Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

smelo772

[Resolvido!] Pc lento para navegação na WEB e no Outlook

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

smelo772    0

smelo772
Postado

Olá Pessoal! To escrevendo pela primeira vez pq n ageunto mais ficar formatando meu HD e perdendo dados.Meu micro vive com essas pragas,adwares,spywares,mensagens com virus etc.

Tenho o AVAST FREE e o SPYBOT.Infelizmewnt o Avast n pega muitos dos virus q se agregam a tool bars,ao google,etc. e o Spybot tem a opçaõ permitir negar mas tb se você n sabe muito o q fazer acaba permitindo a entrada,sempre na hora q instala um programa novo.

Meu icro está muito lento na navegação e,as paginas demoram seeeeeeeeeeeeeculosssssssss para abrir,carregar.O Outlook tb começou a apresentar problemas,erros etc.

To agoniada.Passei o HijackThis mas n sei o que deletar.Peço ajuda de vocês.Pra ilustrar eu to usando 3 gb de memoria RAm sendo q 1 pente é DDR 533 (1GB) e o outro é DDR 667 Dual channel(2GB).O Windows já identificou os dois ok?

Segue o LOG:

Logfile of HijackThis v1.99.1

Scan saved at 18:51:26, on 23/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

D:\iTunesHelper.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Stella Melo\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D72630C-0544-477D-AF91-BA795E7F6C9D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9c7f12f3c8b34) (gupdate1c9c7f12f3c8b34) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Oi smelo772 meu nome é Pedro Neto sou analista do segurança do fórum imasters e vou ajudá-lo no seu caso. Primeiramente tenha uma boa noite e seja bem-vindo(a) ao Imasters peço que prociga com o seu caso até o final dos seus procedimento, ok? ;)

 

Faça o download do bankerfix clicando no link abaixo:

http://www.linhadefensiva.org/dl/bankerfix

 

- Salve a ferramenta no seu disco rígido.

- Dê um duplo-clique no bankerfix.exe.

- Uma janela pedirá a confirmação para a instalação da ferramenta. Clique em Sim.

- Feche todas as janelas e programas, com exceção do BankerFix

- Agora é so aguarda a execução do bankerfix.

- O relatório da ferramenta, informando sobre todos os arquivos detectados e removidos, fica no arquivo relatorio.txt, presente na pasta C:\LinhaDefensiva poste-o na sua proxima resposta junto com o log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

smelo772    0

smelo772
Postado

Oie Pedro! Obrigada pelo retorno.Instalei o Banker fix veja os logs dele e do Hijack,ok?

Melhorou mas ainda tah meio lenta...50% de melhora.

-

VEJA:

 

------------------------------------------------------

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-05-24 - 21:19

-------------------------------------------------------

Lista de Definição: 2009-05-04-2 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\Install.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 21:22:39, on 24/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

D:\iTunesHelper.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\Stella Melo\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Oi smelo772 Tenha uma Boa Tarde! :)

 

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

smelo772    0

smelo772
Postado

Olá PedroN

Postando o Log do Anti Malware e tb do HijackThis atualizados.Aproveite pra desinstalar o Outlook e reinstalar tb e limpara a caixa postal ok?

Pc melhorou..mas eu acho q ainda poderia ser mais rápido.Veja:

Malwarebytes' Anti-Malware 1.36

Database version: 2174

Windows 5.1.2600 Service Pack 3

 

25/5/2009 15:17:02

mbam-log-2009-05-25 (15-17-02).txt

 

Scan type: Quick Scan

Objects scanned: 103048

Time elapsed: 1 minute(s), 57 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules In

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

RcAuto1.gif

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

whatnext.png

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

smelo772    0

smelo772
Postado

Oi Pedro N. acabei de passar o COMBO FIX e o HIJACKTHIS.

Eu acho que eliminou alguma coisa,mas n sei o que exatamente...

que faço mais? aguardo você abs.

Stella

 

Logfile of HijackThis v1.99.1

Scan saved at 22:36:38, on 25/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

D:\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Stella Melo\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D72630C-0544-477D-AF91-BA795E7F6C9D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

Compartilhar este post

Link para o post
Compartilhar em outros sites

smelo772    0

smelo772
Postado

Estou com muita dificuldade de postar as respostas aqui,por isso vou tentar postar de novo.Esta demorando demais para carregar a pagina.Cerca de 30 minutos pra postar.

Veja o resultado do COMBO:

 

 

ComboFix 09-05-25.05 - Stella Melo 25/05/2009 22:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.3061.2210 [GMT -3:00]

Executando de: c:\documents and settings\Stella Melo\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\e100bmsg.dll

c:\windows\system32\j4yfuqg.dll

c:\windows\system32\prsgrc.dll

c:\windows\system32\ssprs.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-26 to 2009-05-26 ))))))))))))))))))))))))))))

.

 

2009-05-25 17:29 . 2009-01-13 20:42 113968 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-05-25 04:02 . 2009-05-25 04:02 -------- d-----w c:\program files\Microsoft Works

2009-05-25 04:01 . 2009-05-25 04:01 -------- d-----w c:\program files\Microsoft.NET

2009-05-25 03:58 . 2009-05-25 03:59 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-05-25 03:58 . 2009-05-25 03:58 -------- d-----w c:\windows\SHELLNEW

2009-05-25 03:57 . 2009-05-25 03:57 -------- d--h--r C:\MSOCache

2009-05-25 00:18 . 2009-05-25 00:20 -------- d-----w C:\LinhaDefensiva

2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w c:\documents and settings\Stella Melo\Application Data\Malwarebytes

2009-05-24 14:09 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-24 14:09 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-05-23 11:56 . 2009-05-23 11:56 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Cooliris

2009-05-23 11:56 . 2009-04-17 19:58 954368 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-05-23 11:56 . 2009-04-17 19:58 103424 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-05-23 11:56 . 2009-04-17 19:58 71652 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\avutil-49.dll

2009-05-23 11:56 . 2009-04-17 19:58 65536 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2009-05-23 11:56 . 2009-04-17 19:58 4579328 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\cooliris18.dll

2009-05-23 11:56 . 2009-04-17 19:58 4534272 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\cooliris19.dll

2009-05-23 11:56 . 2009-04-17 19:58 1161626 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll

2009-05-23 11:56 . 2009-04-17 19:58 344064 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-05-23 11:56 . 2009-04-17 19:58 131868 ----a-w c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\libs\avformat-52.dll

2009-05-22 17:45 . 2009-05-22 17:45 -------- d-----w c:\program files\Vertus Fluid Mask 3

2009-05-22 17:03 . 2008-10-16 17:06 268648 ----a-w c:\windows\system32\mucltui.dll

2009-05-22 17:03 . 2008-10-16 17:06 208744 ----a-w c:\windows\system32\muweb.dll

2009-05-22 16:51 . 2009-05-22 16:51 -------- d-----w c:\program files\Common Files\Protexis

2009-05-16 04:23 . 2009-05-16 04:23 -------- d-----w c:\program files\Corel

2009-05-16 03:56 . 2003-03-19 03:44 57344 ----a-w c:\windows\system32\MFC71ENU.DLL

2009-05-15 17:01 . 2009-05-16 03:01 -------- d-----w c:\documents and settings\Stella Melo\Application Data\skypePM

2009-05-15 17:01 . 2009-05-15 17:01 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-05-15 17:00 . 2009-05-22 16:52 -------- d-----w c:\documents and settings\Stella Melo\Application Data\Skype

2009-05-15 16:54 . 2009-05-22 16:52 -------- d-----w c:\program files\Skype

2009-05-15 16:54 . 2009-05-22 16:52 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype

2009-05-09 16:43 . 2009-05-22 16:47 -------- d-----w c:\program files\7-Zip

2009-05-06 19:43 . 2009-05-22 16:50 -------- d-----w c:\program files\Flash Movie Player

2009-05-06 19:40 . 2009-05-06 19:40 -------- d-----w c:\program files\Common Files\SourceTec

2009-05-06 16:15 . 2009-05-22 16:44 -------- d-----w c:\program files\Common Files\Macrovision Shared

2009-05-06 03:25 . 2009-05-22 13:19 -------- d-----w c:\program files\Panorama Tools

2009-05-03 18:23 . 2009-05-03 18:23 -------- d-----w c:\program files\Creative Zone

2009-05-03 18:23 . 1997-01-22 19:34 312320 ----a-w c:\windows\IsUninst.exe

2009-05-03 18:17 . 2009-05-03 18:17 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\WinAVI

2009-05-03 18:16 . 2009-05-22 16:44 -------- d-----w c:\program files\WinAVI Video Converter 9.0

2009-05-02 21:48 . 2009-05-02 21:48 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\GbPlugin

2009-05-01 18:33 . 2009-05-08 02:29 -------- d-----w c:\documents and settings\Stella Melo\dwhelper

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr

2009-05-01 00:54 . 2009-05-01 00:54 -------- d-----w c:\windows\system32\Adobe

2009-05-01 00:30 . 2009-05-01 00:31 -------- d-----w c:\program files\VLC

2009-05-01 00:26 . 2009-05-01 00:26 -------- d-----w c:\program files\FLV Player

2009-04-30 16:29 . 2009-04-30 16:34 -------- d-----w c:\program files\AutoCAD 2008

2009-04-29 22:14 . 2009-04-29 22:57 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Ahead

2009-04-29 22:06 . 2009-05-19 14:25 -------- d-----w c:\documents and settings\Stella Melo\Application Data\Ahead

2009-04-29 22:06 . 2009-04-29 22:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Ahead

2009-04-29 22:02 . 2009-04-29 22:04 -------- d-----w c:\program files\Common Files\Ahead

2009-04-29 22:02 . 2009-04-29 22:02 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero

2009-04-29 22:02 . 2009-04-29 22:02 -------- d-----w c:\program files\Nero

2009-04-29 21:10 . 2009-05-06 02:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Autodesk

2009-04-29 13:15 . 2008-03-20 22:39 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys

2009-04-29 13:14 . 2009-04-29 13:14 -------- d-----w c:\windows\Setup533

2009-04-29 13:14 . 2002-10-20 23:37 515803 ----a-w c:\windows\system32\drivers\Ca533av.sys

2009-04-29 13:14 . 2002-07-24 23:19 10986 ----a-w c:\windows\system32\drivers\Bulk533.sys

2009-04-29 13:14 . 2002-01-19 03:33 131072 ----a-w c:\windows\system32\SP5X_32.DLL

2009-04-29 13:12 . 2009-04-29 13:12 -------- d-----w c:\documents and settings\Stella Melo\Application Data\Creative

2009-04-29 13:08 . 1999-10-11 01:00 41984 ------w c:\windows\Ctregrun.exe

2009-04-29 13:04 . 2001-08-23 19:25 1706800 ----a-w c:\windows\system32\gdiplus.dll

2009-04-29 13:00 . 2009-04-29 13:04 -------- d-----w c:\program files\ArcSoft

2009-04-29 13:00 . 1995-07-31 16:44 212480 ----a-w c:\windows\PCDLIB32.DLL

2009-04-29 12:58 . 2009-05-22 16:47 -------- d-----w c:\program files\Creative

2009-04-29 04:07 . 2009-04-29 04:08 -------- d-----w C:\f99b3b9e1e07d9a9bd9b

2009-04-29 04:07 . 2009-04-29 04:29 -------- d-----w c:\windows\SxsCaPendDel

2009-04-28 23:03 . 2008-03-21 00:36 221184 ----a-w c:\windows\system32\wmpns.dll

2009-04-28 22:51 . 2009-04-30 16:34 -------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-28 22:51 . 2009-04-30 16:19 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Autodesk

2009-04-28 22:51 . 2009-04-28 22:51 -------- d-----w c:\program files\Autodesk

2009-04-28 22:34 . 2009-04-28 22:34 -------- d-----w c:\program files\iPod

2009-04-28 22:34 . 2009-04-28 22:34 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-28 22:32 . 2009-04-28 22:32 -------- d-----w c:\program files\QuickTime

2009-04-28 21:58 . 2009-04-28 21:58 75048 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

2009-04-28 21:21 . 2009-04-28 21:21 -------- d-----w c:\windows\Logs

2009-04-28 19:40 . 2009-04-29 04:12 -------- d-----w c:\windows\system32\pt-BR

2009-04-28 17:20 . 2009-04-29 04:12 -------- d-----w c:\windows\system32\XPSViewer

2009-04-28 17:20 . 2009-04-28 17:20 -------- d-----w c:\program files\Reference Assemblies

2009-04-28 17:19 . 2006-06-29 16:07 14048 ------w c:\windows\system32\spmsg2.dll

2009-04-28 16:37 . 2009-04-28 16:37 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple

2009-04-28 16:34 . 2009-04-28 19:18 -------- d-----w C:\7df495c798a6e863a822e211a90b

2009-04-28 14:46 . 2009-05-22 16:43 -------- d-----w c:\documents and settings\Stella Melo\Application Data\DivX

2009-04-28 14:04 . 2009-04-28 14:04 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-28 14:03 . 2009-04-28 14:03 152576 ----a-w c:\documents and settings\Stella Melo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-28 13:15 . 2009-04-28 17:40 -------- d-----w c:\windows\system32\CatRoot_bak

2009-04-28 13:06 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys

2009-04-28 13:06 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys

2009-04-28 13:03 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-28 13:03 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-28 13:03 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-28 12:59 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-04-28 12:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

2009-04-28 12:05 . 2009-04-28 12:05 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet

2009-04-28 11:55 . 2009-04-28 11:55 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google

2009-04-28 11:24 . 2009-04-28 11:24 -------- d-----w c:\documents and settings\Stella Melo\Application Data\vlc

2009-04-28 11:05 . 2009-02-24 19:35 129784 ------w c:\windows\system32\pxafs.dll

2009-04-28 11:05 . 2009-02-24 19:35 120056 ------w c:\windows\system32\pxcpyi64.exe

2009-04-28 11:05 . 2009-02-24 19:35 118520 ------w c:\windows\system32\pxinsi64.exe

2009-04-28 11:05 . 2009-04-28 11:05 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-04-28 11:04 . 2009-04-28 11:05 -------- d-----w c:\program files\Common Files\DivX Shared

2009-04-28 11:04 . 2009-04-28 11:05 -------- d-----w c:\program files\DivX

2009-04-28 04:51 . 2006-10-26 22:56 32592 ----a-w c:\windows\system32\msonpmon.dll

2009-04-28 04:50 . 2009-05-25 03:42 -------- d-----w c:\program files\MSBuild

2009-04-28 04:46 . 2009-04-28 04:46 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Microsoft Help

2009-04-28 04:46 . 2009-05-25 04:03 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help

2009-04-28 03:50 . 2009-04-28 03:50 0 ----a-w c:\windows\nsreg.dat

2009-04-28 03:50 . 2009-04-28 03:50 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Mozilla

2009-04-28 03:42 . 2009-04-29 21:52 -------- d-----w C:\Temp

2009-04-28 03:42 . 2009-05-23 05:06 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Google

2009-04-28 03:41 . 2009-04-28 03:41 -------- d-----w c:\documents and settings\Stella Melo\Application Data\MSNInstaller

2009-04-28 03:41 . 2006-02-17 17:19 16384 ----a-w c:\windows\system32\lgfwunis.exe

2009-04-28 03:41 . 1998-07-22 03:00 102912 ----a-w c:\windows\system32\Vb6stkit.dll

2009-04-28 03:41 . 1998-07-22 03:00 102160 ----a-w c:\windows\system32\VB6KO.DLL

2009-04-28 03:41 . 2009-05-26 01:16 -------- d-----w c:\program files\lg_fwupdate

2009-04-28 03:34 . 2009-04-29 21:54 -------- d-----w c:\program files\Ahead

2009-04-28 03:32 . 2009-04-28 03:32 -------- d-----w c:\program files\CyberLink

2009-04-28 03:31 . 2004-10-01 18:00 40960 ----a-w c:\program files\Uninstall_CDS.exe

2009-04-28 03:31 . 2009-04-28 03:34 -------- d-----w c:\program files\CyberLink DVD Solution

2009-04-28 03:01 . 2009-04-28 03:01 -------- d--h--w c:\windows\PIF

2009-04-28 03:01 . 2009-05-06 02:47 -------- d-----w c:\documents and settings\Stella Melo\Application Data\Autodesk

2009-04-28 02:59 . 2009-04-29 22:18 -------- d-----w c:\documents and settings\Stella Melo\Local Settings\Application Data\Adobe

2009-04-28 02:58 . 2009-05-22 16:46 -------- d-----w c:\program files\Common Files\Adobe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-22 19:48 . 2009-05-22 16:51 -------- d-----w c:\program files\MSN Messenger

2009-05-22 17:45 . 2008-03-21 00:36 1024 ----a-w c:\windows\system32\xvhtaz3.dll

2009-05-22 17:45 . 2008-03-21 00:36 1024 ----a-w c:\windows\system32\grcauth2.dll

2009-05-22 17:45 . 2008-03-21 00:36 1024 ----a-w c:\windows\system32\grcauth1.dll

2009-05-22 17:45 . 2008-03-21 00:36 1024 ----a-w c:\windows\system32\clauth2.dll

2009-05-22 17:45 . 2008-03-21 00:36 1024 ----a-w c:\windows\system32\clauth1.dll

2009-05-22 16:51 . 2009-05-22 16:51 -------- d-----w c:\program files\Common Files\Corel

2009-05-22 16:51 . 2009-05-16 04:23 -------- d-----w c:\program files\Common Files\Corel(2)

2009-05-22 16:51 . 2009-05-21 22:48 -------- d-----w c:\program files\Windows Live

2009-05-22 16:50 . 2009-05-21 22:45 -------- d-----w c:\program files\Common Files\Windows Live

2009-05-22 16:47 . 2009-04-27 05:00 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-01 00:22 . 2009-04-28 01:35 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-28 22:52 . 2009-04-27 05:00 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-28 01:53 . 2009-04-28 01:53 -------- d-----w c:\program files\Intel

2009-04-28 01:47 . 2009-04-28 01:47 -------- d-----w c:\program files\MSXML 4.0

2009-04-28 01:36 . 2009-04-28 01:36 -------- d-----w c:\program files\Windows Media Connect 2

2009-04-28 01:32 . 2009-04-28 01:32 21640 ----a-w c:\windows\system32\emptyregdb.dat

2009-04-28 00:08 . 2009-04-28 00:08 -------- d-----w c:\program files\Alwil Software

2009-04-27 05:00 . 2009-04-27 05:00 -------- d-----w c:\program files\Realtek

2009-04-27 04:20 . 2009-04-27 04:20 -------- d-----w c:\program files\microsoft frontpage

2009-03-19 19:32 . 2009-03-19 19:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys

2009-03-19 19:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-16 17:18 . 2009-04-28 21:26 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll

2009-03-16 17:18 . 2009-04-28 21:26 517448 ----a-w c:\windows\system32\XAudio2_4.dll

2009-03-16 17:18 . 2009-04-28 21:26 235352 ----a-w c:\windows\system32\xactengine3_4.dll

2009-03-16 17:18 . 2009-04-28 21:26 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll

2009-03-09 18:27 . 2009-04-28 21:26 453456 ----a-w c:\windows\system32\d3dx10_41.dll

2009-03-09 18:27 . 2009-04-28 21:26 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll

2009-03-09 18:27 . 2009-04-28 21:26 4178264 ----a-w c:\windows\system32\D3DX9_41.dll

2009-03-06 14:22 . 2008-03-21 00:36 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2008-03-27 20:21 826368 ----a-w c:\windows\system32\wininet.dll

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w c:\program files\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w c:\program files\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w c:\program files\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w c:\program files\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 ----a-w c:\program files\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 ----a-w c:\program files\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w c:\program files\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w c:\program files\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w c:\program files\DSETUP.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll

[-] 2008-03-27 20:22 1614848 058D3710F7D1E27C4BCBDA448BECAABD c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-03-21 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 185896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-28 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-02-20 245760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]

"iTunesHelper"="D:\iTunesHelper.exe" [2009-04-02 342312]

"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 245760]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-03-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/4/2009 21:08 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/4/2009 21:08 20560]

S2 gupdate1c9c7f12f3c8b34;Google Update Service (gupdate1c9c7f12f3c8b34);c:\program files\Google\Update\GoogleUpdate.exe [28/4/2009 08:05 133104]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 15:34]

 

2009-05-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 11:04]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-procexp90.Sys

 

 

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {9D72630C-0544-477D-AF91-BA795E7F6C9D} = 200.149.55.140 200.165.132.147

FF - ProfilePath - c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\

FF - component: c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Stella Melo\Application Data\Mozilla\Firefox\Profiles\i1e8b9tm.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: d:\mozilla plugins\npitunes.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-25 22:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2776)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-05-26 22:23 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-05-26 01:23

 

Pré-execução: 20.347.318.272 bytes free

Pós execução: 20.400.005.120 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

314 --- E O F --- 2009-04-30 13:02

 

 

e do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 22:36:38, on 25/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

D:\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Stella Melo\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D72630C-0544-477D-AF91-BA795E7F6C9D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9c7f12f3c8b34) (gupdate1c9c7f12f3c8b34) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Oi smelo772 Tenha uma boa tarde!

 

Primeiramente execute o combofix e logo em seguida o Kaspersky Virus Removal Tool

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\program files\Common Files\Real\Update_OB\realsched.exe

c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"=-

"Adobe Reader Speed Launcher"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

 

• Baixe: < Kaspersky Virus Removal Tool >

• Salve-o em Arquivos de Programas,e instale-o aí mesmo!

• Reinicie o computador,em Modo de Segurança! <-- Importante!

• Dê início ao exame,clicando em "Scan".

• A verificação é um pouco demorada. Aguarde!

• Caso seja encontrada infecções,clique em "disinfect".

• Terminando,clique na aba Events.

Desmarque a caixa de seleção "Show all events".

• Clique em "Save to file".

Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

Poste,também,HijackThis atualizado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

smelo772    0

smelo772
Postado

Olá amigo!Resolvi deixar o Combo de lado pois da primeira vez ele desconfigurou muito.Mas acho q agora tah td ok.segue os logs.Tb jah passei O kaspersky Online.tudo limpo.

Obrigadissimo por tudo.

 

 

Malwarebytes' Anti-Malware 1.36

Database version: 2174

Windows 5.1.2600 Service Pack 3

 

26/5/2009 23:44:07

mbam-log-2009-05-26 (23-44-07).txt

 

Scan type: Quick Scan

Objects scanned: 104083

Time elapsed: 4 minute(s), 34 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:38:16, on 26/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

D:\iTunesHelper.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe

C:\Documents and Settings\Stella Melo\Desktop\DESKTOP\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Tem certeza que não quer usar o cfscript e resolver o caso aqui mesmo?

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito