Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

keysha

[Resolvido!] PC lento e não responde

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

keysha    0

keysha
Postado

PC tem apresentado lentidão e toda vez que tento usar o windows explorer ou abro a pasta meu computador ele trava e aparece a mensagem "não responde".

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:27:43, on 19/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6464 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! keysha

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

keysha    0

keysha
Postado

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3201

Windows 5.1.2600 Service Pack 3

 

20/11/2009 06:22:54

mbam-log-2009-11-20 (06-22-54).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 245414

Tempo decorrido: 2 hour(s), 7 minute(s), 52 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:26:19, on 20/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6228 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! keysha

 

<@> Faça um scan online em: < kaspersky.gif > <-- Link!

<@> Utilize para isso,o navegador Internet Explorer.

<@> Acesse o site,e clique em Verificação On-line Kaspersky.

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

Kas-Savetxt.gif

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

keysha    0

keysha
Postado

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, November 21, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, November 21, 2009 01:13:37

Records in database: 3252592

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - Folder:

C:\

 

Scan statistics:

Objects scanned: 76402

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 09:38:16

 

No threats found. Scanned area is clean.

 

Selected area has been scanned.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:00:07, on 25/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sublime\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6507 bytes

 

Tô començando a achar que meu problema é de hardware mesmo, a lentidão diminuiu, mas se tento fazer mais de uma coisa já trava. Se estou fazendo download de um vídeo, não consigo nem mover conteúdo de uma pasta para outra.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! keysha

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste: C:\ComboFix.txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

keysha    0

keysha
Postado

Quando começou a rodar o ComboFix ele avisou que o AVG Anti-Virus Free estava ativo, mas procurei e não achei nenhum arquivo e esse anti-virus já foi desinstalado há muito tempo. Continuei "por minha própria conta e risco".

 

Segue log do ComboFix:

 

ComboFix 09-12-07.01 - Sublime 07/12/2009 20:13.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.768.410 [GMT -2:00]

Executando de: c:\documents and settings\Sublime\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador.CASA-394B976A04\Dados de aplicativos\inst.exe

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera \AMCap.lnk

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\ USB Web Camera \Uninstall.lnk

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-07 to 2009-12-07 ))))))))))))))))))))))))))))

.

 

2009-12-07 22:06 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

2009-11-24 18:46 . 2009-11-24 19:08 -------- d-----w- C:\Mari

2009-11-24 18:14 . 2009-11-24 18:14 -------- d-----w- c:\arquivos de programas\Cool Record Edit Pro

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Malwarebytes

2009-11-20 04:13 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-11-20 04:13 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-16 09:03 . 2009-11-16 09:03 -------- d-----w- c:\documents and settings\Sublime\.thumb

2009-11-10 13:52 . 2009-11-10 13:58 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\ICQ

2009-11-10 13:14 . 2009-11-10 13:58 -------- d-----w- c:\arquivos de programas\ICQ6.5

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-07 16:14 . 2009-08-18 13:12 1 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-07 00:35 . 2009-07-03 02:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-05 03:01 . 2009-08-18 03:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Spyware Terminator

2009-12-04 21:52 . 2009-07-29 12:34 3494195 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2009-12-04 20:27 . 2009-12-04 21:59 1785856 ----a-w- c:\windows\Internet Logs\xDB24.tmp

2009-12-04 20:08 . 2009-12-04 21:59 1960960 ----a-w- c:\windows\Internet Logs\xDB23.tmp

2009-11-29 23:34 . 2009-07-06 14:57 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-11-29 20:27 . 2009-07-28 01:38 -------- d-----w- c:\arquivos de programas\Last.fm

2009-11-23 03:23 . 2009-11-23 13:40 1773056 ----a-w- c:\windows\Internet Logs\xDB22.tmp

2009-11-23 03:16 . 2009-08-18 08:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\uTorrent

2009-11-17 13:49 . 2009-11-17 15:27 1780224 ----a-w- c:\windows\Internet Logs\xDB21.tmp

2009-11-16 09:22 . 2007-04-28 18:12 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-11-16 09:15 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-11-16 09:14 . 2009-07-09 05:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-11-16 08:57 . 2009-07-31 06:49 -------- d-----w- c:\arquivos de programas\AviSynth 2.5

2009-11-16 08:28 . 2009-11-16 08:31 5711872 ----a-w- c:\windows\Internet Logs\xDB1F.tmp

2009-11-16 08:28 . 2009-11-16 08:32 1764352 ----a-w- c:\windows\Internet Logs\xDB20.tmp

2009-11-13 04:38 . 2009-04-13 23:16 -------- d-----w- c:\arquivos de programas\eMule

2009-11-10 13:56 . 2007-04-28 17:36 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-06 14:00 . 2009-11-06 14:09 1745920 ----a-w- c:\windows\Internet Logs\xDB1E.tmp

2009-11-05 19:20 . 2009-11-06 06:17 1744384 ----a-w- c:\windows\Internet Logs\xDB1D.tmp

2009-11-05 08:52 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

2009-11-04 19:14 . 2009-11-04 19:15 1750016 ----a-w- c:\windows\Internet Logs\xDB1C.tmp

2009-11-04 19:11 . 2009-08-27 07:22 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Ashampoo

2009-11-04 19:07 . 2009-07-31 00:31 -------- d-----w- c:\arquivos de programas\Ashampoo

2009-11-03 01:12 . 2009-11-03 11:39 1742336 ----a-w- c:\windows\Internet Logs\xDB1B.tmp

2009-10-31 03:16 . 2009-10-07 21:14 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\gtk-2.0

2009-10-29 05:55 . 2007-05-02 21:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-27 02:50 . 2008-06-08 00:01 -------- d-----w- c:\arquivos de programas\The KMPlayer

2009-10-26 20:21 . 2008-12-14 19:26 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-10-26 18:19 . 2008-02-07 12:59 -------- d-----w- c:\arquivos de programas\DivX

2009-10-23 23:08 . 2009-10-23 23:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2009-10-23 23:08 . 2009-03-07 22:15 -------- d-----w- c:\arquivos de programas\QuickTime

2009-10-23 23:07 . 2009-10-23 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer

2009-10-17 07:28 . 2009-10-17 14:35 1710592 ----a-w- c:\windows\Internet Logs\xDB1A.tmp

2009-10-13 16:56 . 2009-10-13 16:58 1727488 ----a-w- c:\windows\Internet Logs\xDB19.tmp

2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Soulseek

2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\arquivos de programas\SoulseekNS

2009-10-06 14:32 . 2009-10-06 14:35 1703424 ----a-w- c:\windows\Internet Logs\xDB18.tmp

2009-09-21 01:04 . 2009-09-21 01:06 1694208 ----a-w- c:\windows\Internet Logs\xDB17.tmp

2009-09-15 01:39 . 2009-09-15 01:40 1689088 ----a-w- c:\windows\Internet Logs\xDB16.tmp

2009-09-09 06:59 . 2000-01-01 03:05 1694208 ----a-w- c:\windows\Internet Logs\xDB15.tmp

2007-10-22 05:49 . 2007-10-22 05:49 1805306 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 867848 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 807132 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 49392 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 44850 ----a-w- c:\arquivos de programas\dxdllreg_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 21744 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 200010 ----a-w- c:\arquivos de programas\NOV2007_XACT_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 1712608 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 151512 ----a-w- c:\arquivos de programas\NOV2007_XACT_x86.cab

2007-02-16 14:31 . 2008-02-21 03:43 227328 ----a-w- c:\arquivos de programas\mpTrim.exe

2003-09-10 23:51 . 2008-04-20 06:27 1626172 ----a-w- c:\arquivos de programas\CDex.exe

2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"SpywareTerminatorUpdate"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-06 3055616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-06 2173440]

"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Sublime\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPopUpsOnBoot"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador.CASA-394B976A04^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 06:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2002-01-28 16:16 1228800 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-01-26 16:07 5529600 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-01-26 16:07 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-01-26 16:07 1490944 ----a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]

2009-07-21 08:23 345600 ----a-w- c:\arquivos de programas\Kat MP3 Recorder\Kat MP3 Recorder.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 03:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]

2007-05-09 13:46 835584 ----a-w- c:\windows\vsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]

2007-04-21 12:30 270336 ----a-w- c:\windows\tsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Administrador.CASA-394B976A04\\Meus documentos\\Downloads\\utorrent.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/7/2009 00:38 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/7/2009 00:38 108552]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/7/2009 12:57 142592]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/7/2009 06:35 108289]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [6/7/2009 11:32 10343168]

S2 avg8emc;AVG Free8 E-mail Scanner; [x]

S2 avg8wd;AVG Free8 WatchDog; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

------- Scan Suplementar -------

.

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - ProfilePath - c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/371762-pc-lento-e-nao-responde/

FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe

AddRemove-HijackThis - C:\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-07 20:22

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-12-07 20:25

ComboFix-quarantined-files.txt 2009-12-07 22:25

 

Pré-execução: 15 pasta(s) 107.943.116.800 bytes disponíveis

Pós execução: 19 pasta(s) 108.168.712.192 bytes disponíveis

 

- - End Of File - - 09BC8BFA2B2179E702EE8628E6CED415

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! keysha

 

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Driver::

"AvgLdx86"

"AvgTdiX"

"avg8emc"

"avg8wd"

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

keysha    0

keysha
Postado

Bom dia!

 

ComboFix 09-12-07.01 - Sublime 09/12/2009 9:21.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.768.441 [GMT -2:00]

Executando de: c:\documents and settings\Sublime\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Sublime\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AVG8EMC

-------\Legacy_AVG8WD

-------\Legacy_AVGLDX86

-------\Legacy_AVGTDIX

-------\Service_avg8emc

-------\Service_avg8wd

-------\Service_AvgLdx86

-------\Service_AvgTdiX

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))

.

 

2009-12-08 05:02 . 2009-12-08 05:02 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-12-07 22:06 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

2009-11-24 18:46 . 2009-11-24 19:08 -------- d-----w- C:\Mari

2009-11-24 18:14 . 2009-11-24 18:14 -------- d-----w- c:\arquivos de programas\Cool Record Edit Pro

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Malwarebytes

2009-11-20 04:13 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-11-20 04:13 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-20 04:13 . 2009-11-20 04:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-16 09:03 . 2009-11-16 09:03 -------- d-----w- c:\documents and settings\Sublime\.thumb

2009-11-10 13:52 . 2009-11-10 13:58 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\ICQ

2009-11-10 13:14 . 2009-11-10 13:58 -------- d-----w- c:\arquivos de programas\ICQ6.5

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-08 01:27 . 2009-08-18 13:12 1 ----a-w- c:\documents and settings\Sublime\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-08 00:03 . 2009-07-09 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-07 00:35 . 2009-07-03 02:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-05 03:01 . 2009-08-18 03:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Spyware Terminator

2009-12-04 20:27 . 2009-12-04 21:59 1785856 ----a-w- c:\windows\Internet Logs\xDB24.tmp

2009-12-04 20:08 . 2009-12-04 21:59 1960960 ----a-w- c:\windows\Internet Logs\xDB23.tmp

2009-11-29 23:34 . 2009-07-06 14:57 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-11-29 20:27 . 2009-07-28 01:38 -------- d-----w- c:\arquivos de programas\Last.fm

2009-11-23 03:23 . 2009-11-23 13:40 1773056 ----a-w- c:\windows\Internet Logs\xDB22.tmp

2009-11-23 03:16 . 2009-08-18 08:16 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\uTorrent

2009-11-17 13:49 . 2009-11-17 15:27 1780224 ----a-w- c:\windows\Internet Logs\xDB21.tmp

2009-11-16 09:22 . 2007-04-28 18:12 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-11-16 09:15 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-11-16 09:14 . 2009-07-09 05:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-11-16 08:57 . 2009-07-31 06:49 -------- d-----w- c:\arquivos de programas\AviSynth 2.5

2009-11-16 08:28 . 2009-11-16 08:31 5711872 ----a-w- c:\windows\Internet Logs\xDB1F.tmp

2009-11-16 08:28 . 2009-11-16 08:32 1764352 ----a-w- c:\windows\Internet Logs\xDB20.tmp

2009-11-13 04:38 . 2009-04-13 23:16 -------- d-----w- c:\arquivos de programas\eMule

2009-11-10 13:56 . 2007-04-28 17:36 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-06 14:00 . 2009-11-06 14:09 1745920 ----a-w- c:\windows\Internet Logs\xDB1E.tmp

2009-11-05 19:20 . 2009-11-06 06:17 1744384 ----a-w- c:\windows\Internet Logs\xDB1D.tmp

2009-11-05 08:52 . 2009-07-06 14:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator

2009-11-04 19:14 . 2009-11-04 19:15 1750016 ----a-w- c:\windows\Internet Logs\xDB1C.tmp

2009-11-04 19:11 . 2009-08-27 07:22 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\Ashampoo

2009-11-04 19:07 . 2009-07-31 00:31 -------- d-----w- c:\arquivos de programas\Ashampoo

2009-11-03 01:12 . 2009-11-03 11:39 1742336 ----a-w- c:\windows\Internet Logs\xDB1B.tmp

2009-10-31 03:16 . 2009-10-07 21:14 -------- d-----w- c:\documents and settings\Sublime\Dados de aplicativos\gtk-2.0

2009-10-29 05:55 . 2007-05-02 21:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-27 02:50 . 2008-06-08 00:01 -------- d-----w- c:\arquivos de programas\The KMPlayer

2009-10-26 20:21 . 2008-12-14 19:26 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-10-26 18:19 . 2008-02-07 12:59 -------- d-----w- c:\arquivos de programas\DivX

2009-10-23 23:08 . 2009-10-23 23:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2009-10-23 23:08 . 2009-03-07 22:15 -------- d-----w- c:\arquivos de programas\QuickTime

2009-10-23 23:07 . 2009-10-23 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer

2009-10-17 07:28 . 2009-10-17 14:35 1710592 ----a-w- c:\windows\Internet Logs\xDB1A.tmp

2009-10-13 16:56 . 2009-10-13 16:58 1727488 ----a-w- c:\windows\Internet Logs\xDB19.tmp

2009-10-06 14:32 . 2009-10-06 14:35 1703424 ----a-w- c:\windows\Internet Logs\xDB18.tmp

2009-09-21 01:04 . 2009-09-21 01:06 1694208 ----a-w- c:\windows\Internet Logs\xDB17.tmp

2009-09-15 01:39 . 2009-09-15 01:40 1689088 ----a-w- c:\windows\Internet Logs\xDB16.tmp

2007-10-22 05:49 . 2007-10-22 05:49 1805306 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 867848 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 807132 ----a-w- c:\arquivos de programas\NOV2007_d3dx10_36_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 49392 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 44850 ----a-w- c:\arquivos de programas\dxdllreg_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 21744 ----a-w- c:\arquivos de programas\NOV2007_X3DAudio_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 200010 ----a-w- c:\arquivos de programas\NOV2007_XACT_x64.cab

2007-10-22 05:49 . 2007-10-22 05:49 1712608 ----a-w- c:\arquivos de programas\NOV2007_d3dx9_36_x86.cab

2007-10-22 05:49 . 2007-10-22 05:49 151512 ----a-w- c:\arquivos de programas\NOV2007_XACT_x86.cab

2007-02-16 14:31 . 2008-02-21 03:43 227328 ----a-w- c:\arquivos de programas\mpTrim.exe

2003-09-10 23:51 . 2008-04-20 06:27 1626172 ----a-w- c:\arquivos de programas\CDex.exe

2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-07_22.22.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-09 11:32 . 2009-12-09 11:32 16384 c:\windows\Temp\Perflib_Perfdata_758.dat

+ 2000-01-01 02:02 . 2000-01-01 02:02 16384 c:\windows\Temp\Perflib_Perfdata_664.dat

+ 2008-09-10 19:56 . 2009-10-09 18:00 185920 c:\windows\system32\rmoc3260.dll

- 2008-09-10 19:56 . 2008-09-10 19:56 185920 c:\windows\system32\rmoc3260.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"SpywareTerminatorUpdate"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-06 3055616]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-06 2173440]

"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Sublime\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPopUpsOnBoot"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador.CASA-394B976A04^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 06:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2009-06-30 12:55 2329224 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2002-01-28 16:16 1228800 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-01-26 16:07 5529600 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-01-26 16:07 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-01-26 16:07 1490944 ----a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]

2009-07-21 08:23 345600 ----a-w- c:\arquivos de programas\Kat MP3 Recorder\Kat MP3 Recorder.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 03:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]

2007-05-09 13:46 835584 ----a-w- c:\windows\vsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]

2007-04-21 12:30 270336 ----a-w- c:\windows\tsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Administrador.CASA-394B976A04\\Meus documentos\\Downloads\\utorrent.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/7/2009 12:57 142592]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/7/2009 06:35 108289]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [6/7/2009 11:32 10343168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

------- Scan Suplementar -------

.

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - ProfilePath - c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/371762-pc-lento-e-nao-responde/

FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\Sublime\Dados de aplicativos\Mozilla\Firefox\Profiles\8rbg6w9g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 09:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\docume~1\Sublime\CONFIG~1\Temp\~DFDB4B.tmp 98304 bytes

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2216)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-09 09:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-09 11:39

ComboFix2.txt 2009-12-07 22:25

 

Pré-execução: 18 pasta(s) 106.912.481.280 bytes disponíveis

Pós execução: 19 pasta(s) 106.794.778.624 bytes disponíveis

 

- - End Of File - - 714D3D94600CF105448319B56B33FDD6

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:43:08, on 9/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Sublime\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246823069359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247783761656

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 5770 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! keysha

 

<@> Para desinstalar o Malwarebytes,dê duplo-clique no arquivo em destaque.

<@> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

<@> Reinicie o computador,após a conclusão!

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< 92674490.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

<><><><><><><><><><><>

<@> Baixe: < TFC > ( by Old Timer )

 

<!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html >

 

<@> Salve-o no desktop!

<@> Feche todos os programas! ( Internet,navegador,etc... )

<@> Execute TFC.exe,com um duplo-clique.

<@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador

<@> Clique em Start --> Aguarde!

<@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot )

<><><><><><><><><><><><>

<!> Seus logs estão limpos!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito