[Resolvido!] Meu computador esta travando com uso 1000% da CPU

[edensl 0]

Bom dia pessoal,

 

Sou leigo em informatica, mas meu pc esta travando a todo momento. nao utilizo meu pc sozinho e apos realizar o acesso a ele, deu no windows o erro Erro "smll86.dll nao encontrada no modulo", fiz algumas pesquisas e fui orientado a utilizar o aplicativo combo fix para correcao. Apos utilizar o aplicativo o erro inciial foi solucionado porem meu pc esta travando muito nao sendo quase possivel abrir o internet explorer. A CPU ta acusando sempre 100%. Podem me ajudar.

 

 

Segue o log Hijack This e o relatorio Combofix.txt

 

Logfile of HijackThis v1.99.1

Scan saved at 00:36:54, on 14/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Edenilson & Beth\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Edenilson & Beth\Desktop\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edenilson & Beth\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS3\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

 

 

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

ComboFix 09-07-13.01 - Edenilson & Beth 14/07/2009 0:25.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1542 [GMT -3:00]

Executando de: c:\documents and settings\Edenilson & Beth\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-14 to 2009-07-14 ))))))))))))))))))))))))))))

.

 

2009-07-13 20:56 . 2009-07-13 23:36 -------- d-----w- c:\windows\BDOSCAN8

2009-07-13 19:48 . 2009-07-14 03:24 270368 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-13 19:48 . 2009-07-14 03:20 2136096 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-13 19:32 . 2009-07-13 19:32 -------- d-----w- C:\32788R22FWJFW.0.tmp

2009-07-12 14:26 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2009-07-11 03:41 . 2009-07-13 03:04 -------- d-----w- c:\arquivos de programas\MegaJogos

2009-07-10 18:41 . 2009-07-10 18:41 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2009-07-10 18:41 . 2009-07-10 18:41 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2009-07-10 18:41 . 2009-07-10 18:41 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2009-07-10 18:38 . 2009-07-10 18:38 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2009-07-10 05:33 . 2009-07-10 05:33 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-10 05:32 . 2009-07-10 05:32 152576 ----a-w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-07-10 05:11 . 2009-07-10 05:11 -------- d-----w- c:\windows\system32\NtmsData

2009-07-10 05:07 . 2009-07-10 05:07 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-07-10 04:29 . 2009-07-10 04:29 206088 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-07-10 04:29 . 2009-07-10 04:29 33808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-07-10 04:29 . 2009-07-10 04:29 226832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-07-10 04:01 . 2009-07-10 04:29 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-07-10 04:01 . 2009-07-10 04:29 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-07-10 04:00 . 2009-07-14 03:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-07-10 04:00 . 2009-07-10 04:00 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2009-07-10 03:59 . 2009-07-10 03:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-07-07 20:03 . 2009-07-13 22:39 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Skype

2009-07-07 20:02 . 2009-07-07 20:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-07-07 20:02 . 2009-07-07 20:03 -------- d-----r- c:\arquivos de programas\Skype

2009-07-07 20:02 . 2009-07-07 20:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-07-04 23:38 . 2009-07-04 23:38 -------- d-----w- c:\windows\system32\Media Player Classic

2009-07-04 23:19 . 2009-07-04 23:19 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\NeroDigital™

2009-07-03 23:18 . 2009-07-03 23:18 -------- d-----w- c:\arquivos de programas\Nero

2009-07-02 20:18 . 2008-06-24 16:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll

2009-06-29 15:11 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-06-29 15:11 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-06-29 15:11 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-06-29 15:11 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-06-29 03:52 . 2009-06-29 03:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-29 03:52 . 2009-06-29 03:52 -------- d-----w- c:\arquivos de programas\UndeleteMyFiles

2009-06-29 03:14 . 2009-06-29 03:20 -------- d-----w- C:\Recover Files

2009-06-29 03:02 . 2009-07-04 17:35 -------- d-----w- c:\arquivos de programas\Recover Files

2009-06-27 20:44 . 2009-06-27 20:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-06-27 20:31 . 2009-07-12 03:23 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-06-27 19:41 . 2009-06-27 19:41 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-06-27 19:40 . 2009-06-27 19:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-27 17:46 . 2009-06-27 17:46 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-06-27 17:45 . 2009-06-27 17:45 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-06-27 17:45 . 2009-06-27 17:45 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-06-27 15:34 . 2009-06-27 15:34 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-06-26 19:14 . 2009-06-26 20:17 -------- d--h--w- c:\arquivos de programas\Scpad

2009-06-25 13:28 . 2009-06-25 13:28 -------- d-----w- c:\windows\Sun

2009-06-23 03:01 . 2008-03-03 21:21 572 ---ha-w- c:\windows\nod32fixtemdono.reg

2009-06-23 03:01 . 2008-03-03 17:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg

2009-06-23 02:59 . 2009-07-13 22:50 -------- d-----w- c:\arquivos de programas\ESET

2009-06-23 02:59 . 2009-06-23 02:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-06-23 02:35 . 2009-06-23 02:35 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2009-06-20 09:04 . 2009-06-27 16:24 -------- d-----w- C:\divx

2009-06-17 15:35 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-06-17 15:35 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-06-17 15:35 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-06-17 15:35 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-06-17 15:35 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-06-16 18:43 . 2009-06-16 18:43 -------- d-----w- c:\arquivos de programas\VS Revo Group

2009-06-16 18:15 . 2009-06-16 18:15 -------- d-----w- c:\windows\l2schemas

2009-06-16 18:15 . 2009-06-16 18:15 -------- d-----w- c:\windows\system32\bits

2009-06-16 18:13 . 2009-06-16 18:15 -------- d-----w- c:\windows\ServicePackFiles

2009-06-16 03:57 . 2009-06-28 18:03 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\uTorrent

2009-06-16 03:54 . 2009-06-16 04:13 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\BitTorrent

2009-06-16 03:54 . 2009-06-18 00:33 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA

2009-06-16 03:54 . 2009-06-17 17:24 -------- d-----w- c:\arquivos de programas\DNA

2009-06-16 03:54 . 2009-06-16 03:54 -------- d-----w- c:\arquivos de programas\AskBarDis

2009-06-16 03:26 . 2009-07-13 03:55 -------- d-----w- c:\arquivos de programas\DreMule

2009-06-15 23:48 . 2009-06-15 23:48 -------- d-----w- c:\arquivos de programas\TVUPlayer

2009-06-15 23:47 . 2009-06-15 23:47 -------- d-----w- c:\arquivos de programas\SopCast

2009-06-15 23:45 . 2009-07-13 02:55 -------- d-----w- c:\arquivos de programas\Megacubo

2009-06-14 23:58 . 2009-06-15 00:02 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\dvdcss

2009-06-14 14:40 . 2009-06-14 15:36 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\vlc

2009-06-14 14:39 . 2009-06-15 00:09 -------- d-----w- c:\arquivos de programas\VLC

2009-06-14 10:29 . 2009-06-14 10:29 -------- d-----w- c:\windows\ie8updates

2009-06-14 10:26 . 2009-06-14 10:26 -------- d-----w- c:\arquivos de programas\MSXML 4.0

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-14 03:29 . 2009-07-13 19:48 2032 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-14 03:20 . 2009-07-13 19:48 20912 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-12 20:05 . 2009-06-11 18:34 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Orbit

2009-07-12 14:26 . 2009-07-12 14:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2009-07-12 14:26 . 2009-07-12 14:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-07-10 05:32 . 2009-06-11 18:41 -------- d-----w- c:\arquivos de programas\Java

2009-07-10 04:29 . 2008-01-29 20:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-07-10 04:04 . 2009-06-11 20:09 -------- d-----w- c:\arquivos de programas\Avira

2009-07-10 03:37 . 2009-06-11 18:34 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-07-04 23:38 . 2009-06-11 18:35 -------- d-----w- c:\arquivos de programas\MediaCoder

2009-07-03 23:20 . 2009-06-11 19:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-07-03 23:18 . 2009-06-11 19:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-06-28 18:01 . 2009-06-11 19:25 -------- d-----w- c:\arquivos de programas\Download Direct

2009-06-28 17:32 . 2009-06-11 19:53 -------- d-----w- c:\arquivos de programas\Google

2009-06-27 20:24 . 2009-06-11 23:54 -------- d-----w- c:\arquivos de programas\Windows Live

2009-06-27 16:26 . 1782-01-19 03:14 68190 ----a-w- c:\windows\system32\perfc016.dat

2009-06-27 16:26 . 1782-01-19 03:14 427986 ----a-w- c:\windows\system32\perfh016.dat

2009-06-27 16:22 . 2009-06-13 12:14 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-06-17 16:17 . 2009-06-11 19:23 -------- d-----w- c:\arquivos de programas\Total Video Converter

2009-06-14 10:28 . 2009-06-11 19:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-06-13 12:14 . 2009-06-13 12:11 -------- d-----w- c:\arquivos de programas\Microsoft

2009-06-13 11:56 . 2009-06-13 11:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-06-13 00:51 . 2009-06-11 20:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-06-12 00:11 . 2009-06-11 23:54 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-06-11 23:53 . 2009-06-11 23:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-06-11 22:05 . 2009-06-11 22:05 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Media Player Classic

2009-06-11 22:05 . 2009-06-11 22:05 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DivX

2009-06-11 21:34 . 2009-06-11 21:34 10 ----a-w- c:\windows\popcinfo.dat

2009-06-11 21:31 . 2009-06-11 19:22 -------- d-----w- c:\arquivos de programas\Zuma Deluxe

2009-06-11 21:25 . 2009-06-11 20:42 -------- d-----w- c:\arquivos de programas\GameVicio

2009-06-11 21:20 . 2009-06-11 21:20 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Nitro PDF

2009-06-11 21:19 . 2009-06-11 21:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nitro PDF

2009-06-11 21:19 . 2009-06-11 21:19 -------- d-----w- c:\arquivos de programas\Nitro PDF

2009-06-11 21:19 . 2009-06-11 21:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nitro PDF

2009-06-11 21:19 . 2009-06-11 21:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\BCL Technologies

2009-06-11 21:11 . 2009-06-11 21:11 -------- d-----w- c:\arquivos de programas\Ubisoft

2009-06-11 21:11 . 2009-06-11 18:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-11 21:00 . 2009-06-11 21:00 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-06-11 20:59 . 2009-06-11 20:59 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-06-11 20:57 . 2009-06-11 20:57 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-11 20:52 . 2009-06-11 19:08 -------- d-----w- c:\arquivos de programas\Game Fix

2009-06-11 20:52 . 2009-06-11 19:08 4650 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.dat

2009-06-11 20:52 . 2009-06-11 19:08 730656 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.exe

2009-06-11 20:52 . 2009-06-11 20:52 2182 ----a-w- c:\windows\system32\unins000.dat

2009-06-11 20:52 . 2009-06-11 20:52 728858 ----a-w- c:\windows\system32\unins000.exe

2009-06-11 20:34 . 2009-06-11 20:34 -------- d-----w- c:\arquivos de programas\Activision

2009-06-11 19:47 . 2009-06-11 19:47 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Nero

2009-06-11 19:45 . 2009-06-11 19:45 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-06-11 19:38 . 2009-06-11 19:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-06-11 19:37 . 2009-06-11 19:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-06-11 19:23 . 2009-06-11 19:23 -------- d-----w- c:\arquivos de programas\PopCap Games

2009-06-11 19:19 . 2009-06-11 19:19 -------- d-----w- c:\arquivos de programas\Audacity

2009-06-11 19:18 . 2009-06-11 19:18 -------- d-----w- c:\arquivos de programas\Blender Foundation

2009-06-11 19:17 . 2009-06-11 19:17 -------- d-----w- c:\arquivos de programas\CCleaner

2009-06-11 19:03 . 2009-06-11 19:03 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-06-11 19:02 . 2009-06-11 19:02 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-11 18:59 . 2009-06-11 18:56 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DAEMON Tools Lite

2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2009-06-11 18:57 . 2009-06-11 18:57 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-06-11 18:56 . 2009-06-11 18:56 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-06-11 18:54 . 2009-06-11 18:54 -------- d-----w- c:\arquivos de programas\DivX

2009-06-11 18:46 . 2009-06-11 18:38 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\fretsonfire

2009-06-11 18:39 . 2009-06-11 18:39 0 ----a-w- c:\windows\nsreg.dat

2009-06-11 18:38 . 2009-06-11 18:38 -------- d-----w- c:\arquivos de programas\Frets on Fire

2009-06-11 18:38 . 2009-06-11 18:38 -------- d-----w- c:\arquivos de programas\HD Tune

2009-06-11 18:37 . 2009-06-11 18:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-06-11 18:37 . 2009-06-11 18:37 -------- d-----w- c:\arquivos de programas\Fotos 3x4

2009-06-11 18:36 . 2009-06-11 18:36 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-06-11 18:35 . 2009-06-11 18:34 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\GrabPro

2009-06-11 18:34 . 2009-06-11 18:33 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-06-11 18:33 . 2009-06-11 18:33 -------- d-----w- c:\arquivos de programas\RocketDock

2009-06-11 18:32 . 2009-06-11 18:32 -------- d-----w- c:\arquivos de programas\DVD Decrypter

2009-06-11 18:32 . 2009-06-11 18:32 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2009-06-11 18:22 . 2009-06-11 18:10 -------- d-----w- c:\arquivos de programas\Realtek

2009-06-11 18:17 . 2009-06-11 18:17 -------- d-----w- c:\documents and settings\Edenilson & Beth\Dados de aplicativos\InstallShield

2009-06-11 18:17 . 2009-06-11 18:17 -------- d-----w- c:\arquivos de programas\Intel

2009-06-11 18:12 . 2009-06-11 18:12 -------- d-----w- c:\arquivos de programas\VIA

2009-06-11 18:12 . 2009-06-11 18:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-06-11 18:11 . 2009-06-11 18:11 -------- d-----w- c:\arquivos de programas\Realtek Sound Manager

2009-06-11 18:11 . 2009-06-11 18:11 -------- d-----w- c:\arquivos de programas\AvRack

2009-06-11 18:11 . 2009-06-11 18:11 -------- d-----w- c:\arquivos de programas\Realtek AC97

2009-06-11 18:07 . 2009-06-11 18:07 319488 ----a-w- c:\windows\HideWin.exe

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-03-09 10:25 . 2009-06-11 19:08 236 ---ha-w- c:\arquivos de programas\Arquivos comuns\dx.reg

2009-06-13 12:16 . 2009-06-11 18:39 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-13_19.56.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 03:21 . 2009-07-14 03:21 16384 c:\windows\Temp\Perflib_Perfdata_5b8.dat

+ 2009-01-05 18:44 . 2009-01-05 18:44 53248 c:\windows\bdoscandel.exe

+ 2009-07-13 20:56 . 2009-07-13 20:56 86016 c:\windows\BDOSCAN8\librtvr.dll

+ 2009-07-13 20:56 . 2009-07-13 20:56 27136 c:\windows\BDOSCAN8\avxt.dll

+ 2009-07-13 20:56 . 2009-07-13 20:56 10240 c:\windows\BDOSCAN8\avxs.dll

+ 2009-07-13 20:56 . 2009-07-13 20:56 45056 c:\windows\BDOSCAN8\avxdisk.dll

+ 2009-01-05 18:44 . 2009-01-05 18:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll

+ 2009-01-05 18:44 . 2009-01-05 18:44 741376 c:\windows\BDOSCAN8\ipsupd.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 20:24 325000 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="c:\documents and settings\Edenilson & Beth\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]

"Nitro PDF Printer Monitor"="c:\arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-28 68592]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-10 206088]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Edenilson & Beth\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/1/2008 17:29 33808]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/4/2008 17:06 24592]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/1/1782 00:14 3584]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/7/2009 15:41 13224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]

cscript //B "c:\arquivos de programas\Nitro PDF\Professional\RemoveOldAddins.vbs"

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.orbitdownloader.com

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {36772B62-7D42-4488-891A-1C8FE7490D66} = 192.168.254.254

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - c:\documents and settings\Edenilson & Beth\Dados de aplicativos\Mozilla\Firefox\Profiles\qqun8l8i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.atarde.com.br

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-14 00:29

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2692)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-07-14 0:31

ComboFix-quarantined-files.txt 2009-07-14 03:31

ComboFix2.txt 2009-07-13 20:35

ComboFix3.txt 2009-07-13 19:59

 

Pré-execução: 9 pasta(s) 87.580.282.880 bytes disponíveis

Pós execução: 9 pasta(s) 87.546.630.144 bytes disponíveis

 

290 --- E O F --- 2009-06-18 00:33

 

 

Desde já agradeço Pessoal!!!!!!

 

Valeu!!!!

[Power Max 54]

:thumbsup: Olá edensl! Seja bem-vindo ao Fórum Imasters.

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

______________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download de ToolBar S&D

*Salve-o no desktop (área de trabalho).

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

*Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

*Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

*Terminando, o relatório estará em C:\ToolBar SD\TB_1.txt

______________________________________________________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log que estará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[edensl 0]

Antonio, primeiro muito obrigado pela força e parabns tambem ao forum imasters.

 

Antonio fiz tudo q você me peidu meu computador no dia 15 e 16 tava beleza, mas ontem voltou de novo. Sera pq fiz reparação no windows?

Segue os logs q você me pediu. Obrigado!

 

Log do Toolbar:

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( s b 18/07/2009|16:24 )

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskBarDis\bar

Deletado! - C:\Arquivos de programas\AskBarDis

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(Edenilson & Beth) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://search.orbitdownloader.com"'>http://search.orbitdownloader.com"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page Redirect Cache"="http://br.msn.com/?ocid=iehp"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qua 15/07/2009| 0:29 - Option : [2]

2 - "C:\ToolBar SD\TB_2.txt" - qui 16/07/2009| 2:46 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - s b 18/07/2009|16:26 - Option : [2]

 

-----------\\ Verificação completa em 16:26:07,40

 

 

Log do Antimalwares:

 

 

Malwarebytes' Anti-Malware 1.39

Versão do banco de dados: 2461

Windows 5.1.2600 Service Pack 3

 

18/7/2009 19:13:21

mbam-log-2009-07-18 (19-13-21).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|G:\|I:\|K:\|L:\|M:\|)

Objetos verificados: 151669

Tempo decorrido: 22 minute(s), 52 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Log do Hijack This:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:14:43, on 18/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Edenilson & Beth\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Edenilson & Beth\Desktop\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - Default URLSearchHook is missing

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edenilson & Beth\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS3\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS4\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS5\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

[Power Max 54]

:!: No seu log do Combofix está constando que você tem uma versão pirata do Nod32 em seu PC e é muito importante desinstalá-la, pois um antivirus crackeado ou pirateado é mais perigoso que os próprios virus. Para isto vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > Veja se há um programa com o nome de NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (ou algum programa relativo ao Nod32 e o desinstale).

 

Aproveite e desinstale também um programa chamado DNA, pois ele é problemático.

___________________________________________________________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

___________________________________________________________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________________________________________________________

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Folders to delete:

C:\32788R22FWJFW.0.tmp

c:\arquivos de programas\Ask Search Assistant

c:\arquivos de programas\DNA

c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA

c:\arquivos de programas\ESET

c:\documents and settings\All Users\Dados de aplicativos\ESET

 

Files to delete:

c:\windows\nod32fixtemdono.reg

c:\windows\nod32restoretemdono.reg

c:\windows\HideWin.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

___________________________________________________________________________________

 

:seta: Depois disto, siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\EsetOnlineScanner\log

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log do Avenger que estará em C:\avenger.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[edensl 0]

Antonio, obrigado mais uma vez!

 

Fiz o que você me pediu e tambem desabilitei algumns sistemas que inicializam com windows para otimizar a maquina.

 

Segue os log's abaixo:

 

 

Log do ESET:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=6

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.5886

# api_version=3.0.2

# EOSSerial=f8c8985c8e7f304987a0fb3872cbde65

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-07-19 03:53:42

# local_time=2009-07-19 12:53:42 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1046

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1281 37 100 0 215311821250000

# compatibility_mode=1797 37 100 100 331078593750

# scanned=52508

# found=0

# cleaned=0

# scan_time=2264

 

 

 

Log do Avenger:

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

Folder "C:\32788R22FWJFW.0.tmp" deleted successfully.

Folder "c:\arquivos de programas\Ask Search Assistant" deleted successfully.

 

Error: folder "c:\arquivos de programas\DNA" not found!

Deletion of folder "c:\arquivos de programas\DNA" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Log do Hijack This:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:13:53, on 19/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Edenilson & Beth\Desktop\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS3\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS4\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O17 - HKLM\System\CS5\Services\Tcpip\..\{36772B62-7D42-4488-891A-1C8FE7490D66}: NameServer = 192.168.254.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

[Power Max 54]

:seta: Foram removidos alguns problemas pelo Avenger, mas faltaram estes itens em destaque abaixo para serem removidos:

 

c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA

 

c:\windows\nod32fixtemdono.reg

c:\windows\nod32restoretemdono.reg

c:\windows\HideWin.exe

 

Exclua o primeiro log do Avenger que está em C:\avenger.txt

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Folders to delete:

c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA

 

Files to delete:

c:\windows\nod32fixtemdono.reg

c:\windows\nod32restoretemdono.reg

c:\windows\HideWin.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*Poste o relatório que será criado em C:\avenger.txt e nos diga como está o seu PC depois disto.

[edensl 0]

Antonio obrigado novamente pela força. Fiz a exclusao do ultimo log do Avenger e seguir as intrucoes q você me passou. Meu pc nao esta travando mais, mas ainda oscila muito no uso da cpu.

 

Segue o Log do Avenger:

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: folder "c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA" not found!

Deletion of folder "c:\documents and settings\Edenilson & Beth\Dados de aplicativos\DNA" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\nod32fixtemdono.reg" not found!

Deletion of file "c:\windows\nod32fixtemdono.reg" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\nod32restoretemdono.reg" not found!

Deletion of file "c:\windows\nod32restoretemdono.reg" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\HideWin.exe" not found!

Deletion of file "c:\windows\HideWin.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[Power Max 54]

Meu pc nao esta travando mais, mas ainda oscila muito no uso da cpu.

:seta: Há um processo do Kaspersky que está rodando no seu PC e que pode ficar consumindo inutilmente a memória de seu PC. Desinstale o Kaspersky (se você ainda não tiver feito isto).

 

E faça também o seguinte:

 

:seta: Abra o Bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto dentro do Quote (caixa branca abaixo):

 

@echo off

sc stop avp

sc delete avp

exit

 

No Bloco de notas, clique no menu Arquivo > Salvar Como ... > Em Nome do arquivo digite:

 

fix.bat

 

E na opção Salvar como tipo: escolha a opção Todos os arquivos > escolha a opção de salvá-lo no Desktop (área de trabalho) e clique no botão Salvar, conforme mostra esta imagem:

 

 

# Dê um duplo clique em fix.bat

# Espere o bat terminar de executar.

_____________________________________________________________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

MV AntiSpy

 

SpywareBlaster

 

Siga também as dicas deste tutorial:

 

Dicas para deixar seu computador mais rápido e eficiente

_____________________________________________________________________________________

 

:seta: Depois de seguir as dicas acima nos diga, por gentileza, como está o seu PC e se o problema foi resolvido. Ficamos no aguardo.

[edensl 0]

Antonio, valeu por todas as dicas e por tudo,

 

A oscilação diminuiu, mas agora eu acho que agora são as atividades normais do processador.

 

Fiz o arquivo fix.bat e executei. criei ponto de restauracao e agora acho q vai dar tudo certo.

 

Valeu a forca!

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.