[Resolvido!] Não consigo instalar um antivirus

[Bruno Carazato 0]

avira:

 

 

 

Avira AntiVir Personal

Report file date: terça-feira, 20 de outubro de 2009 21:53

 

Scanning for 1809849 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : OLIVEIRA-90A6E5

 

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 29/7/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/7/2009 16:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 12:21:42

ANTIVIR2.VDF : 7.1.6.112 4833792 Bytes 15/10/2009 23:38:41

ANTIVIR3.VDF : 7.1.6.129 164864 Bytes 20/10/2009 23:38:42

Engineversion : 8.2.1.42

AEVDF.DLL : 8.1.1.2 106867 Bytes 20/10/2009 23:38:58

AESCRIPT.DLL : 8.1.2.38 487804 Bytes 20/10/2009 23:38:57

AESCN.DLL : 8.1.2.5 127346 Bytes 20/10/2009 23:38:56

AERDL.DLL : 8.1.3.2 479604 Bytes 20/10/2009 23:38:55

AEPACK.DLL : 8.2.0.1 422263 Bytes 20/10/2009 23:38:52

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/7/2009 12:59:39

AEHEUR.DLL : 8.1.0.167 2011511 Bytes 20/10/2009 23:38:50

AEHELP.DLL : 8.1.7.0 237940 Bytes 20/10/2009 23:38:46

AEGEN.DLL : 8.1.1.68 364918 Bytes 20/10/2009 23:38:45

AEEMU.DLL : 8.1.1.0 393587 Bytes 20/10/2009 23:38:44

AECORE.DLL : 8.1.8.1 184693 Bytes 20/10/2009 23:38:43

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 13:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 18:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 18:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 13:19:48

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: delete

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: terça-feira, 20 de outubro de 2009 21:53

 

Starting search for hidden objects.

'67445' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'GameMon.des' - '1' Module(s) have been scanned

Scan process 'GameGuard.des' - '1' Module(s) have been scanned

Scan process 'GunBound.gme' - '1' Module(s) have been scanned

Scan process 'GunBound.gme' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'igfxtray.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

31 processes with 31 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '41' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Disco Local>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b274e34.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Arquivos de programas\Cabal Yes\LauncherYes.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4b534e70.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Arquivos de programas\Windows Media Components\Encoder\wmenc.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b434f0f.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b4e4f12.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno\Configurações locais\Temp\Rar$EX00.562\HShleld\d3dx9_33.dll

[DETECTION] Is the TR/Spy.1187840 Trojan

[NOTE] A backup was created as '4b424f4a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.FAM-A4515AF42A5\Configurações locais\Temp\RarSFX2\basic\fact.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b4150c9.qua' ( QUARANTINE )

[NOTE] The file was repaired!

C:\Documents and Settings\Bruno.FAM-A4515AF42A5\Desktop\ScratchInstaller1.4.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b505100.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\givu.exe

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] A backup was created as '4b545116.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\qcaqaq.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

[NOTE] A backup was created as '4b3f5111.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\sl_104.dat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b3d511b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\vwye.exe

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] A backup was created as '4b575126.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\w3db7c.exe

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b4250e2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\windvup.exe

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] A backup was created as '4b4c5118.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\winpxghgx.exe

[DETECTION] Is the TR/Spy.Gen Trojan

[NOTE] A backup was created as '4a157619.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\RarSFX0\basic\sched.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b465115.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\RarSFX0\basic\setup.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b525117.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\RarSFX0\basic\update.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b425122.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\RarSFX0\basic\vcredist_x86.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b505115.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temp\RarSFX0\basic\wsctool.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b415126.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Dados de aplicativos\Thinstall\Dicionário eletrônico Houaiss\4000002ec00002h\Houaiss.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4b535194.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Fabio e Rosangela\Configurações locais\Temp\winxhwe.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

[NOTE] A backup was created as '4b4c51d4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b3d524f.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

Begin scan in 'D:\' <dados>

D:\Meus Documentos\Bruno\Jogos\Cabal pirata\Cabal Yes\cabalyespatchV3.5.exe

[0] Archive type: RAR SFX (self extracting)

--> LauncherYes.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4b40537a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\Meus Documentos\Bruno\Programas\Bun 4FREE\Burn 4 Free.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b505394.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

D:\Meus Documentos\Bruno\Programas\Scratch\ScratchInstaller1.4.exe

[DETECTION] Contains code of the W32/Sality.Y Windows virus

[NOTE] A backup was created as '4b505382.qua' ( QUARANTINE )

[WARNING] The file could not be repaired!

[NOTE] The file was deleted!

 

 

End of the scan: terça-feira, 20 de outubro de 2009 22:18

Used time: 25:09 Minute(s)

 

The scan has been done completely.

 

7276 Scanned directories

162168 Files were scanned

25 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

24 files were deleted

1 Viruses and unwanted programs were repaired

25 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

162142 Files not concerned

1584 Archives were scanned

13 Warnings

26 Notes

67445 Objects were scanned with rootkit scan

0 Hidden objects were found

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:43, on 20/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-CHR81.lnk = C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Desktop\Virus Removal Tool\is-CHR81\startup.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgemc.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 3143 bytes

 

 

VLW T++

[Power Max 54]

:thumbsup: Outros problemas foram resolvidos pelo Avira.

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

Tutorial do Dr. Web CureIt

 

Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Bruno Carazato 0]

Dr. Web CureIt:

 

 

tid42.tmp\data006;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid42.tmp;Trojan.Packed.650;;

tid42.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid4A.tmp\data008;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid4A.tmp;Trojan.Packed.650;;

tid4A.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid69.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid69.tmp;Trojan.Packed.650;;

tid69.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid6C.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid6C.tmp;Trojan.Packed.650;;

tid6C.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid70.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid70.tmp;Trojan.Packed.650;;

tid70.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid71.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid71.tmp;Trojan.Packed.650;;

tid71.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid72.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid72.tmp;Trojan.Packed.650;;

tid72.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid73.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid73.tmp;Trojan.Packed.650;;

tid73.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid77.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid77.tmp;Trojan.Packed.650;;

tid77.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid7B.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid7B.tmp;Trojan.Packed.650;;

tid7B.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid7C.tmp\data004;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid7C.tmp;Trojan.Packed.650;;

tid7C.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid7F.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid7F.tmp;Trojan.Packed.650;;

tid7F.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid80.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid80.tmp;Trojan.Packed.650;;

tid80.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid82.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid82.tmp;Trojan.Packed.650;;

tid82.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid87.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid87.tmp;Trojan.Packed.650;;

tid87.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid89.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid89.tmp;Trojan.Packed.650;;

tid89.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid8C.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid8C.tmp;Trojan.Packed.650;;

tid8C.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid8E.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid8E.tmp;Trojan.Packed.650;;

tid8E.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid91.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid91.tmp;Trojan.Packed.650;;

tid91.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid93.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid93.tmp;Trojan.Packed.650;;

tid93.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

tid94.tmp\data005;C:\Documents and Settings\Bruno_2\Configurações locais\Temp\tid94.tmp;Trojan.Packed.650;;

tid94.tmp;C:\Documents and Settings\Bruno_2\Configurações locais\Temp;A pasta contem objectos infectados;Movido.;

MrHack.exe\data004;C:\Documents and Settings\Bruno_2\Dados de aplicativos\GatherBird\GatherBird Setup Creator\2.0.0.0\MySetups\MrHack.exe;Trojan.Packed.650;;

MrHack.exe;C:\Documents and Settings\Bruno_2\Dados de aplicativos\GatherBird\GatherBird Setup Creator\2.0.0.0\MySetups;A pasta contem objectos infectados;Movido.;

~mr.bruninhoh~_hack.exe\data008;C:\Documents and Settings\Bruno_2\Dados de aplicativos\GatherBird\GatherBird Setup Creator\2.0.0.0\MySetups\~mr.bruninhoh~_hack;Trojan.Packed.650;;

~mr.bruninhoh~_hack.exe;C:\Documents and Settings\Bruno_2\Dados de aplicativos\GatherBird\GatherBird Setup Creator\2.0.0.0\MySetups;A pasta contem objectos infectados;Movido.;

 

 

 

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:41:30, on 21/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgemc.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 3325 bytes

 

 

Sinto meu computador bem melhor....Os programas e jogos q davam problema n dão mais....a unica coisa é q algumas páginas de alguns foruns n aparecem por completa.....mas isso é o de menos...muito obrigado por tudo....se tiver q fazer mais algo é só falar q eu faço...

[Power Max 54]

:thumbsup: Vários outros problemas foram resolvidos pelo Dr. Web CureIt.

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Bruno Carazato 0]

Log do Nod:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6210

# api_version=3.0.2

# EOSSerial=c19e74fce0791d498589d798f2f0b49c

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-10-23 11:54:43

# local_time=2009-10-23 09:54:43 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 129501 129501 0 0

# compatibility_mode=1797 16775125 100 100 0 31804470 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=81662

# found=3

# cleaned=3

# scan_time=2853

C:\Documents and Settings\Bruno.FAM-A4515AF42A5\Dados de aplicativos\RipIt4Me\updater\ri4mupdater.exe a variant of Win32/Sality virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Bruno.OLIVEIRA-90A6E5\Configurações locais\Temporary Internet Files\Content.IE5\49MB4H27\FindyKill[1].exe a variant of Win32/Sality virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\HiJackThis\HiJackThis.exe probably a variant of Win32/Bifrose trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

 

 

log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:27:44, on 23/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgemc.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 3429 bytes

Meu computador n tem nem comparação como antigamente...está muito melhor,muito Obrigado! E o erro q eu tinha dito na rasposta acima sobre algumas paginas de forum q n abre....n ta acontecendo mais...ta abrindo sim!!! tudo voltou ao normal...obrigado t+

[Power Max 54]

Meu computador n tem nem comparação como antigamente...está muito melhor,muito Obrigado! E o erro q eu tinha dito na rasposta acima sobre algumas paginas de forum q n abre....n ta acontecendo mais...ta abrindo sim!!! tudo voltou ao normal...obrigado t+

:) Ficamos felizes que o problema foi resolvido. Só há mais estes passos importantes a serem feitos:

 

:seta: Ainda há uns restos do Avg no seu PC. Para remover completamente o Avg de seu computador você pode usar o desinstalador que o Avg oferece:

 

AVG Remover(32bit) - Use esta opção se o seu sistema for de 32 bit:

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

 

AVG Remover(64bit) - Use esta opção se o seu sistema for de 64 bit:

http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

______________________________________

 

:seta: Depois de usar o desinstalador acima, instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

Ccleaner

 

MV RegClean

 

MV AntiSpy

 

Auslogics Disk Defrag

 

SpywareBlaster

______________________________________

 

:seta: O seu navegador está desatualizado. Baixe e instale o novo Internet Explorer 8.

______________________________________

 

:seta: Se o se Windows for original, baixe e instale o Service Pack 3:

http://superdownloads.uol.com.br/download/61/windows-service-pack/

______________________________________

 

:seta: Depois disso, volte no local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________________________

 

:thumbsup: Foi um prazer ajudar. Conte sempre conosco!

[Bruno Carazato 0]

Ok...muito obrigado por tudo....a se fosse de pessoas como você que se faz o mundo....

 

 

Grato,

Bruno

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.