:18:12

ComboFix2.txt 2009-03-27 23:59:37

 

Pré-execução: 104.363.405.312 bytes livres

Pós execução: 104,381,460,480 bytes livres

 

272 --- E O F --- 2009-03-14 21:50:38

 

 

 

Baixei o CCleaner e fiz o que foi pedido.

Neste momento estou a fazer o scan online.

Assim que acabar posto um log do hijackthis para ver se existe mais algum problema.

 

Obrigado pela atenção.

[PedroN 1]

Ok, fico no aguardo do resultado do scan online.

[PatríciaF 0]

O scan online não acusou nada.

 

Aqui fica o log do hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:44:22, on 28-03-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATKOSD2\ATKOSD2.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\ASUS\ATK Media\DMEDIA.EXE

C:\Programas\ASUS\Power4 Gear\BatteryLife.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Programas\ATK Hotkey\KBFiltr.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\Programas\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKOSD2] "C:\Programas\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Programas\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227916222906

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Programas\ATKGFNEX\GFNEXSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7650 bytes

[PedroN 1]

Portanto, o log estar limpo. Algum problema?

 

Um Forte abraço.

[PatríciaF 0]

O problema persiste... o computador continua a demorar a desligar :(

[PedroN 1]

O problema não se trata mais de malware.

 

- Quanto de memoria você tem?

[PatríciaF 0]

Eu tenho 4GB de Memória RAM. (3072MB(2048M +1024M) DDRII 667 + 1G turbo memory )

No disco local c: tenho 135GB (103gb livres)

No disco local d: tenho 90 GB (36GB livres)

 

Este problema é recente. Para aí ha uma semana. Até então estava tudo bem.

 

Pelos vistos vou formatar o computador e fica tudo resolvido.

 

Obrigado pela ajuda e pela atenção.

 

Continuação de um bom trabalho. :)

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.