[Arquivado] analise log hijackthis

[Tássio Ribeiro 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:21:22, on 6/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9511 bytes

 

__________________________________________________________________________________________________________________________________________________________________________________

 

ams70.chm\ams70.hhk C:\Arquivos de programas\AutoPlay Media Studio 7.0 Trial\Docs\ams70.chm Provavelmente SCRIPT.Virus

ams70.chm C:\Arquivos de programas\AutoPlay Media Studio 7.0 Trial\Docs A pasta contem objectos infectados Movido.

{5E06C751-B004-40BC-B932-20791BA437FE}.msi/stream000/ams70.chm\ams70.hhk C:\Documents and Settings\Tássio\Dados de aplicativos\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F}\{5E06C751 Provavelmente SCRIPT.Virus

ams70.chm C:\Documents and Settings\Tássio\Dados de aplicativos\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F} A pasta contem objectos infectados

stream000 C:\Documents and Settings\Tássio\Dados de aplicativos\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F} O arquivo contém objectos infectados

{5E06C751-B004-40BC-B932-20791BA437FE}.msi C:\Documents and Settings\Tássio\Dados de aplicativos\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F} O arquivo contém objectos infectados Movido.

Flash_Disinfector.exe/data002\nircmd.exe C:\Documents and Settings\Tássio\Desktop\Flash_Disinfector.exe/data002 Tool.NirCmd.1

data002 C:\Documents and Settings\Tássio\Desktop O arquivo contém objectos infectados

Flash_Disinfector.exe C:\Documents and Settings\Tássio\Desktop A pasta contem objectos infectados Movido.

UsbFix.exe\Tools\Kill_P.exe C:\Documents and Settings\Tássio\Desktop\UsbFix.exe Tool.Prockill

UsbFix.exe C:\Documents and Settings\Tássio\Desktop O arquivo contém objectos infectados Movido.

PC_DAZStudio_1_8_2_1.exe\unvised_154.bin C:\Documents and Settings\Tássio\Meus documentos\Revistas\Photoshop Creative\Arquivos\Revista Photoshop Creative 1 CD Extras\Es Adware.Bho.47

PC_DAZStudio_1_8_2_1.exe C:\Documents and Settings\Tássio\Meus documentos\Revistas\Photoshop Creative\Arquivos\Revista Photoshop Creative 1 CD Extras\Es O arquivo contém objectos infectados Movido.

A0005033.msi/stream000/ams70.chm\ams70.hhk C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP83\A0005033.msi/stream000/ams70.chm Provavelmente SCRIPT.Virus

ams70.chm C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP83 A pasta contem objectos infectados

stream000 C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP83 O arquivo contém objectos infectados

A0005033.msi C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP83 O arquivo contém objectos infectados Movido.

A0006196.bat C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP86 Provavelmente BATCH.Virus Incurável.Movido.

A0014586.exe\32788R22FWJFW\List-C.bat C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89\A0014586.exe Provavelmente BATCH.Virus

A0014586.exe C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 O arquivo contém objectos infectados Movido.

A0016861.msi/stream000/ams70.chm\ams70.hhk C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89\A0016861.msi/stream000/ams70.chm Provavelmente SCRIPT.Virus

ams70.chm C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 A pasta contem objectos infectados

stream000 C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 O arquivo contém objectos infectados

A0016861.msi C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 O arquivo contém objectos infectados Movido.

A0016862.exe/data002\nircmd.exe C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89\A0016862.exe/data002 Tool.NirCmd.1

data002 C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 O arquivo contém objectos infectados

A0016862.exe C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 A pasta contem objectos infectados Movido.

A0016863.exe\Tools\Kill_P.exe C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89\A0016863.exe Tool.Prockill

A0016863.exe C:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP89 O arquivo contém objectos infectados Movido.

MGASetup.exe D:\Users\Tássio\AppData\Local\Temp Trojan.Hosts.82 Eliminado.

A0002274.exe\unvised_154.bin E:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP71\A0002274.exe Adware.Bho.47

A0002274.exe E:\System Volume Information\_restore{81A7E351-221A-4C9E-98B2-B5345F0C00E0}\RP71 O arquivo contém objectos infectados Movido.

 

____________________________________________________________________________________________________________________________________________________________________________________________________

 

O pc trava quando usa o ie8 com o msn e windows media player.

[Power Max 54]

:) Outros problemas foram removidos pelo Dr. Web CureIt.

 

O pc trava quando usa o ie8 com o msn e windows media player.

:seta: Siga então, por gentileza, as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Tássio Ribeiro 0]

:) Outros problemas foram removidos pelo Dr. Web CureIt.

 

O pc trava quando usa o ie8 com o msn e windows media player.

:seta: Siga então, por gentileza, as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

 

 

O Kaspersky não deu nenhum virus, eu não consegui copiar o log. Eram muitos arquivos verificados e quando eu mandava selecionar todos, travava. Mas tenho certeza, olhei bem e não encontrou nenhum virus.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:53:46, on 7/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: _uninst_setup_9.0.0.722_06.01.2010_23-13.exe.lnk = ?

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9626 bytes

 

O internet explorer continua travando na maioria das vezes quando usado no orkut e junto com o msn.

[Power Max 54]

:seta: Conecte a sua unidade L:\ -> Disco removível # 3,76 Go (2,49 Go free) [TÁSSIO] # FAT32 ao seu PC e mantenha ele conectado até o final destes passos abaixo:

 

Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\h0.exe

D:\h0.exe

E:\h0.exe

F:\h0.exe

L:\h0.exe

c:\windows\system32\ezsidmv.dat

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

___________________________________

 

:seta: Envie os arquivos desta pasta destacada em vermelho abaixo para serem analisados no site http://www.virustotal.com/ '>Virus Total (envie um arquivo de cada vez):

C:\a0e62f0d1741a0f8e5

 

Obs: Caso o Virus Total esteja muito congestionado, envie estes arquivos para serem analisados em um destes sites abaixo:

 

http://virscan.org/

http://virusscan.jotti.org/

http://www.viruschief.com/

 

Nestes sites acima os arquivos serão escaneados por vários antivírus ao mesmo tempo, o que dará uma certeza muito maior de que os arquivos sejam seguros ou não.

______________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

______________________________________

 

:seta: Na sua próxima resposta poste um novo log do Hijackthis juntamente com o log que estará em C:\avenger.txt e nos diga se algum virus foi encontrado naqueles arquivo da pasta a ser escaneada no site Virus Total e nos diga como está seu PC depois disto.

 

Ficamos na espera.

[Tássio Ribeiro 0]

Não tive mais paciência e formatei o pc. Acontece que ainda continua travando, diminuiu mas continua.

A pasta C:\a0e62f0d1741a0f8e5 não existe mais.

Estou com dúvida nas pastas "$RECYCLE.BIN e autorun.inf", que estão nas outras pasrtições que não formatei.

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\h0.exe" not found!

Deletion of file "C:\h0.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "D:\h0.exe" not found!

Deletion of file "D:\h0.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "E:\h0.exe" not found!

Deletion of file "E:\h0.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "F:\h0.exe" not found!

Deletion of file "F:\h0.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open file "L:\h0.exe"

Deletion of file "L:\h0.exe" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

 

Error: file "c:\windows\system32\ezsidmv.dat" not found!

Deletion of file "c:\windows\system32\ezsidmv.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

_______________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:37, on 10/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

 

--

End of file - 6024 bytes

[Power Max 54]

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

_____________________________________

 

:seta: Baixe e execute este programa abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_____________________________________

 

Estou com dúvida nas pastas "$RECYCLE.BIN e autorun.inf", que estão nas outras pasrtições que não formatei.

:seta: Siga, por gentileza, todas as dicas deste tutorial:

 

Dicas para remover vírus que se propagam por pendrives e outras midias removíveis

 

Na sua próxima resposta poste um novo log do Hijackthis juntamente com o log que estará em C:\PenClean\PenClean.txt e o log que estará em C:\Usbfix.txt e nos diga como está seu PC depois destes procedimentos.

[Tássio Ribeiro 0]

Não consigo rodar o penclean para midias removiveis, ele trava. Com o antivirus desativado!

E o pc parou mais de travar até agora não travou.

E a pasta $RECYCLE.BIN continua na unidade D: e F:. A autorun.inf foi excluida ou pelo agora depois de rodar os programas do tutorial.

 

############################## | UsbFix V6.073 |

 

User : Tássio (Administradores) # TASSIO

Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 10:59:49 | 11/1/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Processador Intel Pentium III Xeon

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

AV : ESET Smart Security 4.0 4.0 [ Enabled | Updated ]

FW : Firewall pessoal do ESET[ Enabled ]4.0.437.0

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 112,42 Go (77,88 Go free) # NTFS

D:\ -> Disco fixo local # 48,94 Go (5,47 Go free) [Documentos] # NTFS

E:\ -> Disco fixo local # 126,93 Go (67,57 Go free) [Arquivos] # NTFS

F:\ -> Disco fixo local # 9,8 Go (1,58 Go free) [Músicas] # NTFS

G:\ -> Disco removível

H:\ -> Disco removível

I:\ -> Disco removível

J:\ -> Disco removível

K:\ -> Disco CD-ROM

L:\ -> Disco removível # 3,76 Go (2,47 Go free) [TÁSSIO] # FAT32

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe 876

C:\WINDOWS\system32\csrss.exe 940

C:\WINDOWS\system32\winlogon.exe 964

C:\WINDOWS\system32\services.exe 1008

C:\WINDOWS\system32\lsass.exe 1020

C:\WINDOWS\system32\svchost.exe 1196

C:\WINDOWS\system32\svchost.exe 1244

C:\WINDOWS\System32\svchost.exe 1368

C:\WINDOWS\system32\svchost.exe 1476

C:\WINDOWS\system32\svchost.exe 1620

C:\WINDOWS\system32\logonui.exe 1696

C:\WINDOWS\system32\spoolsv.exe 1800

C:\WINDOWS\system32\userinit.exe 1996

C:\WINDOWS\Explorer.EXE 168

C:\WINDOWS\system32\svchost.exe 584

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe 632

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 784

C:\WINDOWS\system32\nvsvc32.exe 580

C:\Arquivos de programas\System Protect\SysProtect_srv.exe 848

C:\WINDOWS\system32\wuauclt.exe 1528

C:\WINDOWS\system32\wbem\wmiprvse.exe 852

C:\WINDOWS\System32\alg.exe 1096

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1003

Supprimido ! C:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1004

Supprimido ! D:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1003

Supprimido ! D:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1004

Supprimido ! D:\Recycler\S-1-5-21-448539723-1417001333-1801674531-1003

Supprimido ! E:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1003

Supprimido ! E:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1004

Supprimido ! E:\Recycler\S-1-5-21-448539723-1417001333-1801674531-1003

Supprimido ! F:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1003

Supprimido ! F:\Recycler\S-1-5-21-1177238915-1275210071-1801674531-1004

Supprimido ! F:\Recycler\S-1-5-21-448539723-1417001333-1801674531-1003

Não supprimido ! L:\AUTORUN_.INF

Supprimido ! L:\e9naq.exe

Supprimido ! L:\h0.exe

Não supprimido ! L:\autorun.inf

 

################## | Registro # Chaves infectieuses |

 

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Registro # Mountpoints2 |

 

 

################## | Listing |

 

[07/01/2010 19:59|--a------|0] C:\AUTOEXEC.BAT

[10/01/2010 11:43|--a------|2980] C:\avenger.txt

[07/01/2010 21:41|---hs----|211] C:\boot.ini

[14/04/2008 10:00|-rahs----|4952] C:\Bootfont.bin

[07/01/2010 19:59|--a------|0] C:\CONFIG.SYS

[07/01/2010 20:10|--a------|40] C:\csb.log

[07/01/2010 19:59|-rahs----|0] C:\IO.SYS

[07/01/2010 19:59|-rahs----|0] C:\MSDOS.SYS

[14/04/2008 10:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 10:00|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[11/01/2010 11:01|--a------|3749] C:\UsbFix.txt

[25/08/2009 10:29|--ahs----|19968] E:\Thumbs.db

[11/03/2009 04:31|--a------|89280] L:\StartPortableApps.exe

[12/12/2009 05:16|--a------|20355973] L:\ProShow_Producer_v4.1.2711.rar

[?|?|?] L:\AUTORUN.INF

[03/01/2010 06:02|--a------|231417] L:\Musik@snet 2010 Videos HQ.htm

[03/01/2010 03:18|--a------|18105975] L:\ProS_P_v4[1].1.2711_All.Stylepack.part3.rar

[03/01/2010 02:03|--a------|105906176] L:\ProS_P_v4[1].1.2711_All.Stylepack.part1.rar

[03/01/2010 02:54|--a------|105906176] L:\ProS_P_v4[1].1.2711_All.Stylepack.part2.rar

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

# E:\autorun.inf -> Folder criado por UsbFix.

# F:\autorun.inf -> Folder criado por UsbFix.

 

################## | Crack > Keygen > Serial |

 

"E:\backup\t ssio\Meus documentos\Downloads\Windows Genuine Advantage Validation v1.9.9.1 CRACKED\WgaTray.exe"

12/02/2009 05:30 |Size 323072 |Crc32 d4ac65e9 |Md5 c923696f5821e690cf8dd6365026e520

 

"E:\Programas\FOTO\ACDSee Pro 2.0.219\KEYGEN\CORE10k.EXE"

10/09/2007 23:02 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36

 

"E:\Programas\FOTO\FotoStation Pro Edition 6.0.122\Crack\FotoStation.exe"

04/12/2010 12:47 |Size 12621080 |Crc32 e1662e68 |Md5 bc24a3c53313377efb891cf7b12b9718

 

"E:\Programas\FOTO\Photoshop CS3\Crack\Photoshop.exe"

18/04/2007 03:24 |Size 44814336 |Crc32 8d075606 |Md5 d450729171238e2ea26b74099327d7aa

 

"E:\Programas\FOTO\Quick Photo Resizer\crack\qpr.exe"

07/01/2009 10:22 |Size 2219136 |Crc32 c7b56426 |Md5 faf2f87231642f047e1e8a9f5a0cb5f2

 

"E:\Programas\ProShow_Producer_v4.1.2711\Keygen\CORE10k.EXE"

09/01/2009 23:57 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36

 

"E:\Programas\Sony.DVD.Architect.Pro.v5.0b.Build.180\Keygen\Keygen.exe"

25/10/2009 17:06 |Size 205312 |Crc32 42080118 |Md5 76a6770eab1f37c74d3037706ae428ac

 

 

################## | Upload |

 

Favor enviar o arquivo : C:\DOCUME~1\TSSIO~1\Desktop\UsbFix_Upload_Me_TASSIO.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.073 ! |

____________________________________________________________________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:15:06, on 11/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

 

--

End of file - 5810 bytes

[Power Max 54]

:) Vários problemas foram removidos pelo Usbfix.

__________________________________

 

Não consigo rodar o penclean para midias removiveis, ele trava. Com o antivirus desativado!

:seta: Tente executar o Penclean no "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro do Windows e veja se é possível.

__________________________

 

################## | Crack > Keygen > Serial |

 

"E:\backup\t ssio\Meus documentos\Downloads\Windows Genuine Advantage Validation v1.9.9.1 CRACKED\WgaTray.exe"

12/02/2009 05:30 |Size 323072 |Crc32 d4ac65e9 |Md5 c923696f5821e690cf8dd6365026e520

 

"E:\Programas\FOTO\ACDSee Pro 2.0.219\KEYGEN\CORE10k.EXE"

10/09/2007 23:02 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36

 

"E:\Programas\FOTO\FotoStation Pro Edition 6.0.122\Crack\FotoStation.exe"

04/12/2010 12:47 |Size 12621080 |Crc32 e1662e68 |Md5 bc24a3c53313377efb891cf7b12b9718

 

"E:\Programas\FOTO\Photoshop CS3\Crack\Photoshop.exe"

18/04/2007 03:24 |Size 44814336 |Crc32 8d075606 |Md5 d450729171238e2ea26b74099327d7aa

 

"E:\Programas\FOTO\Quick Photo Resizer\crack\qpr.exe"

07/01/2009 10:22 |Size 2219136 |Crc32 c7b56426 |Md5 faf2f87231642f047e1e8a9f5a0cb5f2

 

"E:\Programas\ProShow_Producer_v4.1.2711\Keygen\CORE10k.EXE"

09/01/2009 23:57 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36

 

"E:\Programas\Sony.DVD.Architect.Pro.v5.0b.Build.180\Keygen\Keygen.exe"

25/10/2009 17:06 |Size 205312 |Crc32 42080118 |Md5 76a6770eab1f37c74d3037706ae428ac

:!: É muito importante desinstalar programas pirateados ou crackeados que estejam no seu PC, pois a enorme maioria destes programas trazem virus e/ou malwares embutidos neles, além de poderem trazer brechas de segurança que facilitem a invasão de seu computador.

__________________________________

 

:seta: Você fez a limpeza com o Flash Disinfector? Caso não tenha feito, faça por gentileza.

__________________________________

 

:seta: Siga novamente, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

[Tássio Ribeiro 0]

Malwarebytes' Anti-Malware 1.43

Versão do banco de dados: 3458

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/1/2010 10:56:21

mbam-log-2010-01-12 (10-56-21).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|L:\|)

Objetos verificados: 234115

Tempo decorrido: 34 minute(s), 35 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 4

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Documents and Settings\Tássio\Dados de aplicativos\Wplugin.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8FB0C21A-CA20-428A-90DB-8C006AC9CDB6}\RP24\A0010227.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8FB0C21A-CA20-428A-90DB-8C006AC9CDB6}\RP26\A0015449.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

____________________________________________________________________________________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:00:15, on 12/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

 

--

End of file - 5584 bytes

_________________________________________________________________________________________________________________________________________________________________________________

 

Até agora não travou, mas ontem a noite travou 2 vezes.

O meu antivírus sempre detecta virus na pasta system volume information\_restore em todas as partições.

[Power Max 54]

:) Outros problemas foram removidos pelo Malwarebytes.

__________________________________

 

:!: Você não respondeu o que te perguntei: Você fez a limpeza com o Flash Disinfector? Caso não tenha feito, faça por gentileza.

 

Você tentou executar o Penclean no Modo Seguro? Caso consiga executá-lo, poste o log dele para analizarmos.

__________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo BitDefender Online:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Tássio Ribeiro 0]

Usei o flash desinfector sim!

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 14/01/2010 11:52:11

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

Folders : 10460

Files : 181668

Memory processes scanned : 34

Archives : 1526

Runtime packers : 17107

Identified viruses : 0

Infected files : 0

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 30

Scan time : 00:34:35

Scan speed (files/sec) : 87

 

Spyware Statistics

 

Registry keys scanned : 908

Registry keys infected : 0

Cookies scanned : 20

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 2244492

Scan plugins : 12

Archive plugins : 43

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Dados de aplicativos\Bitdefender\Desktop\Profiles\Logs\full_scan\1263477131.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

________________________________________________________________________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:29:26, on 14/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\System Protect\SysProtect_srv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

C:\WINDOWS\RTHDCPL.EXE

E:\BitDefender free 10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe

E:\BitDefender free 10\vsserv.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Tássio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [systemProtect] C:\Arquivos de programas\System Protect\SysProtect_Tray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bDAgent] "E:\BitDefender free 10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Arquivos de programas\AnVir Task Manager Free\AnVir.exe" Minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Arquivos de programas\System Protect\SysProtect_srv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender free 10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 7128 bytes

[Power Max 54]

:) Seus logs estão limpos. Como está o seu PC?

[Tássio Ribeiro 0]

:) Seus logs estão limpos. Como está o seu PC?

Pensei que estava bom, mas depois de rodar o bitdefender e postar o resultado aqui, Rodei também o malwarebytes e detectou 2 infecções removeu e depois que reiniciei ele travou. Reiniciei de novo e agora está normal. Isso foi agora minutos atrás.

[Power Max 54]

Pensei que estava bom, mas depois de rodar o bitdefender e postar o resultado aqui, Rodei também o malwarebytes e detectou 2 infecções removeu e depois que reiniciei ele travou. Reiniciei de novo e agora está normal. Isso foi agora minutos atrás.

:seta: Siga então novamente, por gentileza, as dicas destes tutoriais:

 

Tutorial do Norman Malware Cleaner

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.