Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Jefferson S. N. Rocha

[Arquivado] IE 8 não fecha normal, só no Ctrl+Alt+Del

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:50, on 1/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\WINDOWS\System32\svchost.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Arquivos de programas\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Arquivos de programas\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Arquivos de programas\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Arquivos de programas\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6816 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá Jefferson! Seja bem-vindo ao Fórum Imasters.

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3091

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

3/11/2009 15:18:56

mbam-log-2009-11-03 (15-18-56).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|)

Objetos verificados: 317553

Tempo decorrido: 1 hour(s), 45 minute(s), 31 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 35

Valores do Registro infectados: 2

Ítens do Registro infectados: 0

Pastas infectadas: 10

Arquivos infectados: 12

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\Dados de aplicativos (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Arquivos de programas\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Configurações locais\Apps\2.0\6A9009V2.80G\56M7067A.2Q3\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406d71b53cc551\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Configurações locais\Apps\2.0\6A9009V2.80G\56M7067A.2Q3\goog...app_9a8dfcd080ccb114_0001.0002_3bbf5ae808760118\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

E:\Jefferson\Programas\Sound Forge 7.0 + KEYGEN + MP3 PLUGIN\Sony.Sound.Forge.v8.0.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\Jefferson\Programas\Sound Forge 7.0 + KEYGEN + MP3 PLUGIN\sonysoundforgev7.0keygenssg\Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Laerte\Dados de aplicativos\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:29:14, on 3/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Arquivos de programas\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6536 bytes

 

----------------------------------------------------------------------

O meu PC está aparentemente normal, como estava antes de eu passar o HiJackthis a 1ª vez...

Mas o IE 8 ainda não fecha quando clico no X, só no Ctrl+Alt+Del mesmo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Vários problemas foram removidos pelo Malwarebytes.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-11-03.01 - Laerte 03/11/2009 18:49.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.687 [GMT -2:00]

Executando de: c:\documents and settings\Laerte\Meus documentos\Downloads\FireFox\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Laerte\CONFIG~1\Temp\install_flash_player.exe

c:\documents and settings\Laerte\Meus documentos\NFS Most Wanted\Nero\_desktop.ini

c:\windows\system32\Cache

e:\downloads\Manhunt\Desktop_.ini

e:\downloads\Manhunt\Traducao manhunt\Desktop_.ini

e:\jefferson\Jogos\Need For Speed (All)\2005_NFSMW\100%\Jogo (Carreira e Desafios)\Nero\_desktop.ini

e:\jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Zerado\Cópia de Segurança\Nero\_desktop.ini

e:\jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Zerado\Nero\_desktop.ini

e:\jefferson\Pen-Drive\clock tray skins\Crack\Desktop_.ini

e:\jefferson\Pen-Drive\clock tray skins\Desktop_.ini

e:\jefferson\Pen-Drive\MP3-Player\NERO\Save\NFSMW\100%\Jogo (Carreira e Desafios)\Nero\_desktop.ini

e:\jefferson\Pen-Drive\MP3-Player\NERO\Save\NFSMW\Zerado\Nero\_desktop.ini

e:\jefferson\Programas\Hackers\BaDBoYv4.2\_desktop.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-03 to 2009-11-03 ))))))))))))))))))))))))))))

.

 

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Malwarebytes

2009-11-03 12:20 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-03 12:20 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-02 11:41 . 2009-11-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Xfire

2009-11-02 11:35 . 2009-11-02 11:35 -------- d-----w- c:\arquivos de programas\TimeSink

2009-11-02 11:33 . 2000-08-07 11:51 204800 ----a-w- c:\windows\tsad.dll

2009-11-01 20:57 . 2009-11-03 17:29 -------- d-----w- C:\HiJackThis

2009-10-30 13:20 . 2009-10-30 13:20 -------- d-----w- c:\arquivos de programas\ModTheSims2.com

2009-10-30 12:27 . 2009-10-30 12:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-10-30 11:50 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-10-30 11:50 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-10-30 11:50 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-10-30 11:50 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-10-30 11:50 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-10-30 11:06 . 2009-10-30 12:30 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-30 10:51 . 2009-10-30 10:51 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-30 10:44 . 2009-10-30 11:02 -------- d-----w- c:\documents and settings\Laerte\Contacts

2009-10-30 10:43 . 2009-10-30 10:43 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-30 10:03 . 2009-10-30 10:03 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\Xfire

2009-10-30 10:02 . 2009-11-03 15:12 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Xfire

2009-10-30 09:41 . 2009-10-30 09:41 -------- d-----w- c:\documents and settings\Laerte\cs

2009-10-29 20:57 . 2009-10-29 20:57 0 ----a-w- c:\windows\nsreg.dat

2009-10-29 20:57 . 2009-10-29 20:57 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\CometNetwork

2009-10-29 20:15 . 2009-10-29 20:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Digsby

2009-10-29 20:12 . 2009-10-29 20:12 35304 ---ha-w- c:\windows\system32\mlfcache.dat

2009-10-29 19:26 . 2009-10-29 19:26 -------- d-----w- c:\windows\l2schemas

2009-10-29 19:26 . 2009-10-29 19:26 -------- d-----w- c:\windows\system32\bits

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-29 19:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-10-29 19:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-10-29 19:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-10-29 19:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-10-29 19:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-10-29 19:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-10-29 19:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-10-29 19:02 . 2009-10-29 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Winferno

2009-10-29 19:00 . 2009-10-29 20:15 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Digsby

2009-10-29 18:59 . 2009-10-29 18:59 -------- d-----w- c:\arquivos de programas\Digsby

2009-10-29 18:59 . 2009-10-29 18:59 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\arquivos de programas\Common Files

2009-10-29 18:57 . 2006-10-09 15:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL

2009-10-29 18:57 . 2006-05-17 10:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL

2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\arquivos de programas\Winferno

2009-10-29 18:54 . 2004-08-04 00:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2009-10-29 18:54 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys

2009-10-29 18:54 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys

2009-10-29 18:54 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys

2009-10-29 18:49 . 2009-10-29 19:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-10-29 18:06 . 2009-10-29 18:06 -------- d-sh--w- c:\documents and settings\Laerte\PrivacIE

2009-10-29 18:06 . 2009-10-29 18:06 -------- d-sh--w- c:\documents and settings\Laerte\IECompatCache

2009-10-29 17:20 . 2009-10-29 17:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-10-29 17:20 . 2009-10-29 17:20 -------- d-sh--w- c:\documents and settings\Laerte\IETldCache

2009-10-29 17:17 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-10-29 17:17 . 2009-10-30 12:07 -------- d-----w- c:\windows\ie8updates

2009-10-29 17:17 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-10-29 17:17 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-10-29 17:17 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-10-29 17:17 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-10-29 17:17 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-10-29 17:17 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-10-29 17:16 . 2009-10-29 19:26 -------- d-----w- c:\windows\system32\pt-BR

2009-10-29 17:16 . 2009-10-29 17:17 -------- dc-h--w- c:\windows\ie8

2009-10-29 15:20 . 2009-10-29 15:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-10-29 14:34 . 2009-10-29 19:24 -------- d-----w- c:\windows\ServicePackFiles

2009-10-29 14:32 . 2009-10-29 14:32 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-10-29 12:52 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-10-29 12:52 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-10-29 12:51 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-10-29 12:51 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-10-29 12:51 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-10-29 12:51 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-10-29 12:51 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-10-29 12:51 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-10-29 12:51 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-10-29 12:51 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-10-29 12:51 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-10-29 12:51 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-10-29 12:42 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-10-29 12:39 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-10-29 12:39 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-10-29 12:37 . 2009-09-06 07:10 128512 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2009-10-29 12:34 . 2009-05-21 18:48 268288 -c----w- c:\windows\system32\dllcache\httpext.dll

2009-10-29 12:19 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-10-29 12:18 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-10-29 12:18 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-10-29 12:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-10-29 12:16 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-10-29 11:12 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-10-29 11:01 . 2009-10-29 11:01 -------- d-sh--w- c:\documents and settings\Laerte\UserData

2009-10-29 10:50 . 2009-02-13 16:22 95576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-29 10:50 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-29 10:50 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-29 10:50 . 2009-10-29 10:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-10-29 10:50 . 2009-10-29 10:50 -------- d-----w- c:\arquivos de programas\Avira

2009-10-29 10:18 . 2009-10-30 12:09 -------- d--h--w- c:\windows\$hf_mig$

2009-10-28 14:16 . 1996-01-09 10:38 283648 ----a-w- c:\windows\uninst.exe

2009-10-27 15:54 . 2005-10-07 20:38 225280 ----a-w- c:\windows\system32\lame_enc.dll

2009-10-25 21:44 . 2009-10-25 21:44 -------- d-----w- c:\windows\Applian FLV Player

2009-10-25 21:44 . 2009-10-25 21:44 -------- d-----w- c:\arquivos de programas\FLV Player

2009-10-25 20:57 . 2009-10-25 20:57 -------- d-----w- c:\arquivos de programas\GoldWave

2009-10-25 11:42 . 2009-10-25 11:42 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-10-25 10:16 . 2009-10-25 10:16 108421 ----a-w- c:\windows\Thumbplug TGA Uninstaller.exe

2009-10-25 10:16 . 2009-10-25 10:16 -------- d-----w- c:\arquivos de programas\Thumbplug TGA

2009-10-24 21:11 . 2009-10-24 21:11 -------- d-----w- C:\PenClean

2009-10-22 19:56 . 2007-11-13 11:31 399360 ----a-w- c:\windows\system32\Smab.dll

2009-10-22 19:56 . 2006-04-05 10:09 66560 ----a-w- c:\windows\MOTA113.exe

2009-10-22 19:56 . 2005-07-14 14:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll

2009-10-22 19:56 . 2004-01-25 02:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2009-10-22 19:56 . 2005-02-28 15:16 240128 ----a-w- c:\windows\system32\x.264.exe

2009-10-22 19:56 . 2006-10-07 19:43 502784 ----a-w- c:\windows\x2.64.exe

2009-10-22 19:56 . 2006-04-12 11:47 217073 ----a-w- c:\windows\meta4.exe

2009-10-22 19:56 . 2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll

2009-10-22 19:56 . 2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll

2009-10-22 19:56 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2009-10-22 19:56 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2009-10-22 19:54 . 2009-10-22 19:54 -------- d-----w- c:\arquivos de programas\eRightSoft

2009-10-22 12:10 . 2009-10-22 12:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-10-22 12:10 . 2009-10-22 12:10 -------- d-----w- c:\arquivos de programas\Nero

2009-10-22 11:54 . 2009-10-31 15:09 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Ahead

2009-10-22 11:54 . 2009-10-22 11:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-10-22 11:53 . 2009-10-22 12:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-03 17:36 . 2009-10-20 12:57 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Winamp

2009-10-30 12:13 . 2003-04-08 11:00 527066 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 12:13 . 2003-04-08 11:00 101086 ----a-w- c:\windows\system32\perfc016.dat

2009-10-24 23:38 . 2009-10-20 11:41 -------- d-----w- c:\arquivos de programas\ESET

2009-10-23 15:51 . 2009-10-20 11:47 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-20 12:59 . 2009-10-20 12:57 -------- d-----w- c:\arquivos de programas\Winamp

2009-10-20 11:51 . 2009-10-20 11:51 -------- d-----w- c:\arquivos de programas\C-Media 3D Audio

2009-10-20 11:47 . 2009-10-20 11:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-10-20 11:37 . 2009-10-20 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-20 11:37 . 2009-10-20 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-10-20 11:21 . 2009-10-20 11:21 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-10-20 11:19 . 2009-10-20 11:19 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-10-20 11:18 . 2009-10-20 11:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-10-20 11:17 . 2009-10-20 11:17 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-09-11 14:19 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:57 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 02:45 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-06 21:24 . 2009-10-20 11:18 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 21:24 . 2009-10-20 11:18 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 21:24 . 2009-10-20 11:18 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 21:24 . 2008-10-16 16:09 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 21:24 . 2009-10-20 11:18 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 21:24 . 2004-08-04 02:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 21:23 . 2009-10-20 11:18 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 21:23 . 2009-10-20 11:18 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2006-05-03 10:06 . 2009-10-22 19:56 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-10-22 19:56 31232 --sh--r- c:\windows\system32\msfDX.dll

2007-12-17 13:43 . 2009-10-22 19:56 27648 --sh--w- c:\windows\system32\Smab0.dll

2008-02-04 19:26 . 2009-10-22 19:56 151040 --sh--w- c:\windows\system32\VistaUltm.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"Google Update"="c:\documents and settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"awxDTools"="c:\arquiv~1\arniWORX\AWXDTO~1\awxDTools.dll" [2005-03-17 126976]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-07-01 37888]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"CloneCDElbyCDFL"="c:\arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]

"CloneCDTray"="c:\arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 57344]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-10-20 282624]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Laerte\Menu Iniciar\Programas\Inicializar\

USB FireWall.exe [2008-9-1 1330688]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-21 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=

"e:\\Arquivos de programas\\Valve\\hl.exe"=

"e:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Arquivos de programas\\Xfire\\Xfire.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"e:\\Arquivos de programas\\Garena\\Garena.exe"=

"e:\\Arquivos de programas\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26670:TCP"= 26670:TCP:BitComet 26670 TCP(ED2K)

"26670:UDP"= 26670:UDP:BitComet 26670 UDP(ED2K)

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [29/10/2009 08:50 108289]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [20/10/2009 11:36 12160]

R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [20/10/2009 11:36 16896]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp --> c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp [?]

S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [4/9/2009 11:54 48896]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-11-03 c:\windows\Tasks\PCConfidential.job

- c:\arquivos de programas\Winferno\PC Confidential\PCConfidential.exe [2009-10-29 16:10]

 

2009-11-03 c:\windows\Tasks\RegPowerClean.job

- c:\arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-10-29 16:48]

 

2009-11-03 c:\windows\Tasks\RPCReminder.job

- c:\arquivos de programas\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-10-29 16:34]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - e:\arquiv~1\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - e:\arquiv~1\GetRight\xx2gr.dll

FF - ProfilePath - c:\documents and settings\Laerte\Dados de aplicativos\Mozilla\Firefox\Profiles\iqosf9mr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 18:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x860F0AD0]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\atapi -> 0x860f0ad0

Warning: possible MBR rootkit infection !

user & kernel MBR OK

Use "Recovery Console" command "fixmbr" to clear infection !

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp"

.

Tempo para conclusão: 2009-11-03 19:00

ComboFix-quarantined-files.txt 2009-11-03 21:00

 

Pré-execução: 8 pasta(s) 16.508.608.512 bytes disponíveis

Pós execução: 11 pasta(s) 16.671.199.232 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:01:36, on 3/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Arquivos de programas\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 5891 bytes

 

----------------------------------------------------------------------

O meu PC está aparentemente normal, como estava antes...

Mas o IE 8 ainda não fecha quando clico no X...

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Selecione o texto abaixo dentro do Quote (caixa branca abaixo) e copie para o Bloco de notas. Salve-o como CFScript.txt

 

File::

c:\windows\tsad.dll

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

 

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

 

CFScript.gif

 

Se solicitado pressione "Enter" para iniciar o processo de remoção;

 

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

 

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

_______________________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial do Panda Anti-RootKit

_______________________________________

 

:seta: Acesse o site http://virscan.org/'>http://virscan.org/"]http://virscan.org/ e envie estes arquivos destacados em vermelho abaixo para serem analisados (um de cada vez) e anote o link com o resultado do escaneamento deles e poste estes links em sua próxima resposta:

 

c:\windows\system32\Smab0.dll

c:\windows\system32\VistaUltm.dll

c:\windows\system32\XDva281.sys

_______________________________________

 

:seta: Depois disto siga as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\ComboFix.txt, os links com os resultados dos escaneamentos no site VIRScan e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=c7ff734c64089a4bb77d303ada551d2e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-11-05 01:30:09

# local_time=2009-11-05 11:30:09 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775141 100 100 0 32424150 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=211004

# found=33

# cleaned=33

# scan_time=7093

C:\Documents and Settings\Laerte\Meus documentos\Downloads\ComitBird\vdownloader_setup.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\tsad.dll.vir Win32/Adware.TimeSink application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP57\A0014751.dll Win32/Adware.TimeSink application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Arquivos de programas\GetRight\GetRightChannel.exe Win32/Adware.TimeSink application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Animes\AV_Voice_Changer_Software_Diamond_v6.0.10.zip probably a variant of Win32/Genetik trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Animes\Nova pasta\Desbloqueio_Motorola.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Installs\Como Instalar Jogos no Celular\Sony Ericsson\MyPhoneExplorer_Setup_1.6.6.rar a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Ea Fifa Street 2 v1 1 26 Multi5 Motorola Vxxx J2me - CRDPDA\ea fifa street 2 v1.1.26 multi5 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\EA.The.Simpsons.Minutes.To.Meltdown.v4.4.18.MOTOROLA.Vxxx.J2ME.RETAiL-CRDPDA\cx30789a.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Air Strike 1944 v1 0 4 Multi6 Motorola Vxxx J2me - CRDPDA\gameloft air strike 1944 v1.0.4 multi6 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Diamond Rush v1 0 8 Motorola Vxxx J2me - CRDPDA\gameloft diamond rush v1.0.8 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Midnight Casino v1 1 6 Multi6 Motorola Vxxx J2me - CRDPDA\gameloft midnight casino v1.1.6 multi6 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Sexy Vegas v0 2 4 Multi6 Motorola Vxxx J2me - CRDPDA\gameloft sexy vegas v0.2.4 multi6 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Splinter Cell Double Agent v1 0 5 Motorola Vxxx J2me - CRDPDA\gameloft splinter cell double agent v1.0.5 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft The O c v1 0 7 Motorola Vxxx J2me - CRDPDA\gameloft the o.c. v1.0.7 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft Tropical Madness v1 1 3 Motorola Vxxx J2me - CRDPDA\gameloft tropical madness v1.1.3 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft.Bikini.Volleyball.v1.3.8.MOTOROLA.Vxxx.J2ME.RETAiL-CRDPDA\cx30790a.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft.Bubble.Bash.v1.0.4.MOTOROLA.Vxxx.J2ME.RETAiL-CRDPDA\c930009a.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft.Common.Knowledge.Quiz.v1.0.3.MOTOROLA.Vxxx.J2ME.RETAiL-CRDPDA\cx30791a.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Gameloft.Miami.Nights.v1.0.1.MOTOROLA.Vxxx.J2ME.RETAiL-CRDPDA\c930011a.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Rovio War Diary Torpedo v1 47 Multi6 Motorola Vxxx J2me - CRDPDA\rovio war diary torpedo v1.47 multi6 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Celular\Jogos\Todos\MOTOROLA\Viki Vans Codename Prometheus v1 0 2 Motorola Vxxx J2me - CRDPDA\viki vans codename prometheus v1.0.2 motorola vxxx j2me-crdpda.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Coisinhas\fox.video.converter.v8.0.10.26.-patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\ISOs\PC\7 --- Games.iso probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Jogos\Need For Speed (All)\2003_NFSU1\ast2.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Jogos\Need For Speed (All)\2003_NFSU1\NFSUVU.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\Discadores\ig V8.0.exe probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\Discadores\IG 22-06-06.exe probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\GetRight\GetRight4.5e\getrt45d.exe Win32/Adware.Gator.Trickler application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\MegaCubo\Megacubo_3.0-rev21b.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\Nero\Nero 7.1.0.10 ptb\Nero-7.1.0.10_ptb.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\Nero\Nero 7.7.5.1 ptb\Nero 7.7.5.1_ptb_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Jefferson\Programas\Nero\Nero 8\Toolbar.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

------------------------------------------------------------

ComboFix 09-11-04.05 - Laerte 05/11/2009 8:50.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.698 [GMT -2:00]

Executando de: c:\documents and settings\Laerte\Meus documentos\Downloads\FireFox\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Laerte\Meus documentos\Downloads\FireFox\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\tsad.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\tsad.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))

.

 

2009-11-04 11:40 . 2009-11-04 11:42 -------- d-----w- c:\documents and settings\Laerte\dwhelper

2009-11-04 09:50 . 2009-02-13 17:01 79105 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll

2009-11-04 09:50 . 2009-11-04 09:43 79105 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll

2009-11-04 09:50 . 2009-11-04 09:43 404737 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe

2009-11-04 09:50 . 2009-11-04 09:43 345345 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll

2009-11-04 09:50 . 2009-02-27 12:59 8961 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll

2009-11-04 09:50 . 2009-02-24 14:16 117505 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll

2009-11-04 09:50 . 2008-12-05 12:32 126721 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Malwarebytes

2009-11-03 12:20 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-03 12:20 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-02 11:41 . 2009-11-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Xfire

2009-11-02 11:35 . 2009-11-02 11:35 -------- d-----w- c:\arquivos de programas\TimeSink

2009-11-01 20:57 . 2009-11-04 09:08 -------- d-----w- C:\HiJackThis

2009-10-30 13:20 . 2009-10-30 13:20 -------- d-----w- c:\arquivos de programas\ModTheSims2.com

2009-10-30 12:27 . 2009-10-30 12:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-10-30 11:50 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-10-30 11:50 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-10-30 11:50 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-10-30 11:50 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-10-30 11:50 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-10-30 11:06 . 2009-10-30 12:30 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-30 10:51 . 2009-10-30 10:51 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-30 10:44 . 2009-10-30 11:02 -------- d-----w- c:\documents and settings\Laerte\Contacts

2009-10-30 10:43 . 2009-10-30 10:43 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-30 10:03 . 2009-10-30 10:03 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\Xfire

2009-10-30 10:02 . 2009-11-03 15:12 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Xfire

2009-10-30 09:41 . 2009-10-30 09:41 -------- d-----w- c:\documents and settings\Laerte\cs

2009-10-29 20:57 . 2009-10-29 20:57 0 ----a-w- c:\windows\nsreg.dat

2009-10-29 20:57 . 2009-10-29 20:57 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\CometNetwork

2009-10-29 20:15 . 2009-10-29 20:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Digsby

2009-10-29 20:12 . 2009-10-29 20:12 35304 ---ha-w- c:\windows\system32\mlfcache.dat

2009-10-29 19:26 . 2009-10-29 19:26 -------- d-----w- c:\windows\l2schemas

2009-10-29 19:26 . 2009-10-29 19:26 -------- d-----w- c:\windows\system32\bits

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-29 19:03 . 2009-10-29 19:03 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-29 19:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-10-29 19:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-10-29 19:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-10-29 19:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-10-29 19:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-10-29 19:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-10-29 19:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-10-29 19:02 . 2009-10-29 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Winferno

2009-10-29 19:00 . 2009-10-29 20:15 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Digsby

2009-10-29 18:59 . 2009-10-29 18:59 -------- d-----w- c:\arquivos de programas\Digsby

2009-10-29 18:59 . 2009-10-29 18:59 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\arquivos de programas\Common Files

2009-10-29 18:57 . 2006-10-09 15:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL

2009-10-29 18:57 . 2006-05-17 10:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL

2009-10-29 18:57 . 2009-10-29 18:57 -------- d-----w- c:\arquivos de programas\Winferno

2009-10-29 18:54 . 2004-08-04 00:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys

2009-10-29 18:54 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys

2009-10-29 18:54 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys

2009-10-29 18:54 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys

2009-10-29 18:49 . 2009-10-29 19:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-10-29 18:06 . 2009-10-29 18:06 -------- d-sh--w- c:\documents and settings\Laerte\PrivacIE

2009-10-29 18:06 . 2009-10-29 18:06 -------- d-sh--w- c:\documents and settings\Laerte\IECompatCache

2009-10-29 17:20 . 2009-10-29 17:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-10-29 17:20 . 2009-10-29 17:20 -------- d-sh--w- c:\documents and settings\Laerte\IETldCache

2009-10-29 17:17 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-10-29 17:17 . 2009-10-30 12:07 -------- d-----w- c:\windows\ie8updates

2009-10-29 17:17 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-10-29 17:17 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-10-29 17:17 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-10-29 17:17 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-10-29 17:17 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-10-29 17:17 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-10-29 17:16 . 2009-10-29 19:26 -------- d-----w- c:\windows\system32\pt-BR

2009-10-29 17:16 . 2009-10-29 17:17 -------- dc-h--w- c:\windows\ie8

2009-10-29 15:20 . 2009-10-29 15:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-10-29 14:34 . 2009-10-29 19:24 -------- d-----w- c:\windows\ServicePackFiles

2009-10-29 14:32 . 2009-10-29 14:32 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-10-29 12:52 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-10-29 12:52 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-10-29 12:51 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-10-29 12:51 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-10-29 12:51 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-10-29 12:51 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-10-29 12:51 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-10-29 12:51 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-10-29 12:51 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-10-29 12:51 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-10-29 12:51 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-10-29 12:51 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-10-29 12:42 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-10-29 12:39 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-10-29 12:39 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-10-29 12:37 . 2009-09-06 07:10 128512 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2009-10-29 12:34 . 2009-05-21 18:48 268288 -c----w- c:\windows\system32\dllcache\httpext.dll

2009-10-29 12:19 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-10-29 12:18 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-10-29 12:18 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-10-29 12:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-10-29 12:16 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-10-29 11:12 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-10-29 11:01 . 2009-10-29 11:01 -------- d-sh--w- c:\documents and settings\Laerte\UserData

2009-10-29 10:50 . 2009-11-04 10:12 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-29 10:50 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-29 10:50 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-29 10:50 . 2009-10-29 10:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-10-29 10:50 . 2009-10-29 10:50 -------- d-----w- c:\arquivos de programas\Avira

2009-10-29 10:18 . 2009-11-04 03:20 -------- d--h--w- c:\windows\$hf_mig$

2009-10-28 14:16 . 1996-01-09 10:38 283648 ----a-w- c:\windows\uninst.exe

2009-10-27 15:54 . 2005-10-07 20:38 225280 ----a-w- c:\windows\system32\lame_enc.dll

2009-10-25 21:44 . 2009-10-25 21:44 -------- d-----w- c:\windows\Applian FLV Player

2009-10-25 21:44 . 2009-10-25 21:44 -------- d-----w- c:\arquivos de programas\FLV Player

2009-10-25 20:57 . 2009-10-25 20:57 -------- d-----w- c:\arquivos de programas\GoldWave

2009-10-25 11:42 . 2009-10-25 11:42 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-10-25 10:16 . 2009-10-25 10:16 108421 ----a-w- c:\windows\Thumbplug TGA Uninstaller.exe

2009-10-25 10:16 . 2009-10-25 10:16 -------- d-----w- c:\arquivos de programas\Thumbplug TGA

2009-10-24 21:11 . 2009-10-24 21:11 -------- d-----w- C:\PenClean

2009-10-22 19:56 . 2007-11-13 11:31 399360 ----a-w- c:\windows\system32\Smab.dll

2009-10-22 19:56 . 2006-04-05 10:09 66560 ----a-w- c:\windows\MOTA113.exe

2009-10-22 19:56 . 2005-07-14 14:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll

2009-10-22 19:56 . 2004-01-25 02:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2009-10-22 19:56 . 2005-02-28 15:16 240128 ----a-w- c:\windows\system32\x.264.exe

2009-10-22 19:56 . 2006-10-07 19:43 502784 ----a-w- c:\windows\x2.64.exe

2009-10-22 19:56 . 2006-04-12 11:47 217073 ----a-w- c:\windows\meta4.exe

2009-10-22 19:56 . 2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll

2009-10-22 19:56 . 2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll

2009-10-22 19:56 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-04 18:41 . 2009-10-20 12:57 -------- d-----w- c:\documents and settings\Laerte\Dados de aplicativos\Winamp

2009-11-04 10:12 . 2009-10-20 11:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-10-30 12:13 . 2003-04-08 11:00 527066 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 12:13 . 2003-04-08 11:00 101086 ----a-w- c:\windows\system32\perfc016.dat

2009-10-24 23:38 . 2009-10-20 11:41 -------- d-----w- c:\arquivos de programas\ESET

2009-10-23 15:51 . 2009-10-20 11:47 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-21 16:34 . 2009-10-20 11:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-10-20 12:59 . 2009-10-20 12:57 -------- d-----w- c:\arquivos de programas\Winamp

2009-10-20 11:51 . 2009-10-20 11:51 -------- d-----w- c:\arquivos de programas\C-Media 3D Audio

2009-10-20 11:47 . 2009-10-20 11:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-10-20 11:37 . 2009-10-20 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-10-20 11:37 . 2009-10-20 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-10-20 11:21 . 2009-10-20 11:21 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-10-20 11:19 . 2009-10-20 11:19 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-10-20 11:18 . 2009-10-20 11:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-10-20 11:17 . 2009-10-20 11:17 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-09-11 14:19 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:57 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 02:45 247326 ----a-w- c:\windows\system32\strmdll.dll

2006-05-03 10:06 . 2009-10-22 19:56 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-10-22 19:56 31232 --sh--r- c:\windows\system32\msfDX.dll

2007-12-17 13:43 . 2009-10-22 19:56 27648 --sh--w- c:\windows\system32\Smab0.dll

2008-02-04 19:26 . 2009-10-22 19:56 151040 --sh--w- c:\windows\system32\VistaUltm.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-11-03_20.59.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-29 10:50 . 2009-11-04 10:12 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2009-10-20 11:45 . 2009-11-05 10:16 230709 c:\windows\system32\inetsrv\MetaBase.bin

- 2009-10-20 11:45 . 2009-11-03 17:20 230709 c:\windows\system32\inetsrv\MetaBase.bin

+ 2009-11-04 03:21 . 2008-07-08 12:58 395128 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll

+ 2009-11-04 03:21 . 2008-07-08 12:58 233336 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe

+ 2004-08-04 02:45 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll

+ 2004-08-04 02:45 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll

+ 2009-11-04 03:21 . 2009-08-29 07:57 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"Google Update"="c:\documents and settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"awxDTools"="c:\arquiv~1\arniWORX\AWXDTO~1\awxDTools.dll" [2005-03-17 126976]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-07-01 37888]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"CloneCDElbyCDFL"="c:\arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]

"CloneCDTray"="c:\arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 57344]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-10-20 282624]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Laerte\Menu Iniciar\Programas\Inicializar\

USB FireWall.exe [2008-9-1 1330688]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-21 113664]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=

"e:\\Arquivos de programas\\Valve\\hl.exe"=

"e:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Arquivos de programas\\Xfire\\Xfire.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"e:\\Arquivos de programas\\Garena\\Garena.exe"=

"e:\\Arquivos de programas\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26670:TCP"= 26670:TCP:BitComet 26670 TCP(ED2K)

"26670:UDP"= 26670:UDP:BitComet 26670 UDP(ED2K)

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [29/10/2009 08:50 108289]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [20/10/2009 11:36 12160]

R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [20/10/2009 11:36 16896]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp --> c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp [?]

S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [4/9/2009 11:54 48896]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-11-05 c:\windows\Tasks\PCConfidential.job

- c:\arquivos de programas\Winferno\PC Confidential\PCConfidential.exe [2009-10-29 16:10]

 

2009-11-05 c:\windows\Tasks\RegPowerClean.job

- c:\arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-10-29 16:48]

 

2009-11-05 c:\windows\Tasks\RPCReminder.job

- c:\arquivos de programas\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-10-29 16:34]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - e:\arquiv~1\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - e:\arquiv~1\GetRight\xx2gr.dll

FF - ProfilePath - c:\documents and settings\Laerte\Dados de aplicativos\Mozilla\Firefox\Profiles\iqosf9mr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-05 08:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86192CF0]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\atapi -> 0x86192cf0

Warning: possible MBR rootkit infection !

user & kernel MBR OK

Use "Recovery Console" command "fixmbr" to clear infection !

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Laerte\CONFIG~1\Temp\DVO3D.tmp"

.

Tempo para conclusão: 2009-11-05 8:56

ComboFix-quarantined-files.txt 2009-11-05 10:56

ComboFix2.txt 2009-11-03 21:00

 

Pré-execução: 9 pasta(s) 16.056.778.752 bytes disponíveis

Pós execução: 11 pasta(s) 16.085.229.568 bytes disponíveis

 

------------------------------------------------------------

c:\windows\system32\Smab0.dll - http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

c:\windows\system32\VistaUltm.dll - http://virscan.org/report/ad171a4a2e18383c32cee4982ea69e21.html

c:\windows\system32\XDva281.sys - http://img695.imageshack.us/img695/6524/naoencontrado.jpg

 

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:01, on 5/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Arquivos de programas\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6490 bytes

 

------------------------------------------------------------

Tirando alguns arquivos perdidos que foram (ou já estavam) infectados, tudo normal...

Mas o IE 8 não mudou nada... ainda só fecha no Ctrl+Alt+Del :wacko:

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Vários problemas foram removidos do seu PC.

___________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

___________________________________

 

:seta: Depois disto, configure o seu antivirus Avira Antivir seguindo as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

____________________________________________________________

 

:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com o log do Kaspersky Virus Removal Tool e um novo log do Hijackthis para que eles possam ser analizados e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Avira AntiVir Personal

Report file date: sábado, 7 de novembro de 2009 19:07

 

Scanning for 1862988 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : SERVIDOR

 

Version information:

BUILD.DAT : 9.0.0.410 18074 Bytes 25/9/2009 11:56:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 4/11/2009 10:12:02

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 12:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 13:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 12:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:50:58

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 16:50:58

ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 28/10/2009 16:41:44

ANTIVIR3.VDF : 7.1.6.185 221184 Bytes 3/11/2009 18:57:18

Engineversion : 8.2.1.53

AEVDF.DLL : 8.1.1.2 106867 Bytes 15/9/2009 18:58:02

AESCRIPT.DLL : 8.1.2.43 528764 Bytes 30/10/2009 16:38:32

AESCN.DLL : 8.1.2.5 127346 Bytes 3/9/2009 18:24:42

AERDL.DLL : 8.1.3.2 479604 Bytes 3/10/2009 01:15:48

AEPACK.DLL : 8.2.0.2 422263 Bytes 22/10/2009 18:50:06

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/6/2009 17:32:46

AEHEUR.DLL : 8.1.0.173 2064760 Bytes 28/10/2009 17:11:42

AEHELP.DLL : 8.1.7.0 237940 Bytes 3/9/2009 18:24:42

AEGEN.DLL : 8.1.1.70 364917 Bytes 28/10/2009 17:11:40

AEEMU.DLL : 8.1.1.0 393587 Bytes 3/10/2009 01:15:48

AECORE.DLL : 8.1.8.1 184693 Bytes 15/9/2009 18:57:58

AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 13:49:34

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 10:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 4/11/2009 10:12:02

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 16:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 12:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 4/11/2009 10:12:02

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 12:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 17:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 10:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 12:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 4/11/2009 10:12:02

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/11/2009 10:12:02

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: delete

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, E:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Start of the scan: sábado, 7 de novembro de 2009 19:07

 

Starting search for hidden objects.

'48657' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'CometBird.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'inetinfo.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'USB FireWall.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'winampa.exe' - '1' Module(s) have been scanned

Scan process 'daemon.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

31 processes with 31 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP23\A0002579.exe

[DETECTION] Contains recognition pattern of the SPR/Destart.A program

[NOTE] A backup was created as '4b25e538.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP48\A0011007.exe

[DETECTION] Contains recognition pattern of the DR/MartShop.1 dropper

[NOTE] A backup was created as '4b25e5dd.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'D:\'

D:\System Volume Information\_restore{2C5A6698-71DF-4FE5-A7DD-940B5E12068D}\RP29\A0029365.exe

[DETECTION] Is the TR/Spy.415744 Trojan

[NOTE] A backup was created as '4b25e96a.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'E:\'

E:\Arquivos de programas\GetRight\GetRightChannel.exe

[DETECTION] Contains recognition pattern of the ADSPY/Agent.86161.A adware or spyware

[NOTE] A backup was created as '4b69ea1e.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Arquivos de programas\GetRight\TSUninstaller.exe

[DETECTION] Contains recognition pattern of the ADSPY/TSADB.A adware or spyware

[NOTE] A backup was created as '4b4aea0c.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Downloads\Beavis and Butthead Virtual Stupidity.zip

[0] Archive type: ZIP

--> bbvs.exe

[1] Archive type: ACE SFX (self extracting)

--> BBAIRG\BBAIRG.000

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> BBANT\BBANT.000

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

E:\Jefferson\Jogos\DOS\ZIPs\flashback.zip

[0] Archive type: ZIP

--> fbt.r00

[1] Archive type: RAR

--> DATA\LEVEL4.MAP

[WARNING] No further files can be extracted from this archive. The archive will be closed

E:\Jefferson\Jogos\Need For Speed (All)\2003_NFSU1\nfsupart4.zip

[0] Archive type: ZIP

--> NFSU_Part_Swapper.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4b68f6eb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2003_NFSU1\nfsuunlk.zip

[0] Archive type: ZIP

--> nfsuunlk.exe

[DETECTION] Is the TR/Virtl.7078 Trojan

[NOTE] A backup was created as '4a0c89ec.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\BMW_850i.rar

[0] Archive type: RAR

--> BMW 850i\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> BMW 850i\NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b4cf6d5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Buick_Roadmaster_49.rar

[0] Archive type: RAR

--> Buick Roadmaster 49\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> Buick Roadmaster 49\NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b5ef6fe.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\ferrari360.zip

[0] Archive type: ZIP

--> ferrari360/install.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b67f6ee.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\FerrariF430.zip

[0] Archive type: ZIP

--> Ferrari F430/NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b67f6f0.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Ferrari_Enzo.rar

[0] Archive type: RAR

--> Ferrari Enzo\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> Ferrari Enzo\NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b67f6f1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\H2.zip

[0] Archive type: ZIP

--> H2/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> H2/NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b23f6be.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Honda_Civic_SI_Coupe.rar

[0] Archive type: RAR

--> Honda_Civic_SI_Coupe\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> Honda_Civic_SI_Coupe\NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b63f6fb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\NFSMW_MegaTrainer_1.2.zip

[0] Archive type: ZIP

--> NFSMW-MegaTrainer.CAB

[1] Archive type: CAB (Microsoft)

--> NFSMW-MegaTrainer.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4b48f6d4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\NFSMW_MegaTrainer_1.3.zip

[0] Archive type: ZIP

--> NFSMW-MegaTrainer.CAB

[1] Archive type: CAB (Microsoft)

--> NFSMW-MegaTrainer.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4a2c89d5.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\R34.zip

[0] Archive type: ZIP

--> R34/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> R34/NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b29f6c2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\Need For Speed (All)\2005_NFSMW\Skyline_R34_DTM_Edition.rar

[0] Archive type: RAR

--> Skyline R34 DTM Edition\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> Skyline R34 DTM Edition\NFSMW MOD LOADER.exe

[1] Archive type: NSIS

--> [unknownDir]/d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b6ef6fb.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Jogos\W3-Patchs\KeyGen W3ROC\by.CLASS\runonce.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b63f789.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Programas\Bagulhos\NFSMW_Mods\rus\nfsmw_lada_2106 (Lexus).rar

[0] Archive type: RAR

--> NFSMW Lada 2106\d3d9.dll

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] A backup was created as '4b68f8df.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Programas\Calculadora_Crux_v50\Calculadora_Crux_v50.zip

[0] Archive type: ZIP

--> CruxCalc_v5_Setup.exe

[DETECTION] Contains recognition pattern of the DR/VB.kqn dropper

--> [ProgramFilesDir]/Crux Calculator v5/Crux_Calc.exe

[DETECTION] Is the TR/VB.kqn Trojan

[NOTE] A backup was created as '4b61f8e8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\Jefferson\Programas\Calculadora_Crux_v50\CruxCalc_v5_Setup.exe

[0] Archive type: NSIS

[DETECTION] Contains recognition pattern of the DR/VB.kqn dropper

--> [ProgramFilesDir]/Crux Calculator v5/Crux_Calc.exe

[DETECTION] Is the TR/VB.kqn Trojan

[NOTE] A backup was created as '4b6af8f9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{2C5A6698-71DF-4FE5-A7DD-940B5E12068D}\RP14\A0026980.exe

[DETECTION] Is the TR/Spy.415744 Trojan

[NOTE] A backup was created as '4b25fbda.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP57\A0014891.exe

[DETECTION] Contains recognition pattern of the ADSPY/Agent.86161.A adware or spyware

[NOTE] A backup was created as '4b25fc39.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP59\A0016188.exe

[DETECTION] Contains recognition pattern of the ADSPY/Agent.86161.A adware or spyware

[NOTE] A backup was created as '4b25fce7.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP59\A0016189.exe

[DETECTION] Contains recognition pattern of the ADSPY/TSADB.A adware or spyware

[NOTE] A backup was created as '48435bb8.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP59\A0016256.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] A backup was created as '4b25fce9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

E:\System Volume Information\_restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\RP59\A0016259.exe

[0] Archive type: NSIS

[DETECTION] Contains recognition pattern of the DR/VB.kqn dropper

--> [ProgramFilesDir]/Crux Calculator v5/Crux_Calc.exe

[DETECTION] Is the TR/VB.kqn Trojan

[NOTE] A backup was created as '48435bba.qua' ( QUARANTINE )

[NOTE] The file was deleted!

 

 

End of the scan: sábado, 7 de novembro de 2009 21:03

Used time: 1:56:06 Hour(s)

 

The scan has been done completely.

 

13864 Scanned directories

606904 Files were scanned

38 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

28 files were deleted

0 Viruses and unwanted programs were repaired

28 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

606864 Files not concerned

11509 Archives were scanned

6 Warnings

30 Notes

48657 Objects were scanned with rootkit scan

0 Hidden objects were found

 

------------------------------------------------------------

Log do Kaspersky - http://www.jesonero.site90.net/temp/kaspersky_log.txt

Tamanho: 190.393.793 bytes (189 Mb)

Se não der para ver o arquivo, me diga outro jeito de mostrar ele a você...

Não quiz floodar só para postar ele aqui no forum... :upset:

 

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:12:49, on 8/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\WinAmp Controller\Wc 2.exe

C:\ARQUIVOS DE PROGRAMAS\WINAMP\Winamp.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Arquivos de programas\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6394 bytes

 

------------------------------------------------------------

:no: Não mudou nada aparentemente...

Compartilhar este post


Link para o post
Compartilhar em outros sites
Log do Kaspersky - http://www.jesonero....spersky_log.txt

Tamanho: 190.393.793 bytes (189 Mb)

Se não der para ver o arquivo, me diga outro jeito de mostrar ele a você...

Não quiz floodar só para postar ele aqui no forum...

Quando clico neste link não acontece nada, não baixa o arquivo, não mostra informações, nada.

 

O log dele deve ter ficado grande pelo fato de você não ter feito este passo:

 

* Após completar tudo, clique na aba Events, desmarque a caixa de seleção Show All Events e depois clique em Reports... e clique em Save to file.

 

mas se mesmo não postando esta parte dos Events o log ainda ficar muito grande tente hospedá-lo neste site ou em outro semelhante:

http://www.badongo.com

Compartilhar este post


Link para o post
Compartilhar em outros sites

Do mesmo jeito... tem vez que abro o IE 8 sem querer (to usando o FireFox no momento) e tento fechar ele no X mesmo... as vezes quando coloco para não enviar erro ele fecha, as vezes não, só no Ctrl+Alt+Del...

Compartilhar este post


Link para o post
Compartilhar em outros sites
Do mesmo jeito... tem vez que abro o IE 8 sem querer (to usando o FireFox no momento) e tento fechar ele no X mesmo... as vezes quando coloco para não enviar erro ele fecha, as vezes não, só no Ctrl+Alt+Del...

:seta: Você chegou a usar o Panda Antirootkit conforme lhe orientei em uma resposta anterior? Caso não tenha usado ele, use-o por gentileza.

___________________________________

 

Neste caso desta análise está constando que o arquivo enviado foi o 1.html e não o Smab0.dll, que seria o correto. Deve ser um erro no site. Então envie este arquivo c:\windows\system32\Smab0.dll para ser analizado em algum destes sites:

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

E nos traga o resultado da análise por gentileza.

____________________________________

 

:seta: Siga também as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com o resultado do escaneamento do arquivo Smab0.dll e um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Panda Antirootkit: http://www.jesonero.site90.net/temp/panda.jpg

Virus Total: http://www.virustotal.com/pt/analisis/d4ceed9eeecab9ec14b0bbe3bff53285719295d2c6ba235496c7526890b0a6d2-1255316608

Virus Scan: http://virusscan.jotti.org/pt-br/scanresult/ea3cee5141a02b388bf399e06807a7fe70834baa/02e64ab0fd40ebc224c7f8ec601292b6edd1809d

Virus Chief: http://www.viruschief.com/report.html?report_id=c982bac04c5de3eba3ce90f6d98090bf126109af

 

----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:01, on 15/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 14779 bytes

 

----------

Não pude instalar e passar o Spyware Doctor ainda, mas já estou providenciando isso...

O IE 8 agora já fecha normal no X... mas o problema agora é que fica abrindo centenas de HELPs na tela... chega até a dar erro num arquivo de nome helpctr.exe de tantos que abre...

O que eu devo fazer?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga estes procedimentos nesta sequência:

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

 

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

___________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________

 

:!: Você conhece este UsbFirewall que está iniciando juntamente com o seu Windows?

 

O4 - Startup: USB FireWall.exe

Caso não conheça ou não use pode desinstalá-lo.

___________________________________

 

Não pude instalar e passar o Spyware Doctor ainda, mas já estou providenciando isso...

:seta: Então instale ele por gentileza e faça uma Verificação Completa com ele removendo os problemas que ele encontrar.

___________________________________

 

O IE 8 agora já fecha normal no X... mas o problema agora é que fica abrindo centenas de HELPs na tela... chega até a dar erro num arquivo de nome helpctr.exe de tantos que abre...

É bem provável que a tecla F1 do seu teclado esteja travada. Veja '>http://74.125.47.132/search?q=cache:NyFRJ_JeJtoJ:forum.clubedohardware.com.br/maquina-lenta/438847+%22C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe%22&hl=pt-BR&gl=br&strip=1"]NESTE LINK um caso de um problema idêntico ao seu e onde era esta tecla F1 travada que estava causando o problema.

___________________________________

 

:seta: Faça o download desta ferramenta no link abaixo e salve-a no desktop (área de trabalho):

http://www2.gmer.net/mbr/mbr.exe

Dê um duplo clique sobre ela e será gerado um log que estará na sua área de trabalho. Dê um duplo clique sobre este log (mbr.log) > copie o conteúdo dele e poste-o em sua próxima resposta juntamente com o log do Spyware Doctor e um novo log do Hijackthis e nos diga como está seu PC depois disto.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Você conhece este UsbFirewall que está iniciando juntamente com o seu Windows?
Sim conheço... Ele indica se à virus ou coisas do tipo no PenDrive assim que você pluga ele no PC...
É bem provável que a tecla F1 do seu teclado esteja travada. Veja NESTE'>http://74.125.47.132/search?q=cache:NyFRJ_JeJtoJ:forum.clubedohardware.com.br/maquina-lenta/438847+%22C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe%22&hl=pt-BR&gl=br&strip=1"]NESTE LINK um caso de um problema idêntico ao seu e onde era esta tecla F1 travada que estava causando o problema.
Infelizmente não é a tecla F1 travada...

Já abri e limpei o teclado varias vezes (só hoje umas 12x) e ainda continua o problema...

Essa tecla eu só usava quando jogava Frets on Fire...

Com esse problema, não posso usar as teclas Ctrl+X e Ctrl+S...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

 

----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:03:00, on 16/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Documents and Settings\Laerte\Menu Iniciar\Programas\Inicializar\USB FireWall.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [awxDTools] rundll32 C:\ARQUIV~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laerte\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: USB FireWall.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 5666 bytes

 

----------

Instalei o Spyware Doctor seguindo o Tutorial e a verificação automatica resultou nesse log que eu salvei...

Quando foi 12:45 coloquei para fazer a verificação completa do PC... 5 minutos depois de iniciado a verificação, quando estava verificando o arquivo c:\System Volume Information\_Restore{376F7F9D-D2A1-46E9-B98F-BABA2833133A}\A0023405.dll ele ficou até 16:30 travado nesse arquivo sem dar para mecher no PC (o mouse, o Ctrl+Alt+Del e outras teclas de atalho não funcionavam, nem o Num Lock respondia)... ae resetei o PC para lhe avisar sobre isso e perguntar, isso é normal?

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.