[Arquivado] Analise Log ComboFix

[nandopais 0]

bom dia pessoal sera que vcs poderiam me ajudar a decifrar esse log??? o computador esta muito estranho nao abre propriedades de nada

Obrigado

 

ComboFix 09-07-07.A9 - Administrador 08/07/2009 12:37.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.795 [GMT -3:00]

Executando de: c:\documents and settings\Administrador.VERONICA.002\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\11b2c3.msp

c:\windows\Installer\122a7a7.msp

c:\windows\Installer\1514937.msp

c:\windows\Installer\1514991.msp

c:\windows\Installer\dceca.msp

c:\windows\Installer\fc8f4.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))

.

 

2009-07-08 15:21 . 2009-07-08 15:21 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\IECompatCache

2009-07-08 15:21 . 2009-07-08 15:21 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\PrivacIE

2009-07-08 14:32 . 2009-07-08 14:32 -------- d-----w- c:\windows\system32\bits

2009-07-08 14:29 . 2009-07-08 14:29 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Ambiente de impressão

2009-07-08 14:29 . 2009-07-08 14:29 -------- d-----r- c:\documents and settings\Administrador.VERONICA.002\Menu Iniciar

2009-07-08 14:09 . 2009-07-08 15:21 -------- d-----w- c:\documents and settings\Administrador.VERONICA.002\Favoritos

2009-07-08 13:54 . 2009-07-08 13:54 -------- d-sh--w- c:\documents and settings\Administrador.VERONICA.002\IETldCache

2009-07-08 13:46 . 2009-07-08 13:46 -------- d-sh--w- c:\documents and settings\Veronica\IETldCache

2009-07-08 13:42 . 2009-07-08 13:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-08 13:33 . 2008-04-13 22:20 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2009-07-08 13:33 . 2008-04-13 22:20 1306624 ------w- c:\windows\system32\msxml6.dll

2009-07-08 13:33 . 2008-04-13 21:58 86016 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2009-07-08 13:33 . 2008-04-13 21:58 86016 ------w- c:\windows\system32\msxml6r.dll

2009-07-08 13:33 . 2007-06-26 02:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip

2009-07-08 13:33 . 2007-06-26 01:56 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip

2009-07-08 13:33 . 2008-04-13 22:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2009-07-08 13:33 . 2008-04-13 14:45 46592 ------w- c:\windows\system32\drivers\irbus.sys

2009-07-08 13:30 . 2009-07-08 13:30 -------- d-----w- c:\windows\ServicePackFiles

2009-07-08 13:30 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2009-07-08 12:59 . 2009-07-08 14:28 -------- dc-h--w- c:\windows\ie8

2009-07-08 12:41 . 2009-07-08 12:41 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-07-08 12:35 . 2009-07-08 12:35 -------- d-----w- c:\arquivos de programas\VS Revo Group

2009-07-08 12:23 . 2009-07-08 14:33 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Configurações locais

2009-07-08 12:23 . 2009-07-08 14:29 -------- d--h--r- c:\documents and settings\Administrador.VERONICA.002\Dados de aplicativos

2009-07-08 12:23 . 2009-07-08 14:29 -------- d--h--w- c:\documents and settings\Administrador.VERONICA.002\Modelos

2009-07-08 12:23 . 2009-07-08 15:21 -------- d-----w- c:\documents and settings\Administrador.VERONICA.002

2009-07-08 12:06 . 2009-07-08 12:06 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-08 12:05 . 2009-07-08 14:29 -------- d-s---w- c:\documents and settings\Administrador.VERONICA.001

2009-07-08 12:05 . 2009-07-08 14:29 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Configurações locais

2009-07-08 12:05 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Modelos

2009-07-08 12:05 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\Administrador.VERONICA.001\Dados de aplicativos

2009-07-06 11:41 . 2009-07-04 13:24 2052376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-07-06 11:41 . 2009-07-04 13:24 906520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgemc.exe

2009-07-06 11:41 . 2009-06-12 12:20 327688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys

2009-07-06 11:41 . 2009-06-12 12:20 3402008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-07-06 11:41 . 2009-06-12 12:20 1204504 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgabout.dll

2009-07-06 11:40 . 2009-06-12 12:16 1085208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-07-04 13:31 . 2009-07-04 13:31 -------- d-----w- C:\logs

2009-07-04 13:30 . 2008-05-24 00:17 40960 ----a-w- c:\windows\system32\lxduvs.dll

2009-07-04 13:30 . 2008-04-24 04:34 360448 ----a-w- c:\windows\system32\lxducoin.dll

2009-07-04 13:30 . 2001-09-06 02:50 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-07-04 13:30 . 2001-09-06 02:50 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-07-04 13:30 . 2008-05-10 01:42 81920 ----a-w- c:\windows\system32\lxducaps.dll

2009-07-04 13:30 . 2008-05-10 01:42 1036288 ----a-w- c:\windows\system32\lxdudrs.dll

2009-07-04 13:30 . 2008-05-10 01:29 69632 ----a-w- c:\windows\system32\lxducnv4.dll

2009-07-04 13:30 . 2009-07-04 13:30 -------- d-----w- c:\arquivos de programas\Lexmark Printable Web

2009-07-04 13:29 . 2008-05-24 00:58 17064 ----a-w- c:\windows\system32\LXDUwupd.exe

2009-07-04 13:29 . 2008-04-15 23:08 352256 ----a-w- c:\windows\system32\LXDUwupd.dll

2009-07-04 13:24 . 2009-07-04 13:24 3298072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\setup.exe

2009-07-04 13:24 . 2009-07-04 13:24 829208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcfgx.dll

2009-07-04 13:24 . 2009-06-12 12:20 1261344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgwd.dll

2009-07-04 13:22 . 2009-07-04 13:22 1454360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-07-04 13:17 . 2009-07-08 14:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-07-02 12:47 . 2009-07-02 12:47 -------- d-----w- c:\arquivos de programas\Bradesco

2009-07-02 12:47 . 2009-07-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Borland Shared

2009-07-02 12:47 . 2009-07-04 13:16 -------- d-----w- C:\SistecPro

2009-06-30 12:54 . 2009-06-30 12:54 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\Lexmark Productivity Studio

2009-06-30 12:34 . 2009-07-04 13:18 -------- d-----w- C:\RECYCLER(2)

2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Configurações locais

2009-06-30 12:00 . 2009-07-04 13:18 -------- d-s---w- c:\documents and settings\Administrador

2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Modelos

2009-06-30 12:00 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos

2009-06-29 21:37 . 2009-07-04 13:18 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\5600-6600 Series

2009-06-29 21:36 . 2009-07-07 21:04 -------- d-----w- c:\documents and settings\All Users\Lx_cats

2009-06-29 21:28 . 2009-06-29 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\5600-6600 Series

2009-06-29 21:27 . 2009-07-04 13:18 -------- d-----w- c:\arquivos de programas\Abbyy FineReader 6.0 Sprint

2009-06-29 21:25 . 2009-07-04 13:30 -------- d-----w- c:\arquivos de programas\Lexmark 5600-6600 Series

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-08 15:25 . 2001-10-28 12:07 68190 ----a-w- c:\windows\system32\perfc016.dat

2009-07-08 15:25 . 2001-10-28 12:07 427986 ----a-w- c:\windows\system32\perfh016.dat

2009-07-08 14:29 . 2009-07-04 13:16 -------- d-----w- c:\arquivos de programas\Telefonica

2009-07-08 14:28 . 2008-05-14 20:43 -------- d-----w- c:\arquivos de programas\EPSON

2009-07-08 14:28 . 2008-09-01 13:25 -------- d-----w- c:\arquivos de programas\HP

2009-07-07 21:01 . 2008-05-19 14:23 -------- d-----w- c:\documents and settings\Veronica\Dados de aplicativos\AdobeUM

2009-07-06 11:41 . 2008-05-15 12:18 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-04 13:24 . 2008-05-15 12:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-05-12 11:44 . 2008-07-02 12:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-05-12 11:44 . 2008-05-15 12:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-05-15 13:37 . 2008-05-14 20:56 56 -csh--r- c:\windows\system32\7AEA4ACACF.sys

2009-03-18 20:57 . 2008-05-14 20:56 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-01-26 12:48 . 2009-01-26 13:16 2528 -csh--r- c:\windows\system32\DirectX\Dinput\desktop.inf.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-12 11:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgtray.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\lxducoms.exe"=

 

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/5/2008 09:19 108552]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/5/2008 09:18 335752]

S2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2/7/2008 09:42 907032]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/7/2008 09:42 298776]

S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/7/2009 10:30 98984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{28833635-16E8-43C1-9DEC-2D32CFDEAA3D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

 

2009-07-07 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

TCP: {9CEF9A05-56D6-428A-9C72-4ECBEA861739} = 200.204.0.10,200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: PrivateWire - hxxp://cmt.caixa.gov.br/jpw.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-08 12:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-2000478354-362288127-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a9,3d,5f,e0,79,85,43,b3,c1,cb,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a9,3d,5f,e0,79,85,43,b3,c1,cb,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-07-08 12:47

ComboFix-quarantined-files.txt 2009-07-08 15:45

ComboFix2.txt 2009-06-30 12:25

 

Pré-execução: 18 pasta(s) 44.694.740.992 bytes disponíveis

Pós execução: 18 pasta(s) 45.229.281.280 bytes disponíveis

 

179 --- E O F --- 2009-07-08 13:48

[Power Max 54]

:thumbsup: Olá Nandopais!

 

Alguns problemas foram removidos pelo Combofix. Poste, por gentileza, um log do Hijackthis seguindo as dicas deste tópico abaixo para que ele seja analizado:

http://forum.imasters.com.br/index.php?showtopic=165906

 

Ficamos na espera.

[nandopais 0]

ola,, aqui esta lo log obrigado

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:39:39, on 10/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\lxducoms.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hi\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Arquivos de programas\Lexmark Printable Web\bho.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210598237328

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEF9A05-56D6-428A-9C72-4ECBEA861739}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe

O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 6505 bytes

[Power Max 54]

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

___________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.