[Arquivado] remoção de provável malware

[willsant 0]

olá, o meu computador, vem se comportando de forma estranha desde a inserção de um pen drive sem a devida precaução de passa-lo pelo anti-virus, ele tem reiniciado com certa frequência, muitas vezes não permite que abra qualquer arquivo, sempre aparece a mensagem do avast informando que encontrou vírus.

 

abaixo segue o log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20:18, on 7/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\Drivers\services.exe

C:\WINDOWS\system32\msnmsnr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\system32\Drivers\DescVoice.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched.1] C:\WINDOWS\system32\Drivers\services.exe

O4 - HKLM\..\Run: [Msn Messenger] C:\WINDOWS\system32\msnmsnr.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/46.18/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237760916328

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237760817109

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2C72DA-FE81-4990-9469-A0D4AFCDAF76}: NameServer = 200.149.55.140,200.202.193.171

O17 - HKLM\System\CS1\Services\Tcpip\..\{9D2C72DA-FE81-4990-9469-A0D4AFCDAF76}: NameServer = 200.149.55.140,200.202.193.171

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10302 bytes

[Power Max 54]

:thumbsup: Olá willsant!

 

- Faça o download do ComboFix e salve-o no desktop (área de trabalho):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

 

Mantenha a tecla [shift] pressionada enquanto espeta o Pendrive, MP3, etc... na porta USB (se tiver mais de um, tem de conectar todos).

Deixe de apertar a tecla [shift] só quando o Pendrive (ou outras mídias) for identificado no Windows explorer. Não os tire até completar todas as instruções.

 

* Desative, temporariamente, o seu antivírus;

* Feche todas as janelas abertas;

* Dê um duplo clique no arquivo ComboFix;

* Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;

OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.

Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

* Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

* O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.

* Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

* Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.

* Para parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC e o pendrive depois disto.

[willsant 0]

Olá Antônio, agrdeço sua ajuda, fiz o que você me recomendou e gostaria que você analisasse os resultados

log do combofix

 

 

ComboFix 09-06-07.07 - Administrador 08/06/2009 18:23:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1454 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1169 [VPS 090419-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\0xuc.com

C:\autorun.inf

C:\ej10fkdo.bat

C:\eyt.exe

C:\i.cmd

C:\icxpa.cmd

C:\minm.cmd

C:\n68mqcra.exe

C:\o3n9k.com

C:\qwtb.com

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe

C:\ukvr.bat

C:\upw.bat

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\msconfig.exe

C:\xh319r9b.bat

C:\yhh.bat

D:\0bcobed.exe

D:\0xuc.com

D:\1ogf.exe

D:\Autorun.inf

D:\cqxj.exe

D:\ej10fkdo.bat

D:\eyt.exe

D:\husyu8n.exe

D:\i.cmd

D:\icxpa.cmd

D:\minm.cmd

D:\n68mqcra.exe

D:\o3n9k.com

D:\qwtb.com

D:\ukvr.bat

D:\upw.bat

D:\xh319r9b.bat

D:\yhh.bat

E:\0bcobed.exe

 

log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:39:03, on 8/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\RTHDCPL.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\ARQUIV~1\MICROS~1\Office12\OUTLOOK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\downloads\HiJackThis.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/46.18/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237760916328

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237760817109

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2C72DA-FE81-4990-9469-A0D4AFCDAF76}: NameServer = 200.149.55.140,200.202.193.171

O17 - HKLM\System\CS1\Services\Tcpip\..\{9D2C72DA-FE81-4990-9469-A0D4AFCDAF76}: NameServer = 200.149.55.140,200.202.193.171

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9813 bytes

[Power Max 54]

:thumbsup: Vários problemas foram removidos pelo Combofix, mas o log dele está incompleto. Copie o log dele completo por gentileza e poste em sua próxima resposta.

 

Fico na espera.

[willsant 0]

olá Antônio, segue o log completo

 

ComboFix 09-06-07.07 - Administrador 08/06/2009 18:23:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1454 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1169 [VPS 090419-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\0xuc.com

C:\autorun.inf

C:\ej10fkdo.bat

C:\eyt.exe

C:\i.cmd

C:\icxpa.cmd

C:\minm.cmd

C:\n68mqcra.exe

C:\o3n9k.com

C:\qwtb.com

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe

C:\ukvr.bat

C:\upw.bat

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\msconfig.exe

C:\xh319r9b.bat

C:\yhh.bat

D:\0bcobed.exe

D:\0xuc.com

D:\1ogf.exe

D:\Autorun.inf

D:\cqxj.exe

D:\ej10fkdo.bat

D:\eyt.exe

D:\husyu8n.exe

D:\i.cmd

D:\icxpa.cmd

D:\minm.cmd

D:\n68mqcra.exe

D:\o3n9k.com

D:\qwtb.com

D:\ukvr.bat

D:\upw.bat

D:\xh319r9b.bat

D:\yhh.bat

E:\0bcobed.exe

E:\0xuc.com

E:\1ogf.exe

E:\Autorun.inf

E:\cqxj.exe

E:\ej10fkdo.bat

E:\eyt.exe

E:\husyu8n.exe

E:\i.cmd

E:\icxpa.cmd

E:\minm.cmd

E:\n68mqcra.exe

E:\o3n9k.com

E:\qwtb.com

E:\ukvr.bat

E:\upw.bat

E:\xh319r9b.bat

E:\yhh.bat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_AVPsys

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))

.

 

2009-06-08 00:36:08 . 2009-06-08 19:23:00 0 d-----w- C:\Arquivos de programas\Eset

2009-06-07 22:34:59 . 2009-06-08 18:36:54 298104 ----a-w- C:\WINDOWS\system32\imon.dll

2009-06-07 22:34:59 . 2009-06-08 18:36:53 512096 ----a-w- C:\WINDOWS\system32\drivers\amon.sys

2009-06-07 22:34:58 . 2009-06-08 18:36:53 15424 ----a-w- C:\WINDOWS\system32\drivers\nod32drv.sys

2009-06-07 22:32:05 . 2009-06-07 22:35:20 0 d-----w- C:\WINDOWS\system32\drivers\$NOD32$

2009-06-07 17:41:59 . 2009-06-07 18:05:15 0 d-----w- C:\My-3D-Album

2009-06-07 16:33:45 . 2009-06-07 16:33:46 0 d-----w- C:\Arquivos de programas\3D-Album-CS

2009-06-07 16:25:13 . 2001-09-19 19:44:00 1409119 ----a-w- C:\WINDOWS\system32\DigiVCap.dll

2009-06-07 16:25:13 . 2001-09-19 19:27:40 45144 ----a-w- C:\WINDOWS\system32\Mqwork.dll

2009-06-07 16:25:13 . 2001-09-19 19:06:52 233560 ----a-w- C:\WINDOWS\system32\SwcDvvfw.dll

2009-06-07 16:25:13 . 2001-09-19 19:05:38 102492 ----a-w- C:\WINDOWS\system32\swcmpegvfw.dll

2009-06-07 16:25:13 . 2001-09-19 19:04:14 163932 ----a-w- C:\WINDOWS\system32\swcjpegvfw.dll

2009-06-07 16:25:13 . 2001-09-19 19:02:34 77914 ----a-w- C:\WINDOWS\system32\Mqcache.dll

2009-06-07 16:25:13 . 2001-09-19 18:32:22 98398 ----a-w- C:\WINDOWS\system32\DGcolorXVFW.dll

2009-06-06 21:46:38 . 2009-06-06 21:46:38 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\3D-Album

2009-06-06 21:36:03 . 2007-03-16 19:49:40 8330560 ----a-w- C:\WINDOWS\system32\vaengine.dll

2009-06-06 21:36:02 . 2009-06-06 21:36:02 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\visviva

2009-06-06 21:36:00 . 2009-06-06 21:36:00 0 d-----w- C:\WINDOWS\system32\vscrsaver

2009-06-05 01:09:59 . 2009-06-07 21:02:39 0 d-----w- C:\Arquivos de programas\eMule

2009-06-05 00:49:38 . 2009-06-05 00:49:56 0 d-----w- C:\Documents and Settings\All Users\AdobeTemp

2009-06-04 23:53:54 . 2009-06-07 22:01:16 0 d-----w- C:\Arquivos de programas\DreaMule

2009-06-04 00:32:17 . 2009-06-04 00:32:42 65536 ----a-r- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Installer\{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}\FP11Start.exe

2009-06-04 00:32:17 . 2009-06-04 00:32:42 65536 ----a-r- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Installer\{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}\FP11Desktop.exe

2009-06-04 00:32:17 . 2009-06-04 00:32:42 65536 ----a-r- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Installer\{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}\FP110Start_8E7A41FE502642249D7E2DA3F0B41270.exe

2009-06-04 00:31:47 . 2009-06-04 00:31:47 0 d-----w- C:\Arquivos de programas\IMSI

2009-05-31 01:47:52 . 2009-05-31 01:47:52 0 d-----w- C:\Arquivos de programas\Alcohol Soft

2009-05-31 01:46:38 . 2009-05-31 18:53:23 716272 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2009-05-15 01:50:20 . 2009-05-15 02:34:54 0 d-sh--w- C:\Documents and Settings\Administrador\Phone Browser

2009-05-13 16:13:59 . 2009-05-13 16:13:59 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-05-13 15:56:47 . 2009-05-13 15:56:47 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2009-05-13 01:09:59 . 2009-05-06 07:04:31 24312696 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_en.exe

2009-05-13 01:09:55 . 2009-05-13 01:09:55 36864 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe

2009-05-13 01:09:55 . 2009-05-13 01:09:55 3351812 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe

2009-05-13 01:09:54 . 2009-05-13 01:09:54 3181612 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe

2009-05-12 22:12:04 . 2009-05-12 22:17:03 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\PC Suite

2009-05-12 22:12:04 . 2009-05-12 22:16:33 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2009-05-12 22:11:47 . 2009-05-15 05:20:39 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia

2009-05-12 22:11:14 . 2009-05-12 22:11:14 0 d-----w- C:\Arquivos de programas\DIFX

2009-05-12 22:11:13 . 2007-09-17 18:53:26 21632 ----a-w- C:\WINDOWS\system32\drivers\pccsmcfd.sys

2009-05-12 22:10:57 . 2009-05-12 22:10:59 0 d-----w- C:\Arquivos de programas\PC Connectivity Solution

2009-05-12 22:10:24 . 2009-06-07 22:14:06 0 d-----w- C:\Arquivos de programas\Nokia

2009-05-12 22:10:24 . 2007-11-29 13:32:38 48128 ----a-w- C:\WINDOWS\system32\nmwcdcls.dll

2009-05-12 22:10:08 . 2008-04-29 06:19:48 34912528 ----a-r- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Nokia_PC_Suite_rel_6_86_9_4_US.exe

2009-05-12 22:09:35 . 2009-05-12 22:09:35 8192 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe

2009-05-12 22:09:35 . 2009-05-12 22:09:35 61440 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-05-12 22:09:35 . 2009-05-12 22:09:35 10240 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe

2009-05-12 22:09:29 . 2009-05-13 01:09:45 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-08 21:29:01 . 2008-09-29 02:14:01 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Orbit

2009-06-08 21:19:34 . 2008-10-12 01:00:29 0 d-----w- C:\Arquivos de programas\Orbitdownloader

2009-06-08 18:48:32 . 2009-04-15 23:28:40 1822 ----a-w- C:\WINDOWS\WindowsShell.dll

2009-06-07 22:09:39 . 2008-09-16 03:36:43 0 d-----w- C:\Arquivos de programas\Nero

2009-06-07 22:08:47 . 2008-09-07 02:18:22 0 d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-06-07 22:08:43 . 2009-04-02 03:13:11 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2009-06-07 22:02:51 . 2009-05-07 00:38:25 0 d-----w- C:\Arquivos de programas\Microsoft ActiveSync

2009-06-07 22:01:52 . 2008-10-11 05:39:27 0 d-----w- C:\Arquivos de programas\Flash Menu Labs Pro v2

2009-06-04 17:57:55 . 2009-04-22 02:01:37 10 ----a-w- C:\WINDOWS\system32\drivers\AtualizaTROIA

2009-06-04 17:57:53 . 2009-05-18 00:58:56 10 ----a-w- C:\WINDOWS\system32\drivers\AtualizaMSN

2009-05-21 22:37:53 . 2008-09-18 00:53:45 0 d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-05-14 23:34:21 . 2008-09-13 00:18:33 2568 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-05-14 23:34:21 . 2008-09-13 00:18:33 2568 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-05-12 22:16:19 . 2009-05-12 22:16:19 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2009-05-10 02:18:54 . 2001-10-28 12:07:18 81544 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-05-10 02:18:54 . 2001-10-28 12:07:18 474004 ----a-w- C:\WINDOWS\system32\perfh016.dat

2009-05-07 00:40:16 . 2009-05-07 00:40:16 0 d-----w- C:\Arquivos de programas\Samsung

2009-05-01 00:18:34 . 2008-09-07 02:18:18 0 d-----w- C:\Arquivos de programas\Arquivos comuns\InstallShield

2009-04-25 23:01:34 . 2009-04-25 23:01:34 0 d-----w- C:\Arquivos de programas\Arquivos comuns\xing shared

2009-04-25 23:01:32 . 2008-12-12 02:39:52 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Real

2009-04-22 01:37:02 . 2008-09-18 02:50:18 0 d-----w- C:\Arquivos de programas\K-Lite Codec Pack

2009-04-21 07:50:18 . 2009-04-21 07:43:38 0 d-----w- C:\Arquivos de programas\NitroPC

2009-04-21 07:33:55 . 2009-04-21 07:33:45 140 ----a-w- C:\tw0001.dat

2009-04-20 01:19:19 . 2009-04-20 01:19:19 0 d-----w- C:\Arquivos de programas\Alwil Software

2009-04-18 18:41:05 . 2009-04-18 18:41:05 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Alien Skin

2009-04-17 23:12:36 . 2009-04-15 23:30:58 25088 ----a-w- C:\WINDOWS\system32\Dube.exe

2009-04-17 23:12:35 . 2009-04-15 23:28:40 27 ----a-w- C:\WINDOWS\system32\drivers\AntModem.sys

2009-04-17 19:19:25 . 2009-04-15 23:28:36 1602 ----a-w- C:\WINDOWS\system32\drivers\BoxFile.bcc

2009-04-16 00:16:16 . 2009-04-16 00:16:16 9 ----a-w- C:\WINDOWS\system32\drivers\Milk

2009-04-15 23:30:02 . 2009-04-15 23:30:02 577 ----a-w- C:\WINDOWS\system32\drivers\Body.bcc

2009-04-15 23:28:40 . 2009-04-15 23:28:40 133632 ----a-w- C:\WINDOWS\system32\drivers\DescVoice.exe

2009-04-12 02:39:20 . 2009-04-12 02:39:20 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Bitstream

2009-04-05 01:22:07 . 2009-04-04 22:11:50 1024 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software\Motorola Phone Tools\faxres.cmd

2009-04-03 02:35:00 . 2009-03-04 20:22:19 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll

2009-04-03 02:33:43 . 2009-03-31 22:06:37 152576 ----a-w- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-03-31 22:07:04 . 2009-03-31 22:07:04 0 ----a-w- C:\WINDOWS\system32\REN1B.tmp

2002-07-31 22:55:12 . 2008-11-03 03:08:39 246 --sh--w- C:\WINDOWS\WSYS049.SYS

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:20:54 15360]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 20:11:08 3477504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 05:55:14 98304]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37:13 79224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-03 02:35:00 148888]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-25 23:01:20 185872]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2009-06-08 18:36:53 949376]

"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-07-05 08:08:46 16380416]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-10-11 1719496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Bebe_Jeans.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Bebe_Jeans.lnk

backup=C:\WINDOWS\pss\Bebe_Jeans.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayHabil

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"Bonjour Service"=2 (0x2)

"hpdj"=2 (0x2)

"BlueSoleil Hid Service"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"17247:TCP"= 17247:TCP:BitComet 17247 TCP

"17247:UDP"= 17247:UDP:BitComet 17247 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [19/9/2008 19:20:23 75856]

R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys [7/6/2009 19:34:58 15424]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [19/9/2008 19:20:23 20560]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [26/2/2007 11:11:52 61440]

S2 dfygnrim;Time Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 02:45:44 14336]

S3 MapMem;MapMem;\??\F:\mapmem.sys --> F:\mapmem.sys [?]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [4/4/2009 22:11:55 40832]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

dfygnrim

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-SunJavaUpdateSched.1 - C:\WINDOWS\system32\Drivers\services.exe

SafeBoot-procexp90.Sys

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html

IE: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html

LSP: C:\WINDOWS\system32\imon.dll

TCP: {9D2C72DA-FE81-4990-9469-A0D4AFCDAF76} = 200.149.55.140,200.202.193.171

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\4mrqvxxz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.globo.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

FF - plugin: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll

.

[Power Max 54]

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

http://sd-1.archive-host.com/membres/up/12...5653/UsbFix.exe

 

● Desative temporariamente seu antivírus;

● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > clique em Sim > Démarrer > Quitter);

● Será criado um novo ícone do Usbfix em seu desktop. Dê um duplo clique neste novo ícone para executá-lo;

● Insira o pen drive, MP3, MP4, ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC;

● Tecle 2, pressione Enter > Clique em Ok > e siga as instruções que aparecer. Seu computador será reiniciado, aguarde e espere-o reiniciar;

● O PC será reiniciado. Mantenha o pen drive no local. Não remova!

● Após reiniciar, a ferramenta será executada automaticamente. Apenas aguarde sem mover o mouse ou usar o teclado;

● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt

 

OBS: Se após reiniciar o seu desktop sumir por um longo tempo, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK.

_______________________________________________________________________________

 

Faça também o seguinte, por gentileza:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Usbfix que estará em C:\UsbFix.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.