[Resolvido!] Análise de log

[Sabrina Alves 0]

Boa noite!

 

Por gentileza, gostaria que analisassem o log do hijackthis de meu pc, pois está muito lento. Pra começar, não consegui executar o hijackthis direto do C:, somente do desktop.

 

Qualquer problema me avisem.

 

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29:24, on 04/01/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\s3trayp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\wuauclt.exe

C:\Users\jucelino\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [REFPART] "C:\ProgramData\AdminRegsRegs.2b4oo"

O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\two proxy view.4q3xj"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador iG.lnk = C:\Program Files\iG\Discador.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.atrativa.com.br/games/applets/popcap/zuma/popcaploader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6625 bytes

 

Obrigada!

[Power Max 54]

:) Oi Sabrina! Seja bem-vinda ao Fórum Imasters.

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-lop-s-d.html"]Tutorial do Lop S&D

_______________________________

 

:seta: Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

 

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

 

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

______________________________

 

:seta: A versão do Avg que você está usando já está muito desatualizada. Desinstale-o e baixe e instale o novo Avg 9 seguindo as dicas deste tutorial:

 

Tutorial do Avg 9 Free (como instalá-lo corretamente)

 

Aí quando o Avg 9 tiver sido instalado, você faz um escaneamento completo do seu computador com o Avg e à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

________________________________

 

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com o log que estará em C:\lopR.txt e um novo log do Hijackthis e nos diga se foram detectados e removidos alguns virus pelo Avg e como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[Sabrina Alves 0]

Boa tarde!

 

Não consegui acessar o link do Lop S&D. Aparecia a seguinte mensagem:

 

"The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal."

 

Segue o log do Malwarebytes:

 

Malwarebytes' Anti-Malware 1.43

Versão do banco de dados: 3496

Windows 6.0.6000 (Safe Mode)

Internet Explorer 7.0.6000.16945

 

05/01/2010 15:00:40

mbam-log-2010-01-05 (15-00-40).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 224970

Tempo decorrido: 42 minute(s), 14 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mode free bird surf (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Segue log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:22:09, on 05/01/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iG\Discador.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wuauclt.exe

C:\Users\jucelino\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador iG.lnk = C:\Program Files\iG\Discador.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.atrativa.com.br/games/applets/popcap/zuma/popcaploader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5757 bytes

[Power Max 54]

Não consegui acessar o link do Lop S&D. Aparecia a seguinte mensagem:

 

"The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal."

Esta mensagem costuma aparecer quando o servidor de download deste programa está muito sobrecarregado. Mas para facilitar, hospedei ele no endereço abaixo:

http://www.badongo.com/file/19554142

 

Quando acessar este link acima, aguarde alguns momentos e digite os números que aparecem no canto superior direito da página e tecle Enter > aguarde a contagem regressiva > clique no botão Faça o download do seu ficheiro aqui.

 

Aí depois de baixá-lo, é só seguir as dicas daquele tutorial que te passei para executá-lo corretamente.

__________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

__________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

__________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\LopR.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[Sabrina Alves 0]

Boa noite!

 

Segue log do Nod32:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

 

Log do Lop S&D:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Starter ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Celeron® M CPU 440 @ 1.86GHz )

BIOS : Ver 1.00PARTTBL

USER : jucelino ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:43 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 05/01/2010|21:55 )

 

[ UAC => 1 ]

 

--------------------\\ Lista de pastas em Local

 

[13/04/2008|14:36] C:\Users\jucelino\AppData\Local\Adobe

[10/08/2008|14:47] C:\Users\jucelino\AppData\Local\Apple Computer

[26/12/2008|12:16] C:\Users\jucelino\AppData\Local\ApplicationHistory

[25/10/2008|10:22] C:\Users\jucelino\AppData\Local\ArcSoft

[05/01/2010|14:27] C:\Users\jucelino\AppData\Local\d3d9caps.dat

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Dados de aplicativos

[08/12/2009|12:43] C:\Users\jucelino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[11/05/2008|17:47] C:\Users\jucelino\AppData\Local\fusioncache.dat

[03/01/2010|09:37] C:\Users\jucelino\AppData\Local\GDIPFONTCACHEV1.DAT

[06/12/2009|09:39] C:\Users\jucelino\AppData\Local\Google

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Hist¢rico

[05/01/2010|17:26] C:\Users\jucelino\AppData\Local\IconCache.db

[05/01/2010|15:50] C:\Users\jucelino\AppData\Local\Microsoft

[01/05/2008|14:26] C:\Users\jucelino\AppData\Local\Microsoft Games

[05/01/2010|21:08] C:\Users\jucelino\AppData\Local\Temp

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Temporary Internet Files

[11/05/2008|17:49] C:\Users\jucelino\AppData\Local\VirtualStore

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[05/01/2010 21:06][--ah-----] C:\Windows\tasks\SA.DAT

[05/01/2010 17:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[04/04/2008|17:42] C:\ProgramData\Adobe

[11/05/2008|16:18] C:\ProgramData\Apple Computer

[02/11/2006|11:02] C:\ProgramData\Application Data

[05/01/2010|15:55] C:\ProgramData\avg9

[03/07/2009|13:58] C:\ProgramData\beep axis mode free

[04/04/2008|17:46] C:\ProgramData\Dados de aplicativos

[02/11/2006|11:02] C:\ProgramData\Desktop

[04/04/2008|17:46] C:\ProgramData\Documentos

[02/11/2006|11:02] C:\ProgramData\Documents

[02/11/2006|11:02] C:\ProgramData\Favorites

[04/04/2008|17:46] C:\ProgramData\Favoritos

[26/10/2008|09:39] C:\ProgramData\Google

[05/01/2010|14:11] C:\ProgramData\Malwarebytes

[04/04/2008|17:46] C:\ProgramData\Menu Iniciar

[08/07/2008|22:57] C:\ProgramData\Messenger Plus!

[11/06/2008|15:10] C:\ProgramData\Microsoft

[04/04/2008|17:46] C:\ProgramData\Modelos

[26/12/2008|12:10] C:\ProgramData\Spyware Terminator

[02/11/2006|11:02] C:\ProgramData\Start Menu

[02/11/2006|11:02] C:\ProgramData\Templates

[26/06/2008|16:24] C:\ProgramData\WLInstaller

[25/04/2009|16:05] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Lista de pastas em C:\Program Files

 

[04/04/2008|17:42] C:\Program Files\Adobe

[04/04/2008|17:46] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[05/01/2010|15:55] C:\Program Files\AVG

[25/04/2009|15:56] C:\Program Files\CCleaner

[09/11/2008|10:26] C:\Program Files\Common Files

[26/10/2008|09:39] C:\Program Files\Google

[09/07/2008|20:40] C:\Program Files\iCam

[11/09/2009|00:49] C:\Program Files\iG

[26/12/2008|12:21] C:\Program Files\InstallShield Installation Information

[14/12/2009|09:47] C:\Program Files\Internet Explorer

[08/03/2009|14:17] C:\Program Files\Java

[05/01/2010|14:12] C:\Program Files\Malwarebytes' Anti-Malware

[25/04/2009|16:04] C:\Program Files\Marcos Velasco Security

[09/11/2008|09:57] C:\Program Files\Messenger Plus! Live

[02/11/2006|10:33] C:\Program Files\Microsoft Games

[09/07/2008|21:38] C:\Program Files\Microsoft Office

[02/11/2006|10:41] C:\Program Files\Movie Maker

[02/11/2006|10:33] C:\Program Files\MSBuild

[02/11/2006|10:33] C:\Program Files\MSN

[11/05/2008|17:41] C:\Program Files\QuickTime

[02/11/2006|10:33] C:\Program Files\Reference Assemblies

[05/01/2010|15:10] C:\Program Files\Spyware Terminator

[09/11/2008|10:37] C:\Program Files\Sun

[04/04/2008|17:34] C:\Program Files\Synaptics

[02/11/2006|11:02] C:\Program Files\Uninstall Information

[17/06/2008|11:30] C:\Program Files\Windows Calendar

[17/06/2008|11:29] C:\Program Files\Windows Defender

[26/06/2008|16:35] C:\Program Files\Windows Live

[14/12/2009|09:47] C:\Program Files\Windows Mail

[29/10/2009|09:21] C:\Program Files\Windows Media Player

[04/04/2008|17:46] C:\Program Files\Windows NT

[02/11/2006|10:41] C:\Program Files\Windows Photo Gallery

[17/06/2008|11:29] C:\Program Files\Windows Sidebar

[25/04/2009|15:56] C:\Program Files\Yahoo!

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[04/04/2008|17:42] C:\Program Files\Common Files\Adobe

[26/12/2008|12:22] C:\Program Files\Common Files\ArcSoft

[25/10/2008|10:16] C:\Program Files\Common Files\InstallShield

[09/11/2008|10:26] C:\Program Files\Common Files\Java

[05/01/2010|15:52] C:\Program Files\Common Files\microsoft shared

[02/11/2006|09:18] C:\Program Files\Common Files\Services

[04/04/2008|17:46] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[09/07/2008|20:37] C:\Program Files\Common Files\snp325

[02/11/2006|09:18] C:\Program Files\Common Files\SpeechEngines

[25/10/2008|10:22] C:\Program Files\Common Files\SWF Studio

[17/06/2008|11:30] C:\Program Files\Common Files\System

[26/06/2008|16:06] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 55 Processes )

 

iexplore.exe ~ [PID:3092]

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

C:\ProgramData\beep axis mode free

C:\ProgramData\beep axis mode free\bleh move.dat

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-05 21:56:15

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:21][D:8]-> C:\Users\jucelino\AppData\Local\Temp

[F:29][D:1]-> C:\Users\jucelino\AppData\Roaming\MICROS~1\Windows\Cookies

[F:56][D:4]-> C:\Users\jucelino\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2010|21:57 - Option : [1]

 

--------------------\\ Verificação completa em 21:57:11

[ UAC => 1 ]

 

 

E o novo log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:33, on 05/01/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\s3trayp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Users\jucelino\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O13 - Gopher Prefix:

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.atrativa.com.br/games/applets/popcap/zuma/popcaploader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 4826 bytes

 

 

Obrigada!

[Power Max 54]

Segue log do Nod32:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

:!: Aparentemente o Nod32 não foi executado completamente, pois o log dele está incompleto. Você chegou a concluir o escaneamento com ele? Foi detectado e removido algum virus?

________________________________

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 05/01/2010|21:55 )

:!: Você usou a opção 1 no Lop S&D, e esta opção 1 é só para se fazer uma procura pelo Lop. Para se remover é preciso usar a opção 2, use novamente o Lop S&D e use esta opção 2 para remover os problemas encontrados, conforme é mostrado no tutorial e poste o log dele e me responda sobre esta questão do Nod32 que fiz acima.

[Sabrina Alves 0]

Boa Noite!!

 

Como não me lembrava se o Nod32 havia detectado alguma infecção, fiz o scan novamente. No final, apareceu a informação de não havia nenhuma infecção e o log é o seguinte:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

 

E o log do Lop S&D:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Starter ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Celeron® M CPU 440 @ 1.86GHz )

BIOS : Ver 1.00PARTTBL

USER : jucelino ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:43 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 07/01/2010|20:53 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\ProgramData\beep axis mode free\bleh move.dat

Deletado! - C:\ProgramData\beep axis mode free

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em Local

 

[13/04/2008|14:36] C:\Users\jucelino\AppData\Local\Adobe

[10/08/2008|14:47] C:\Users\jucelino\AppData\Local\Apple Computer

[26/12/2008|12:16] C:\Users\jucelino\AppData\Local\ApplicationHistory

[25/10/2008|10:22] C:\Users\jucelino\AppData\Local\ArcSoft

[05/01/2010|14:27] C:\Users\jucelino\AppData\Local\d3d9caps.dat

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Dados de aplicativos

[08/12/2009|12:43] C:\Users\jucelino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[11/05/2008|17:47] C:\Users\jucelino\AppData\Local\fusioncache.dat

[03/01/2010|09:37] C:\Users\jucelino\AppData\Local\GDIPFONTCACHEV1.DAT

[06/12/2009|09:39] C:\Users\jucelino\AppData\Local\Google

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Hist¢rico

[07/01/2010|12:08] C:\Users\jucelino\AppData\Local\IconCache.db

[05/01/2010|15:50] C:\Users\jucelino\AppData\Local\Microsoft

[01/05/2008|14:26] C:\Users\jucelino\AppData\Local\Microsoft Games

[07/01/2010|20:53] C:\Users\jucelino\AppData\Local\Temp

[04/04/2008|17:50] C:\Users\jucelino\AppData\Local\Temporary Internet Files

[11/05/2008|17:49] C:\Users\jucelino\AppData\Local\VirtualStore

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[07/01/2010 20:23][--ah-----] C:\Windows\tasks\SA.DAT

[07/01/2010 12:12][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[04/04/2008|17:42] C:\ProgramData\Adobe

[11/05/2008|16:18] C:\ProgramData\Apple Computer

[02/11/2006|11:02] C:\ProgramData\Application Data

[05/01/2010|15:55] C:\ProgramData\avg9

[04/04/2008|17:46] C:\ProgramData\Dados de aplicativos

[02/11/2006|11:02] C:\ProgramData\Desktop

[04/04/2008|17:46] C:\ProgramData\Documentos

[02/11/2006|11:02] C:\ProgramData\Documents

[02/11/2006|11:02] C:\ProgramData\Favorites

[04/04/2008|17:46] C:\ProgramData\Favoritos

[26/10/2008|09:39] C:\ProgramData\Google

[05/01/2010|14:11] C:\ProgramData\Malwarebytes

[04/04/2008|17:46] C:\ProgramData\Menu Iniciar

[08/07/2008|22:57] C:\ProgramData\Messenger Plus!

[11/06/2008|15:10] C:\ProgramData\Microsoft

[04/04/2008|17:46] C:\ProgramData\Modelos

[05/01/2010|23:38] C:\ProgramData\Spyware Terminator

[02/11/2006|11:02] C:\ProgramData\Start Menu

[02/11/2006|11:02] C:\ProgramData\Templates

[26/06/2008|16:24] C:\ProgramData\WLInstaller

[25/04/2009|16:05] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Lista de pastas em C:\Program Files

 

[04/04/2008|17:42] C:\Program Files\Adobe

[04/04/2008|17:46] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[05/01/2010|15:55] C:\Program Files\AVG

[25/04/2009|15:56] C:\Program Files\CCleaner

[09/11/2008|10:26] C:\Program Files\Common Files

[05/01/2010|22:28] C:\Program Files\ESET

[26/10/2008|09:39] C:\Program Files\Google

[09/07/2008|20:40] C:\Program Files\iCam

[11/09/2009|00:49] C:\Program Files\iG

[26/12/2008|12:21] C:\Program Files\InstallShield Installation Information

[14/12/2009|09:47] C:\Program Files\Internet Explorer

[08/03/2009|14:17] C:\Program Files\Java

[05/01/2010|14:12] C:\Program Files\Malwarebytes' Anti-Malware

[25/04/2009|16:04] C:\Program Files\Marcos Velasco Security

[09/11/2008|09:57] C:\Program Files\Messenger Plus! Live

[02/11/2006|10:33] C:\Program Files\Microsoft Games

[09/07/2008|21:38] C:\Program Files\Microsoft Office

[02/11/2006|10:41] C:\Program Files\Movie Maker

[02/11/2006|10:33] C:\Program Files\MSBuild

[02/11/2006|10:33] C:\Program Files\MSN

[11/05/2008|17:41] C:\Program Files\QuickTime

[02/11/2006|10:33] C:\Program Files\Reference Assemblies

[05/01/2010|22:25] C:\Program Files\Spyware Terminator

[09/11/2008|10:37] C:\Program Files\Sun

[04/04/2008|17:34] C:\Program Files\Synaptics

[02/11/2006|11:02] C:\Program Files\Uninstall Information

[17/06/2008|11:30] C:\Program Files\Windows Calendar

[17/06/2008|11:29] C:\Program Files\Windows Defender

[26/06/2008|16:35] C:\Program Files\Windows Live

[14/12/2009|09:47] C:\Program Files\Windows Mail

[29/10/2009|09:21] C:\Program Files\Windows Media Player

[04/04/2008|17:46] C:\Program Files\Windows NT

[02/11/2006|10:41] C:\Program Files\Windows Photo Gallery

[17/06/2008|11:29] C:\Program Files\Windows Sidebar

[25/04/2009|15:56] C:\Program Files\Yahoo!

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[04/04/2008|17:42] C:\Program Files\Common Files\Adobe

[26/12/2008|12:22] C:\Program Files\Common Files\ArcSoft

[25/10/2008|10:16] C:\Program Files\Common Files\InstallShield

[09/11/2008|10:26] C:\Program Files\Common Files\Java

[05/01/2010|15:52] C:\Program Files\Common Files\microsoft shared

[02/11/2006|09:18] C:\Program Files\Common Files\Services

[04/04/2008|17:46] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[09/07/2008|20:37] C:\Program Files\Common Files\snp325

[02/11/2006|09:18] C:\Program Files\Common Files\SpeechEngines

[25/10/2008|10:22] C:\Program Files\Common Files\SWF Studio

[17/06/2008|11:30] C:\Program Files\Common Files\System

[26/06/2008|16:06] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 45 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-07 20:54:19

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:26][D:4]-> C:\Users\jucelino\AppData\Local\Temp

[F:48][D:1]-> C:\Users\jucelino\AppData\Roaming\MICROS~1\Windows\Cookies

[F:29][D:4]-> C:\Users\jucelino\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:5][D:3]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2010|21:57 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 07/01/2010|20:50 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - 07/01/2010|20:55 - Option : [2]

 

--------------------\\ Verificação completa em 20:55:11

[ UAC => 1 ]

[Power Max 54]

:) Outros problemas foram removidos pelo Lop S&D.

 

:seta: Você fez este procedimento abaixo? Caso não tenha feito, faça por gentileza:

 

Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

 

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

 

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

__________________________________

 

:seta: Poste também um novo log do Hijackthis e nos diga como está seu PC depois destes procedimentos.

 

Ficamos na espera.

[Sabrina Alves 0]

Boa noite!

 

Então, havia feito o procedimento do desinstalador sim, mas fiz novamente.

 

Segue log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:55, on 08/01/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\explorer.exe

C:\Users\jucelino\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O13 - Gopher Prefix:

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.atrativa.com.br/games/applets/popcap/zuma/popcaploader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

 

O PC melhorou bastante!! Ainda está um pouco lento, mas sem comparação do que era antes!

 

Obrigada!

[Power Max 54]

:) O seu log está limpo.

________________________________

 

O PC melhorou bastante!! Ainda está um pouco lento, mas sem comparação do que era antes!

:seta: Há dois antispywares iniciando junto com o Windows (que são o Windows Defender e o Spyware Terminator) seria importante deixar só um deles com a proteção em tempo real (residente) ativada para deixar o PC mais rápido.

 

Este outro programa abaixo está iniciando junto com o Windows e para deixar o PC mais rápido pode também desativar a iniciação automática dele:

 

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Para escolher os programas que iniciam junto com o Windows é só seguir as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

______________________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

'>http://freedownloads2000.blogspot.com/2008/10/mv-regclean-55.html"]MV RegClean

 

'>http://freedownloads2000.blogspot.com/2008/10/mv-antispy-40.html"]MV AntiSpy

 

'>http://superdownloads.uol.com.br/download/182/auslogics-disk-defrag/"]Auslogics Disk Defrag

 

'>http://freedownloads2000.blogspot.com/2008/10/spywareblaster-41.html"]SpywareBlaster

____________________________________

 

:seta: Seu Internet Explorer está desatualizado. Baixe e instale o '>http://freedownloads2000.blogspot.com/2008/10/internet-explorer-70573013-final-em.html"]Internet Explorer 8.

___________________________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isto siga as dicas do site abaixo:

 

'>http://pt.kioskea.net/faq/sujet-1798-desativar-reativar-a-restauracao-do-sistema-no-vista"]Desativar / reativar a restauração do sistema no Vista

___________________________________

 

:joia: Foi um prazer ajudar, conte sempre conosco!

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.