[Arquivado] Teclado e sons alterados

[Hellder 0]

Ha pouco tempo notei que algumas letras do meeu teclado perderam a funcao.Agora digito com dificuldade tendo que pressionar "shift". OS sons emitidos tambem mudaram. Estâo agudos.

 

Pesso a ajuda de algum moderador e desde jà agradeco.

 

Eis o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:09:46, on 17/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\javawz.exe

D:\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

D:\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

D:\Backup cliente\Meus documentos\Helder\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com/?fr=fp-yie8

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornecido por Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\My.Freeze.com Toolbar\freeze_int2.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Arquivos de programas\My.Freeze.com Toolbar\freeze_int2.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\javawz.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Manoel')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [ares] "D:\Ares\Ares.exe" -h (User 'Manoel')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Live Messenger .lnk = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Flash Capture\fciext.dll (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11970 bytes

[Power Max 54]

:thumbsup: Olá Hellder! Seja bem-vindo ao Fórum Imasters.

 

:seta: Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > selecione este programa abaixo e clique no botão Remover > aí é só ir seguindo os passos que o desinstalador vai te passando:

 

My.Freeze.com Toolbar

_________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Arquivos de programas\My.Freeze.com Toolbar\freeze_int2.dll

 

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

 

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Flash Capture\fciext.dll (file missing)

 

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

_________________________________

 

:seta: Baixe e execute o programa abaixo para desativar o Bonjour (que é um item desnecessário e que deixa o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_________________________________

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Folders to delete:

C:\Arquivos de programas\My.Freeze.com Toolbar

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_________________________________

 

:seta: Acesse o site http://virscan.org/ e envie este arquivo destacado em vermelho abaixo para ser analisado:

C:\WINDOWS\javawz.exe

Aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços do seu navegador e poste este link aqui na sua próxima resposta.

_________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com o log que estará em C:\avenger.txt, o link com o resultado do escaneamento do arquivo no site VirSCAN e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[Hellder 0]

Primeiramente, obrigado pela atenção e boas-vindas. :D

Quanto aos problemas no som e teclado infelizmente nada mudou depois dos que fiz os procedimentos sugeridos.

 

Aqui os logs pedidos:

 

-Malwarebytes

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3195

Windows 5.1.2600 Service Pack 2

 

18/11/2009 23:31:02

mbam-log-2009-11-18 (23-31-02).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 218567

Tempo decorrido: 1 hour(s), 18 minute(s), 39 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

- avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: folder "C:\Arquivos de programas\My.Freeze.com Toolbar" not found!

Deletion of folder "C:\Arquivos de programas\My.Freeze.com Toolbar" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

- link do VirSCAN

http://virscan.org/report/2d100f57c72f7d28b8ea51c0049df54f.html

 

- log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:41:09, on 18/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Backup cliente\Meus documentos\Helder\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornecido por Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\javawz.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Manoel')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [ares] "D:\Ares\Ares.exe" -h (User 'Manoel')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Live Messenger .lnk = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11041 bytes

[Power Max 54]

:thumbsup: Alguns problemas foram removidos do seu PC.

__________________________________

 

:seta: Exclua o log do Avenger que está em C:\avenger.txt

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\WINDOWS\javawz.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\javawz.exe

_________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\avenger.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[Hellder 0]

O Teclado funciona normalmente assim que o computador è ligaado. Mas ele para logo em seguida. A saida de som continua aguda. Eu troquei das caixas para o monitor mas nada aconteceu.

 

Abaixo os logs pedidos.

 

-log do Nod32

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e5bcd566c4abbf4eb23a81d4bca88810

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-11-20 01:42:14

# local_time=2009-11-19 11:42:14 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775125 100 98 0 194046063 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=56781

# found=1

# cleaned=1

# scan_time=2071

C:\autorun.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e5bcd566c4abbf4eb23a81d4bca88810

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-11-20 03:04:59

# local_time=2009-11-20 01:04:59 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775141 100 98 0 194048226 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=100172

# found=2

# cleaned=2

# scan_time=4836

D:\autorun.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

 

C:\avenger.txt

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

File "C:\WINDOWS\javawz.exe" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

-log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:16:38, on 20/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

D:\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

D:\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

D:\Backup cliente\Meus documentos\Helder\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornecido por Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Manoel')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [ares] "D:\Ares\Ares.exe" -h (User 'Manoel')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Live Messenger .lnk = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11560 bytes

[Power Max 54]

:thumbsup: Outros problemas foram removidos.

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

Tutorial do Usbfix

 

Tutorial do Spyware Doctor Starter Edition

 

Poste o log do Spyware Doctor, o log do Usbfix que estará em C:\UsbFix.txt e um novo log do Hijackthis e nos diga como está o PC após estes procedimentos.

 

Ficamos no aguardo.

[Hellder 0]

O link pra download do usbfix nâo funciona. Baixei o Spyware Doctor Starter Edition e escaneei o pc ele achou algumaaas infecçôes ligadas a cookies de internet e criou um log gigantesco que abre no navegador. Devo postar?

[Power Max 54]

O link pra download do usbfix nâo funciona.

:seta: Realmente o link para download do Usbfix estava com problemas, mas agora já atualizei ele e já estão funcionando. Acesse o tutorial dele novamente por gentileza e siga-o e depois poste o log do Usbfix para análise.

____________________________________

 

Baixei o Spyware Doctor Starter Edition e escaneei o pc ele achou algumaaas infecçôes ligadas a cookies de internet e criou um log gigantesco que abre no navegador. Devo postar?

Neste caso você pode hospedar o log no endereço abaixo:

http://www.badongo.com

Quando você acessar este site acima clique no botão Upload ficheiros > Continuar sem conta > selecione o log e clique no botão Abrir > clique em Iniciar carregamento > clique na aba Compartilhar > aparecerá uma mensagem dizendo assim:

Utilizar este código para compartilhar esta imagem com os seus amigos

E abaixo desta mensagem tem um link, aí é só copiar este link e postar em sua próxima resposta junto com o log do Usbfix.

 

Ficamos na espera.

[Hellder 0]

Ok. Tive que compactar o arquivo pra dar certo o upload.

 

-log do Spyware Doctor

http://www.badongo.com/file/18529115

 

-log do Usbfix

 

############################## | UsbFix V6.055 |

 

User : Helldr (Administradores) # USER-234CEC3FD7

Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 21:09:29 | 21/11/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 091121-1] 4.8.1335 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 25,39 Go (3,32 Go free) # NTFS

D:\ -> Disco fixo local # 49,13 Go (24,71 Go free) [ARQUIVOS] # NTFS

E:\ -> Disco CD-ROM

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe 640

C:\WINDOWS\system32\csrss.exe 688

C:\WINDOWS\system32\winlogon.exe 712

C:\WINDOWS\system32\services.exe 756

C:\WINDOWS\system32\lsass.exe 768

C:\ARQUIV~1\GbPlugin\GbpSv.exe 924

C:\WINDOWS\system32\svchost.exe 980

C:\WINDOWS\system32\svchost.exe 1064

C:\WINDOWS\System32\svchost.exe 1160

C:\WINDOWS\system32\svchost.exe 1204

C:\WINDOWS\system32\svchost.exe 1336

C:\WINDOWS\system32\svchost.exe 1416

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe 1472

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe 1520

C:\WINDOWS\system32\spoolsv.exe 1804

C:\WINDOWS\system32\svchost.exe 1896

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1936

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 1984

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe 2008

C:\WINDOWS\system32\HPZipm12.exe 2044

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe 180

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe 268

C:\WINDOWS\system32\svchost.exe 1320

C:\WINDOWS\system32\wuauclt.exe 1540

C:\WINDOWS\Explorer.EXE 1148

C:\WINDOWS\system32\wbem\wmiprvse.exe 2088

C:\WINDOWS\system32\igfxpers.exe 2396

C:\WINDOWS\RTHDCPL.EXE 2404

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe 2428

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe 2444

D:\HP\HP Software Update\HPWuSchd2.exe 2460

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe 2468

C:\Arquivos de programas\Java\jre6\bin\jusched.exe 2488

D:\Itunes\iTunesHelper.exe 2612

C:\WINDOWS\system32\ctfmon.exe 2720

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe 2732

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2740

D:\Ares\Ares.exe 3068

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe 3784

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe 3828

C:\Arquivos de programas\iPod\bin\iPodService.exe 276

C:\WINDOWS\System32\alg.exe 1376

C:\WINDOWS\system32\csrss.exe 2788

C:\WINDOWS\system32\winlogon.exe 2816

C:\WINDOWS\system32\logonui.exe 2944

C:\WINDOWS\system32\userinit.exe 1244

C:\WINDOWS\Explorer.EXE 1400

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\DOCUME~1\Helldr\CONFIG~1\Temp\splat_circles.zip

Supprimido ! C:\DOCUME~1\Helldr\CONFIG~1\Temp\___Urban_Brushes____by_Rawox.abr.zip

 

################## | Registro # Chaves infectieuses |

 

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{6a72e06a-bc3a-11de-9fc5-001966b925fd}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{b9d088ab-5091-11de-9e8b-001966b925fd}\Shell\AutoRun\Command

 

################## | Listing |

 

[02/06/2009 16:37|--a------|0] C:\AUTOEXEC.BAT

[19/11/2009 22:00|--a------|990] C:\avenger.txt

[02/06/2009 16:33|---hs----|211] C:\boot.ini

[14/09/2004 14:58|-rahs----|4952] C:\Bootfont.bin

[02/06/2009 16:37|--a------|0] C:\CONFIG.SYS

[02/06/2009 16:37|-rahs----|0] C:\IO.SYS

[02/06/2009 16:37|-rahs----|0] C:\MSDOS.SYS

[14/09/2004 14:58|-rahs----|47564] C:\NTDETECT.COM

[14/09/2004 14:58|-rahs----|251168] C:\ntldr

[?|?|?] C:\pagefile.sys

[21/11/2009 21:13|--a------|4054] C:\UsbFix.txt

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

 

################## | Suspeito | http://www.virustotal.com |

 

 

################## | Cracks / Keygens / Serials |

 

"D:\Arquivos de programas\RCT3\My Projects\Install files\Crack en Serial\Crack voor RCT3\RCT3.exe"

28/10/2004 10:10 |Size 10969088 |Crc32 8d382a1f |Md5 38c478af095bb44ef108fe57ac316abe

 

"D:\Arquivos de programas\RCT3\RCT3\My Projects\Install files\Crack en Serial\Crack voor RCT3\RCT3.exe"

28/10/2004 10:10 |Size 10969088 |Crc32 8d382a1f |Md5 38c478af095bb44ef108fe57ac316abe

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Adobe Illustrator CS3 Crack\Illustrator.exe"

10/07/2007 00:59 |Size 20180648 |Crc32 006597ab |Md5 30595aecaf0a21e86010b571812a3f3c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\Setup.exe"

18/03/2007 12:02 |Size 2682880 |Crc32 17beebd8 |Md5 57fe5ca31c417cac33d3a785f67ebe18

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsInstaller-KB893803-v2-x86.exe"

12/04/2007 10:40 |Size 2585872 |Crc32 58b8154b |Md5 342f79337765760ad4e392eb67d5ed2c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-ia64-enu.exe"

12/04/2007 10:40 |Size 5960944 |Crc32 9237f15c |Md5 c991331104728776a2cf670c6c697aaa

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x64-enu.exe"

12/04/2007 10:40 |Size 4584688 |Crc32 07facaa4 |Md5 bee43c913e11fde77e2203f92a91679c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x86-enu.exe"

12/04/2007 10:40 |Size 1536752 |Crc32 3cbc23cc |Md5 8b44f267d215f5ab372a65fc071c42c2

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsXP-KB898715-x64-enu.exe"

12/04/2007 10:40 |Size 4584688 |Crc32 07facaa4 |Md5 bee43c913e11fde77e2203f92a91679c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe"

15/02/2007 14:49 |Size 192823 |Crc32 9f2328a3 |Md5 85371ca92b8b0eb93a61b39ae3e6c231

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\WinCS3Clean\MSIZap.exe"

15/02/2007 14:49 |Size 94720 |Crc32 0b11dc1d |Md5 27d4bcc325306b1415a89de550528e04

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\keygen\Adobe Photoshop CS3 Keygen.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\keygen\Adobe Photoshop CS3 Trial to Full.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsInstaller-KB893803-v2-x86.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-ia64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x86-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsXP-KB898715-x64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\Setup.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe.log

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\MSIZap.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Adobe Illustrator CS3.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 2007_activator.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Adobe Illustrator CS3 Crack\Illustrator.exe

 

 

################## | Upload |

 

Favor enviar o arquivo : C:\DOCUME~1\Helldr\Desktop\UsbFix_Upload_Me_USER-234CEC3FD7.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

 

-log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:21:07, on 21/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Ares\Ares.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Backup cliente\Meus documentos\Helder\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com/?fr=fp-yie8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Social Mini Toolbar powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunOnce: [ GbPluginAbn] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehAbn.dll,Gbieh

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Helldr\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Manoel')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [ares] "D:\Ares\Ares.exe" -h (User 'Manoel')

O4 - HKUS\S-1-5-21-1606980848-1715567821-725345543-1005\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime (User 'Manoel')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Live Messenger .lnk = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 12330 bytes

 

 

 

Por enquanto tudo na mesma.

[Power Max 54]

:thumbsup: Vários outros problemas foram removidos do seu PC.

___________________________________

 

################## | Cracks / Keygens / Serials |

 

"D:\Arquivos de programas\RCT3\My Projects\Install files\Crack en Serial\Crack voor RCT3\RCT3.exe"

28/10/2004 10:10 |Size 10969088 |Crc32 8d382a1f |Md5 38c478af095bb44ef108fe57ac316abe

 

"D:\Arquivos de programas\RCT3\RCT3\My Projects\Install files\Crack en Serial\Crack voor RCT3\RCT3.exe"

28/10/2004 10:10 |Size 10969088 |Crc32 8d382a1f |Md5 38c478af095bb44ef108fe57ac316abe

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Adobe Illustrator CS3 Crack\Illustrator.exe"

10/07/2007 00:59 |Size 20180648 |Crc32 006597ab |Md5 30595aecaf0a21e86010b571812a3f3c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\Setup.exe"

18/03/2007 12:02 |Size 2682880 |Crc32 17beebd8 |Md5 57fe5ca31c417cac33d3a785f67ebe18

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsInstaller-KB893803-v2-x86.exe"

12/04/2007 10:40 |Size 2585872 |Crc32 58b8154b |Md5 342f79337765760ad4e392eb67d5ed2c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-ia64-enu.exe"

12/04/2007 10:40 |Size 5960944 |Crc32 9237f15c |Md5 c991331104728776a2cf670c6c697aaa

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x64-enu.exe"

12/04/2007 10:40 |Size 4584688 |Crc32 07facaa4 |Md5 bee43c913e11fde77e2203f92a91679c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x86-enu.exe"

12/04/2007 10:40 |Size 1536752 |Crc32 3cbc23cc |Md5 8b44f267d215f5ab372a65fc071c42c2

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\redist\WindowsXP-KB898715-x64-enu.exe"

12/04/2007 10:40 |Size 4584688 |Crc32 07facaa4 |Md5 bee43c913e11fde77e2203f92a91679c

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe"

15/02/2007 14:49 |Size 192823 |Crc32 9f2328a3 |Md5 85371ca92b8b0eb93a61b39ae3e6c231

 

"D:\Backup cliente\Meus documentos\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3\Photoshop CS3 Extended\WinCS3Clean\MSIZap.exe"

15/02/2007 14:49 |Size 94720 |Crc32 0b11dc1d |Md5 27d4bcc325306b1415a89de550528e04

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\keygen\Adobe Photoshop CS3 Keygen.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\keygen\Adobe Photoshop CS3 Trial to Full.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsInstaller-KB893803-v2-x86.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-ia64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsServer2003-KB898715-x86-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\redist\WindowsXP-KB898715-x64-enu.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\Setup.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\CS3Clean.exe.log

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 Extended\WinCS3Clean\MSIZap.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Adobe Illustrator CS3.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Photoshop CS3 2007_activator.exe

 

"D:\Backup cliente\Meus documentos\LimeWire\Saved\Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip"

Contain : Adobe Illustrator CS3 Crack\Illustrator.exe

:!: Como você vê nesta lista acima, há vários programas crackeados e/ou pirateados em seu PC e é muito importante desinstalá-los, pois um programa falsificado sempre vem com virus e malwares embutidos.

 

No caso de programas crackeados, as pessoas que criam esses cracks sempre fazem alguma modificação que abrem brechas de segurança no seu PC para que depois ela possa invadir o seu PC ou instalar malwares sem que o antivirus se dê conta disso (pois ele foi modificado ou crackeado justamente para este fim). Você acha que as pessoas que crackeiam os programas estão fazendo isso porque são caridosas e bondosas? É claro que não! O que elas querem é um modo de invadir o PC das pessoas que usam esses programas.

_____________________________________

 

:seta: Depois de desinstalar estes programas crackeados, siga por gentileza as dicas deste tutorial:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Hellder 0]

Desinstalei os programas e fui no site indicado mas o BitDefender Online nâo consegue reeceber as atualizaçôes. Ate tentei no firefox, tambem nâo deu.

 

O que faço agora?

[Power Max 54]

Desinstalei os programas e fui no site indicado mas o BitDefender Online nâo consegue reeceber as atualizaçôes. Ate tentei no firefox, tambem nâo deu.

 

O que faço agora?

:seta: Siga então, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Norton Security Scan and Clean:

 

Tutorial do Norton Security Scan and Clean

 

• Poste este log do Norton Security Scan and Clean em sua próxima resposta juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

• Ficamos no aguardo.

[Hellder 0]

Tentei mais de uma vez e em horarios diferentes instalar o norton. tambem nao deu.

 

Estou quase me rendendo a formataçao do pc.

[Power Max 54]

Tentei mais de uma vez e em horarios diferentes instalar o norton. tambem nao deu.

:seta: Siga então, por gentileza, as dicas deste tutorial para fazer uma limpeza com o Kaspersky Virus Removal Tool:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.