[Resolvido!] qual procedimento devo realizar para retirar cavalo

[vinicius s 0]

Olá, meu sistema esta infectado com cavalo de troia, segue log do hijackthis, gostaria de auxilio qual procedimento devo realizar,esta atacando vários programas, necessito de ajuda como retirar, este trojan,agradeço a ajuda.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:34, on 3/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Vinicius\Meus documentos\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14672&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vinicius\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253067737140

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE886819-8739-449C-996A-6E959D99CD18}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1c9f052b192404a) (gupdate1c9f052b192404a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

[wings 22]

Boa tarde vinicius s

 

Poderia colar uma screen com o alerta do seu antivírus?

 

Vejo que você está usando 2 antivírus: Avast e Avira. É recomendável usar apenas 1 para evitar conflitos.

[vinicius s 0]

Boa tarde vinicius s

 

Poderia colar uma screen com o alerta do seu antivírus?

 

Vejo que você está usando 2 antivírus: Avast e Avira. É recomendável usar apenas 1 para evitar conflitos.

 

 

 

Ola não sei como postar a screen no fórum, mas tenho os arquivos que mantive em quarentena no avast, foram escaneados, e apareceram que estão infectados com "win;32troja-gen"

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp247828040.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp247828040.tmp\5 Win32:Trojan-gen

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp114090306.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp114090306.tmp\4 Win32:Trojan-gen

 

-os demais não estão infectados devo retira-los da quarentena ou manter a quarentena nesse arquivos por enquanto, são os seguintes-

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215232033.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215232033.tmp\8.av$ -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp236649141.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp236649141.tmp\12.av$ -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp230354096.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp230354096.tmp\10.av$ -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\inno.hdr -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\Code.bin -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\WizardImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\WizardSmallImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_AMD64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_IA64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\setup.exe\[Embedded_R#REGDLL_EXE] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\setup.exe\[Embedded_R#SHFOLDERDLL] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{embedded}\setup.exe -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$\{app}\TeaTimer.exe -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp99423860.tmp\11.av$ -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp120497624.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp120497624.tmp\15.av$ -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\inno.hdr -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\WizardImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\WizardSmallImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_AMD64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_IA64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\setup.exe\[Embedded_R#REGDLL_EXE] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\setup.exe\[Embedded_R#SHFOLDERDLL] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{embedded}\setup.exe -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13\{app}\advcheck.dll -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp23872165.tmp\13 -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\inno.hdr -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\Code.bin -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\WizardImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\WizardSmallImage.bmp -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_AMD64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\setup.exe\[Embedded_R#HELPER_EXE_IA64] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\setup.exe\[Embedded_R#REGDLL_EXE] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\setup.exe\[Embedded_R#SHFOLDERDLL] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{embedded}\setup.exe -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14\{app}\TeaTimer.exe -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp215332036.tmp\14 -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp151819053.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp151819053.tmp\18.exe -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp31519458.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp31519458.tmp\19.dll -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp229884602.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp229884602.tmp\20.exe -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp46261379.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp46261379.tmp\22.exe -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp\23.exe\[Embedded_R#2af720] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp\23.exe\[Embedded_R#2c7720] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp\23.exe\[Embedded_R#e6ecf4] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp\23.exe\[Embedded_R#ea1cf4] -- sem vírus --

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp7051773.tmp\23.exe -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp93692131.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp93692131.tmp\21.dll -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp204026931.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp204026931.tmp\24.exe -- sem vírus --

 

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp19920930.tmp

C:\DOCUME~1\Vinicius\CONFIG~1\Temp\_avast4_\unp19920930.tmp\6.exe -- sem vírus --

 

 

Acho que você tem razão e o avira tenha entrado em conflito com o avast, devo manter o avast e excluir o avira, qual seria o melhor nessa situação,e fiz um escaneamento com malwarebytes em modo de segurança, ele encontrou 3 arquivos dos quais exclui sera que o problema persistira com o os 2 arquivos infectados com o "win32; troja-gen", me desculpe, o tamanho da resposta mais foi o unico jeito do qual consegui responder a você, obrigado pela ajuda.

[wings 22]

Em relação a qual antivírus manter é uma decisão sua.

 

Minha preferência é o Avira.

 

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta

[vinicius s 0]

Em relação a qual antivírus manter é uma decisão sua.

 

Minha preferência é o Avira.

 

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta

 

 

segue log malwarebyte

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2775

Windows 5.1.2600 Service Pack 2 (Safe Mode)

 

3/12/2009 14:26:27

mbam-log-2009-12-03 (14-26-27).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 188503

Tempo decorrido: 24 minute(s), 30 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[wings 22]

1.

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

*Duplo clique em dds e aguarde

*Ao término surgirá um relatório (DDS.txt). Salve-o no desktop.

*Uma nova janela surgirá ("D.D.S - Optional_Scan"), clique em [NÃO]

*Ao término clique [OK]

*Cole o relatório DDS.txt

[vinicius s 0]

1.

*Baixe o DDS'>http://download.bleepingcomputer.com/sUBs/dds.scr"]DDS e salve-o no desktop

*Desative temporariamente seu antivírus

*Duplo clique em dds e aguarde

*Ao término surgirá um relatório (DDS.txt). Salve-o no desktop.

*Uma nova janela surgirá ("D.D.S - Optional_Scan"), clique em [NÃO]

*Ao término clique [OK]

*Cole o relatório DDS.txt

 

 

so uma pergunta estou observando que no malwarebyte ele mostra a chave de registro, dei uma oha por la e os registors se encontram, devo deleta-los, são os seguintes

UpdatesDisableNotify

FirewallDisableNotify

AntiVirusDisableNotify

 

e se encontra mais 3 egistors estranhos

 

AntiVirusOverride

FirewallOverride

FirstRunDisabled

 

devo deleta-los, estou desconfiado, sera que delatando eles terei uma melhora?

 

ieri fazer o que você me disse e posto o relatorio em seguida

[wings 22]

Pode remover sim...

 

Basta abrir o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

[vinicius s 0]

1.

*Baixe o DDS'>http://download.bleepingcomputer.com/sUBs/dds.scr"]DDS e salve-o no desktop

*Desative temporariamente seu antivírus

*Duplo clique em dds e aguarde

*Ao término surgirá um relatório (DDS.txt). Salve-o no desktop.

*Uma nova janela surgirá ("D.D.S - Optional_Scan"), clique em [NÃO]

*Ao término clique [OK]

*Cole o relatório DDS.txt

 

segue DDS.TXT

 

 

S (Ver_09-12-01.01) - NTFSx86

Run by Vinicius at 17:16:37,23 on qui 03/12/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.958.408 [GMT -2:00]

 

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 091203-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\regedit.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Documents and Settings\Vinicius\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://br.ask.com?o=14672&l=dis

uURLSearchHooks: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\arquivos de programas\mybabylon_english\tbmyBa.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\arquivos de programas\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Discador iBest: {4f869c58-d71d-4850-8bdd-7b5cdf8ec911} - c:\arquivos de programas\discador ibest\ibestbar.dll

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\arquivos de programas\askbardis\bar\bin\askBar.dll

TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\arquivos de programas\mybabylon_english\tbmyBa.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] "c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\vinicius\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [sony Ericsson PC Suite] "c:\arquivos de programas\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Motive SmartBridge] "c:\arquiv~1\assist~1\smartb~1\MotiveSB.exe" /restart

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\arquivos de programas\assistente tecnico speedy\bin\matcli.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\arquivos de programas\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253067737140

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

TCP: {DE886819-8739-449C-996A-6E959D99CD18} = 200.204.0.10 200.204.0.138

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-18 114768]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-12-17 11840]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\arquivos de programas\avira\antivir personaledition classic\sched.exe [2008-12-17 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe [2008-12-17 151297]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-18 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2008-12-18 138680]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2008-12-18 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2008-12-18 352920]

R3 avgntflt;avgntflt;c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-12-17 52032]

S2 gupdate1c9f052b192404a;Google Update Service (gupdate1c9f052b192404a);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-6-18 133104]

 

=============== Created Last 30 ================

 

2009-12-03 17:13:10 52 ----a-w- c:\windows\ScreenHunter.INI

2009-12-03 17:12:34 0 d-----w- c:\arquivos de programas\Wisdom-soft ScreenHunter 5 Pro

2009-12-03 15:48:49 0 d-----w- c:\docume~1\vinicius\dadosd~1\Malwarebytes

2009-12-03 15:48:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 15:48:29 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-12-03 15:48:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-03 15:48:27 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-26 17:19:41 7168 --sha-w- c:\documents and settings\vinicius\Thumbs.db

2009-11-07 23:38:46 2969 ----a-w- c:\documents and settings\vinicius\.recently-used.xbel

2009-11-07 23:37:38 38824 ----a-w- c:\documents and settings\vinicius\Jesus alegre gimp .JPG

2009-11-07 23:10:57 0 d-----w- c:\arquivos de programas\NCH Software

2009-11-07 21:42:14 73728 ----a-w- c:\windows\system32\vbzlib1.dll

 

==================== Find3M ====================

 

2009-10-24 18:00:21 67232 ----a-w- c:\windows\system32\perfc016.dat

2009-10-24 18:00:21 425072 ----a-w- c:\windows\system32\perfh016.dat

 

============= FINISH: 17:16:46,67 ===============

[wings 22]

1.

Qual antivírus você decidiu manter no PC?

 

Escolha um e desinstale o outro.

 

2.

*Delete o DDS e seu relatório.

 

3.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

[vinicius s 0]

1.

Qual antivírus você decidiu manter no PC?

 

Escolha um e desinstale o outro.

 

2.

*Delete o DDS e seu relatório.

 

3.

*Baixe o AD-Remover'>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

 

ok, decidi pelo avira, o avast anda me deixando na mão, segue log, obrigado

 

 

===== LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 03.12.2009 at 20:30

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 17:52:51, qui 03/12/2009 | Normal Boot | Option: SCAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 2 versÆo 5.1.2600

Computer Name: VINICIUS-291E05 | Current user: Vinicius

.

============== FOUND ELEMENT(S) ==============

.

C:\DOCUME~1\Vinicius\DADOSD~1\AD ON Multimedia

C:\DOCUME~1\Vinicius\DADOSD~1\DesktopIcon

C:\Arquivos de programas\AskBarDis

C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js

C:\DOCUME~1\Vinicius\DADOSD~1\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk

C:\DOCUME~1\Vinicius\MENUIN~1\Ebay.lnk

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\appdatalow\AskHomepage

HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

HKLM\software\AskBarDis

HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

HKU\s-1-5-21-448539723-1202660629-725345543-1003\software\appdatalow\AskBarDis

HKU\s-1-5-21-448539723-1202660629-725345543-1003\software\appdatalow\AskHomepage

.

============== Added scan ==============

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://br.ask.com?o=14672&l=dis

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: NARY 647a6ed42c5eca01

Start Page Redirect Cache AcceptLangs: pt-br

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Vinicius\Meus documentos\beatware mobile\Beatware.Mobile.Designer.v2.0\patch\MobileDesigner2_patch.exe

.

===================================

.

2800 Byte(s) - C:\Ad-Report-SCAN[1].log

.

438 File(s) - C:\DOCUME~1\Vinicius\CONFIG~1\Temp

11 File(s) - C:\WINDOWS\Temp

.

1 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

0 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 17:57:39 | qui 03/12/2009 - SCAN[1]

.

============== E.O.F ==============

.

[wings 22]

*Execute novamente o AD-Remover

*Tecle L > [ENTER]

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

[vinicius s 0]

*Execute novamente o AD-Remover

*Tecle L > [ENTER]

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

 

segue log

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 03.12.2009 at 20:30

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 18:19:55, qui 03/12/2009 | Normal Boot | Option: CLEAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 2 versÆo 5.1.2600

Computer Name: VINICIUS-291E05 | Current user: Vinicius

.

============== NEUTRALIZED ELEMENT(S) ==============

.

C:\DOCUME~1\Vinicius\DADOSD~1\AD ON Multimedia

C:\DOCUME~1\Vinicius\DADOSD~1\DesktopIcon

C:\Arquivos de programas\AskBarDis

C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js

C:\DOCUME~1\Vinicius\DADOSD~1\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk

C:\DOCUME~1\Vinicius\MENUIN~1\Ebay.lnk

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\appdatalow\AskHomepage

HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

HKLM\software\AskBarDis

HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

.

============== Added scan ==============

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: NARY 647a6ed42c5eca01

Start Page Redirect Cache AcceptLangs: pt-br

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Vinicius\Meus documentos\beatware mobile\Beatware.Mobile.Designer.v2.0\patch\MobileDesigner2_patch.exe

.

===================================

.

2808 Byte(s) - C:\Ad-Report-CLEAN[1].log

3138 Byte(s) - C:\Ad-Report-SCAN[1].log

.

0 File(s) - C:\DOCUME~1\Vinicius\CONFIG~1\Temp

1 File(s) - C:\WINDOWS\Temp

.

18 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

26 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 18:23:11 | qui 03/12/2009 - CLEAN[1]

.

============== E.O.F ==============

[wings 22]

OK...

 

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

2.

*Faça um scan do PC com o Avira e veja se está tudo OK.

[vinicius s 0]

OK...

 

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

2.

*Faça um scan do PC com o Avira e veja se está tudo OK.

 

apos o scan deu este resultado, ainda encontra 3 arquivos e 1 detenção

 

 

Avira AntiVir Personal

Report file date: quinta-feira, 3 de dezembro de 2009 18:49

 

Scanning for 1335824 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: VINICIUS-291E05

 

Version information:

BUILD.DAT : 8.2.0.347 16934 Bytes 16/3/2009 14:45:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 17/12/2008 20:06:11

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/5/2008 11:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/6/2008 16:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/5/2008 11:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:06:12

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 23:41:20

ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1/4/2009 16:43:52

ANTIVIR3.VDF : 7.1.3.2 7680 Bytes 1/4/2009 16:43:53

Engineversion : 8.2.0.129

AEVDF.DLL : 8.1.1.0 106868 Bytes 31/1/2009 22:40:09

AESCRIPT.DLL : 8.1.1.70 369019 Bytes 26/3/2009 23:54:01

AESCN.DLL : 8.1.1.8 127346 Bytes 5/3/2009 23:41:41

AERDL.DLL : 8.1.1.3 438645 Bytes 17/12/2008 20:06:13

AEPACK.DLL : 8.1.3.11 397687 Bytes 25/3/2009 23:43:00

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/2/2009 23:42:35

AEHEUR.DLL : 8.1.0.111 1679736 Bytes 25/3/2009 23:42:52

AEHELP.DLL : 8.1.2.2 119158 Bytes 26/2/2009 23:42:05

AEGEN.DLL : 8.1.1.31 340341 Bytes 26/3/2009 23:53:56

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 14:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 19/2/2009 23:41:13

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 14:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/7/2008 12:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/5/2008 13:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 17/12/2008 20:06:13

AVREG.DLL : 8.0.0.1 33537 Bytes 9/5/2008 15:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/2/2008 12:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/6/2008 16:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/1/2008 21:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/6/2008 16:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/1/2008 16:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/6/2008 17:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/6/2008 17:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\arquivos de programas\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: quarantine

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: quinta-feira, 3 de dezembro de 2009 18:49

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'epmworker.exe' - '1' Module(s) have been scanned

Scan process 'Generic.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned

Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

37 processes with 37 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '58' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Arquivos de programas\Telefonica\Speedy\motive\Instalador Assistente Speedy.exe

[0] Archive type: NSIS

--> [ProgramFilesDir]/Assistente Tecnico Speedy/[PluginsDir]/ioSpecial.ini

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\Vinicius\Meus documentos\Downloads\TFAK5 Baixaki.zip

[0] Archive type: ZIP

--> tfak.exe

[DETECTION] Is the TR/Virtl.1752 Trojan

[NOTE] The file was moved to '4b592aac.qua'!

Begin scan in 'D:\' <Backup>

 

 

End of the scan: quinta-feira, 3 de dezembro de 2009 19:36

Used time: 47:12 Minute(s)

 

The scan has been done completely.

 

7464 Scanning directories

249991 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

249988 Files not concerned

2225 Archives were scanned

3 Warnings

1 Notes

[wings 22]

OK...o arquivo foi removido para a quarentena.

 

Trata-se do Trojan First Aid Kit...um anti-trojan.

 

 

Por favor....cole um novo log do hijack.

[vinicius s 0]

OK...o arquivo foi removido para a quarentena.

 

Trata-se do Trojan First Aid Kit...um anti-trojan.

 

 

Por favor....cole um novo log do hijack.

 

segue log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:16:12, on 3/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

c:\arquivos de programas\avira\antivir desktop\avcenter.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Vinicius\Meus documentos\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vinicius\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253067737140

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE886819-8739-449C-996A-6E959D99CD18}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate1c9f052b192404a) (gupdate1c9f052b192404a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 10009 bytes

[vinicius s 0]

OK...o arquivo foi removido para a quarentena.

 

Trata-se do Trojan First Aid Kit...um anti-trojan.

 

 

Por favor....cole um novo log do hijack.

 

acabei dando uma pesquisada sobre o avira, encontrei este arquivo de update do avira, no baixaki "Avira Antivir Virus Definition File Update" http://www.baixaki.com.br/download/avira-antivir-virus-definition-file-update.htm

 

seria uma boa baixar este file update do avira?

[wings 22]

 

acabei dando uma pesquisada sobre o avira, encontrei este arquivo de update do avira, no baixaki "Avira Antivir Virus Definition File Update" http://www.baixaki.com.br/download/avira-antivir-virus-definition-file-update.htm

 

seria uma boa baixar este file update do avira?

 

Não...se seu Avira está atualizando automaticamente, não precisa baixar.

 

Caso ele deixe de fazer alguma atualização, devido ao congestionamento nos servidores você poderá fazer a atualização manual.

 

O método de como fazer isso é descrito abaixo.

 

*Acesse o link abaixo

http://www.avira.com/en/support/support_downloads.html

*Baixe a atualização e salve-a numa pasta (Ex. Meus documentos)

http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip

 

 

*Execute o Avira, clique na opção "Update" e depois em "Manual update"

 

 

*Selecione o arquivo que foi baixado

*Ao término clique [OK]

 

 

Quanto ao seu log...ele está limpo.

[vinicius s 0]

 

acabei dando uma pesquisada sobre o avira, encontrei este arquivo de update do avira, no baixaki "Avira Antivir Virus Definition File Update" http://www.baixaki.com.br/download/avira-antivir-virus-definition-file-update.htm

 

seria uma boa baixar este file update do avira?

 

Não...se seu Avira está atualizando automaticamente, não precisa baixar.

 

Caso ele deixe de fazer alguma atualização, devido ao congestionamento nos servidores você poderá fazer a atualização manual.

 

O método de como fazer isso é descrito abaixo.

 

*Acesse o link abaixo

http://www.avira.com/en/support/support_downloads.html

*Baixe a atualização e salve-a numa pasta (Ex. Meus documentos)

http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip

 

 

*Execute o Avira, clique na opção "Update" e depois em "Manual update"

 

 

*Selecione o arquivo que foi baixado

*Ao término clique [OK]

 

 

Quanto ao seu log...ele está limpo.

 

Wings, muito obrigado pela ajuda e pela atenção ao meu problema, o meu sitema esta normal agora e os ataques sessarão, agradeço a ajuda deste fórum, pode ter certeza sera muito indicado a amigos, da mesma forma que tomei conhecimento deste fórum, por se tratar de um forum de confiança, obrigado, atenciosamente Vinicius s.