[Arquivado] Não consigo deletar virus do meu pc

esdrasyave · Junho 7, 2009

Olá, estou com um problema em meu PC. Toda vez que coloco algum pen drive o pc acusa que tem virus mas qdo peço pra deletar, o antivirus nao deleta e aparece a msm mensagem acusando que tem virus..O que devo fazer. Estou enviando o log do Hjack.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:57, on 6/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\vsnp2uvc.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Documents and Settings\Casa\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Dualview Server\dualviewsvc.exe

C:\Arquivos de programas\Smart Watchdog\SWDsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Documents and Settings\Casa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe

O4 - HKLM\..\Run: [sMBTray] C:\Program Files\Smart Battery\SMBTray.exe

O4 - HKLM\..\Run: [smart Watch Dog] -C:\Arquivos de programas\Smart Watchdog\SmartWD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Casa\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE1F610-B293-4D43-A586-D55592FDBBB7}: NameServer = 189.40.224.5 10.223.246.102

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Arquivos de programas\Dualview Server\dualviewsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Arquivos de programas\Smart Watchdog\SWDsvc.exe

--

End of file - 8994 bytes

Power Max · Junho 7, 2009

:thumbsup: Olá esdrasyave!

- Faça o download do ComboFix e salve-o no desktop (área de trabalho):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

Mantenha a tecla [shift] pressionada enquanto espeta o Pendrive, MP3, etc... na porta USB (se tiver mais de um, tem de conectar todos).

Deixe de apertar a tecla [shift] só quando o Pendrive (ou outras mídias) for identificado no Windows explorer. Não os tire até completar todas as instruções.

* Desative, temporariamente, o seu antivírus;

* Feche todas as janelas abertas;

* Dê um duplo clique no arquivo ComboFix;

* Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;

OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.

Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

* Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

* O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.

* Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

* Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.

* Para parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC e o pendrive depois disto.

esdrasyave · Junho 12, 2009

ler\S-1-5-21-1482476501-1644491937-682003330-1013

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-12 to 2009-06-12 ))))))))))))))))))))))))))))

.

2009-06-10 02:26 . 2009-06-10 02:40 -------- d-----w- C:\gamesX

2009-06-09 22:17 . 2009-06-09 22:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-06-09 22:17 . 2009-06-09 22:17 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2009-06-09 22:17 . 2009-06-09 22:17 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-06-09 22:10 . 2009-06-09 22:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-06-09 22:10 . 2009-06-09 22:18 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\DAEMON Tools Lite

2009-06-04 18:33 . 2009-06-04 18:34 31532 ----a-w- C:\new.exe

2009-05-27 17:29 . 2009-05-27 17:29 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-22 14:43 . 2009-05-22 14:43 766 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe

2009-05-22 14:43 . 2009-05-22 14:43 2550 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0727E5AC67F43141071FB8.exe

2009-05-22 14:43 . 2009-05-22 14:43 1518 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_64CF0F5A56F714996FE0BF.exe

2009-05-22 14:43 . 2009-05-22 14:43 1078 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D32E910E796D9B1992CC0A.exe

2009-05-22 14:43 . 2009-05-22 14:43 1078 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_1661033BF80E250A89F8FC.exe

2009-05-22 14:43 . 2009-05-22 14:43 10134 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_84851EE9B80B38F45D2097.exe

2009-05-22 14:43 . 2009-05-22 14:43 -------- d-----w- c:\arquivos de programas\MP3 Player Utilities 4.18

2009-05-21 21:45 . 2009-05-21 21:45 0 ----a-w- c:\documents and settings\Casa\Dados de aplicativos\ud.sys

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

2009-05-19 01:56 . 2009-05-19 01:56 25214 ----a-r- c:\documents and settings\Casa\Dados de aplicativos\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe

2009-05-15 21:44 . 2009-05-15 21:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-05-15 21:42 . 2000-06-26 14:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2009-05-15 21:42 . 2004-07-26 20:16 476320 ------w- c:\windows\system32\ImagXpr7.dll

2009-05-15 21:42 . 2004-07-26 20:16 471040 ------w- c:\windows\system32\ImagXRA7.dll

2009-05-15 21:42 . 2004-07-26 20:16 262144 ------w- c:\windows\system32\ImagXR7.dll

2009-05-15 21:42 . 2004-07-26 20:16 1568768 ------w- c:\windows\system32\ImagX7.dll

2009-05-15 21:42 . 2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2009-05-15 21:42 . 2009-05-15 21:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-05-15 21:42 . 2009-05-15 21:43 -------- d-----w- c:\arquivos de programas\Ahead

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-11 23:45 . 2009-03-07 23:15 -------- d-----w- c:\arquivos de programas\Smart Watchdog

2009-06-11 23:45 . 2009-03-07 23:16 -------- d-----w- c:\arquivos de programas\Dualview Server

2009-05-12 03:31 . 2009-05-12 03:30 -------- d-----w- c:\arquivos de programas\eMule

2009-05-07 15:33 . 2008-04-14 11:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 17:46 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2ccc.tmp

2009-04-29 04:45 . 2008-05-07 02:03 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2008-05-07 02:02 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-29 01:54 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2d97.tmp

2009-04-28 23:46 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2b94.tmp

2009-04-28 21:23 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2cdc.tmp

2009-04-28 21:01 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2b55.tmp

2009-04-21 01:23 . 2009-04-20 15:55 -------- d-----w- c:\arquivos de programas\FreeUndelete

2009-04-20 17:03 . 2009-04-20 16:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-04-20 16:22 . 2009-04-20 16:22 -------- d-----w- c:\arquivos de programas\Recuva

2009-04-20 16:22 . 2009-04-20 16:22 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-04-20 16:22 . 2009-04-20 16:22 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Yahoo!

2009-04-19 19:50 . 2008-04-14 11:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-18 16:57 . 2008-04-14 11:00 48430 ----a-w- c:\windows\system32\perfc016.dat

2009-04-18 16:57 . 2008-04-14 11:00 345026 ----a-w- c:\windows\system32\perfh016.dat

2009-04-15 14:53 . 2008-04-14 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-15 00:49 . 2009-03-07 23:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-08 00:56 . 2009-03-07 22:57 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-29 13:41 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP29af.tmp

2009-03-26 12:46 . 2009-03-07 19:42 90112 ----a-w- c:\windows\DUMP2848.tmp

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 ----a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 ----a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-03-09 133104]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-08-03 53248]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-03 16841216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]

"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]

c:\documents and settings\Casa\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2009-3-7 3450608]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

BTTray.lnk - c:\arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-7 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [7/3/2009 20:08 9856]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/3/2009 19:59 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2009 19:59 20560]

R2 DualView Server;DualView Server Service;c:\arquivos de programas\Dualview Server\dualviewsvc.exe [2/10/2007 03:54 122880]

R2 Smart Watchdog;Smart Watchdog Service;c:\arquivos de programas\Smart Watchdog\SWDsvc.exe [9/9/2007 23:08 65536]

R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [27/9/2007 19:28 20224]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-SMBTray - c:\program files\Smart Battery\SMBTray.exe

HKLM-Run-Smart Watch Dog - -c:\arquivos de programas\Smart Watchdog\SmartWD.exe

SafeBoot-procexp90.Sys

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.18\AMVConverter\grab.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Enviar para Bluetooth - c:\arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Enviar para Dispositivo &Bluetooth... - c:\arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: {9BE1F610-B293-4D43-A586-D55592FDBBB7} = 189.40.224.5 10.223.246.102

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-11 21:40

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-06-12 21:41

ComboFix-quarantined-files.txt 2009-06-12 00:41

Pré-execução: 13 pasta(s) 48.665.153.536 bytes disponíveis

Pós execução: 12 pasta(s) 49.437.868.032 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

168 --- E O F --- 2009-06-10 23:02

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:45:37, on 11/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Documents and Settings\Casa\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Dualview Server\dualviewsvc.exe

C:\Arquivos de programas\Smart Watchdog\SWDsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Documents and Settings\Casa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703