[Resolvido!] maquina reiniciando com anti virus

[Ragde 0]

Bom eu ja tinha um antivirus porem formateiu e fikei sem nenhum

agora toda vez que tendo instalar(avast) minha maquina reinicia

sozinha e tem um jogo que eu usava que nao abre mais mesmo eu

excluindo e instalando de novo..Aguardo resposta!

[Edvan 30]

Olá Ragde seja bem vindo ao Fórum Imasters :joia:

 

Tem tudo para ser Virus Mesmo :!: ..

 

faça o seguinte:

 

Poste um log do HijackThis nesse seu tópico.

Aqui ensina como criar o log:

LINK:

http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/

 

Depois que criar o log você posta o mesmo aqui.

[Ragde 0]

Nao sei se ta certo pois nunka mexi com issu

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:35:24, on 29/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\edgar\CONFIG~1\Temp\winjpvqvs.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 5236 bytes

[Power Max 54]

:) Olá Radge!

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Ragde 0]

Bom amigo é o seguinte..

Quanso vou em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

o combo procura os arquivos enfectados depois ndisso ele

entra em mode de renicializaçao(reinicia o pc) mais só

que ele nunka desliga ou reinicia fika muito tempo me

dizendo incerrando e nao incerra.Dai eu reseto minha maquina

e depois me da um relatorio que é esse...

 

ComboFix 10-01-28.05 - edgar 29/01/2010 14:24:21.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.319 [GMT -2:00]

Executando de: c:\documents and settings\edgar\desktop\Combofix.exe

Comandos utilizados :: /killall

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))

.

 

2010-01-29 14:18 . 2010-01-29 14:35 -------- dc----w- C:\hijackthis

2010-01-29 01:01 . 2010-01-21 19:18 52224 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-01-29 01:01 . 2010-01-21 19:18 101376 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-01-26 15:51 . 2010-01-26 15:51 -------- dc----w- c:\arquivos de programas\ltmoh

2010-01-26 15:46 . 2001-08-14 12:24 90112 -c--a-r- c:\windows\system32\hpsjvset.dll

2010-01-26 15:46 . 2001-08-03 10:23 40960 -c--a-r- c:\windows\system32\hpgmausd.dll

2010-01-26 15:46 . 2001-08-03 10:21 438272 -c--a-r- c:\windows\system32\hpgmatk.dll

2010-01-26 15:46 . 2000-10-09 17:57 102400 -c--a-r- c:\windows\system32\hpgmastr.dll

2010-01-26 15:46 . 2004-08-04 00:58 15104 -c--a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-26 15:46 . 2004-08-04 00:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-01-24 22:47 . 2010-01-24 22:47 -------- dc----w- c:\documents and settings\oscar\Dados de aplicativos\Uniblue

2010-01-24 22:47 . 2010-01-24 22:47 -------- dc----w- c:\arquivos de programas\Uniblue

2010-01-24 13:57 . 2005-05-02 04:10 68096 -c----w- c:\windows\system32\agrsmdel.exe

2010-01-24 13:57 . 2005-05-02 04:10 68096 -c--a-r- c:\windows\agrsmdel.exe

2010-01-24 13:57 . 2005-06-30 05:16 1094848 -c--a-r- c:\windows\system32\drivers\AGRSM.sys

2010-01-24 13:57 . 2005-06-30 05:16 88203 -c----w- c:\windows\AGRSMMSG.exe

2010-01-24 13:57 . 2010-01-24 13:57 -------- dc----w- c:\windows\Options

2010-01-23 19:38 . 2010-01-27 12:34 -------- dc----w- c:\arquivos de programas\JPEG PC Camera

2010-01-23 19:28 . 2010-01-23 19:52 192512 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\NewShortcut2_A3067925A766429191B209645103A21B.exe

2010-01-23 19:28 . 2010-01-23 19:52 192512 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\NewShortcut1_A3067925A766429191B209645103A21B.exe

2010-01-23 19:28 . 2010-01-23 19:52 10134 -c--a-r- c:\documents and settings\oscar\Dados de aplicativos\Microsoft\Installer\{A3067925-A766-4291-91B2-09645103A21B}\ARPPRODUCTICON.exe

2010-01-23 19:28 . 2010-01-23 20:23 -------- dc----w- c:\arquivos de programas\JPEG Camera

2010-01-23 18:03 . 2010-01-24 22:43 -------- dc----w- c:\documents and settings\oscar\Tracing

2010-01-23 15:58 . 2010-01-12 17:26 52224 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-01-23 15:58 . 2010-01-12 17:26 101376 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-01-22 23:28 . 2010-01-22 23:28 -------- dc----w- c:\arquivos de programas\LigasOnline

2010-01-22 16:05 . 2010-01-22 16:15 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\GetRightToGo

2010-01-22 14:49 . 2010-01-22 21:29 -------- dc----w- c:\arquivos de programas\Windows Live Safety Center

2010-01-22 00:29 . 2010-01-12 17:26 52224 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-01-22 00:29 . 2010-01-12 17:26 101376 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-01-22 00:16 . 2010-01-23 21:10 -------- dc----w- C:\oscar

2010-01-22 00:11 . 2010-01-22 00:11 152576 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-22 00:04 . 2010-01-22 00:10 79488 -c--a-w- c:\documents and settings\oscar\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-21 13:39 . 2010-01-21 13:39 -------- dc----w- c:\arquivos de programas\PluginLetras

2010-01-19 00:48 . 2004-08-04 03:45 221184 -c--a-w- c:\windows\system32\wmpns.dll

2010-01-19 00:45 . 2010-01-19 00:45 -------- dc----w- c:\windows\ServicePackFiles

2010-01-18 23:07 . 2010-01-19 17:52 -------- dc----w- c:\windows\system32\CatRoot_bak

2010-01-18 22:13 . 2009-08-04 17:05 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-01-18 22:13 . 2009-08-04 17:05 2184576 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-01-18 21:25 . 2008-06-14 17:59 272384 -c--a-w- c:\windows\system32\dllcache\bthport.sys

2010-01-18 21:25 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\drivers\bthport.sys

2010-01-18 18:59 . 2010-01-22 21:17 -------- dc-h--w- c:\windows\$hf_mig$

2010-01-18 14:45 . 2010-01-21 21:50 79488 -c--a-w- c:\documents and settings\ramom\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-18 14:18 . 2010-01-21 12:23 79488 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-18 01:55 . 2010-01-27 20:41 -------- dc----w- c:\arquivos de programas\CyberScript32

2010-01-18 01:28 . 2010-01-18 01:28 -------- dc----w- c:\windows\Sun

2010-01-18 01:12 . 2010-01-18 01:12 410984 -c--a-w- c:\windows\system32\deploytk.dll

2010-01-18 01:12 . 2010-01-22 00:11 -------- dc----w- c:\arquivos de programas\Java

2010-01-18 01:11 . 2010-01-18 01:11 152576 -c--a-w- c:\documents and settings\edgar\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2010-01-18 00:51 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-01-18 00:51 . 2009-08-06 21:23 215920 -c--a-w- c:\windows\system32\muweb.dll

2010-01-18 00:02 . 2010-01-29 16:37 -------- dc----w- c:\documents and settings\edgar\Tracing

2010-01-17 22:35 . 2006-11-29 15:06 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll

2010-01-17 22:35 . 2010-01-17 22:35 -------- dc----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-01-17 21:57 . 2010-01-27 17:27 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\Lightcomm

2010-01-17 16:10 . 2010-01-17 17:52 -------- dc----w- c:\arquivos de programas\PhotoScape

2010-01-17 14:16 . 2004-08-04 01:07 6400 -c--a-w- c:\windows\system32\drivers\splitter.sys

2010-01-17 14:14 . 2010-01-17 14:14 -------- dc----w- c:\windows\ASUSInstAll

2010-01-17 14:14 . 2004-08-12 10:56 5810 -c--a-r- c:\windows\system32\drivers\ASACPI.sys

2010-01-17 14:14 . 2004-04-26 15:26 5824 -c--a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

2010-01-17 12:24 . 2004-08-04 03:45 25600 -c--a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\arquivos de programas\Windows Media Connect 2

2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- C:\afdb6dc0ee6a3cbd27b6524eb0f1320d

2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\windows\system32\drivers\UMDF

2010-01-17 12:22 . 2010-01-17 12:22 -------- dc----w- c:\windows\system32\LogFiles

2010-01-17 12:21 . 2008-07-09 07:34 26488 -c--a-w- c:\windows\system32\spupdsvc.exe

2010-01-17 11:56 . 2010-01-17 11:56 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\CyberLink

2010-01-17 11:56 . 2010-01-17 11:56 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2010-01-17 04:59 . 2010-01-18 22:20 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-17 04:59 . 2010-01-23 17:59 -------- dc----w- c:\arquivos de programas\Messenger_Plus_Live

2010-01-17 04:59 . 2010-01-17 04:59 -------- dc----w- c:\arquivos de programas\Conduit

2010-01-17 04:59 . 2010-01-23 15:58 -------- dc----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-17 04:50 . 2010-01-28 23:16 -------- dc----w- c:\documents and settings\ramom\Tracing

2010-01-17 04:49 . 2010-01-17 04:49 -------- dc----w- c:\arquivos de programas\Microsoft Sync Framework

2010-01-17 04:48 . 2010-01-17 04:48 -------- dc----w- c:\arquivos de programas\Microsoft

2010-01-17 04:48 . 2010-01-17 04:48 -------- dc----w- c:\arquivos de programas\Windows Live SkyDrive

2010-01-17 04:48 . 2010-01-17 22:35 -------- dc----w- c:\arquivos de programas\Windows Live

2010-01-17 03:48 . 2010-01-17 03:48 -------- dc----w- C:\Program Files

2010-01-17 03:46 . 2010-01-17 03:46 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-01-17 03:43 . 2004-08-04 01:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-01-17 03:13 . 2010-01-17 03:13 -------- dcs---w- c:\documents and settings\ramom\UserData

2010-01-17 02:39 . 2010-01-17 02:48 -------- dc----w- C:\Temp

2010-01-17 02:16 . 2010-01-29 16:37 -------- dc----w- c:\arquivos de programas\lg_fwupdate

2010-01-17 02:16 . 2010-01-17 02:42 16384 -c--a-w- c:\windows\system32\lgfwunis.exe

2010-01-17 02:16 . 1998-07-22 02:00 102912 -c--a-w- c:\windows\system32\Vb6stkit.dll

2010-01-17 02:16 . 1998-07-22 02:00 102160 -c--a-w- c:\windows\system32\VB6KO.DLL

2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\windows\Profiles

2010-01-17 02:14 . 2010-01-19 21:30 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\windows\system32\Adobe

2010-01-17 02:14 . 2010-01-17 02:14 -------- dc----w- c:\documents and settings\edgar\Dados de aplicativos\InterTrust

2010-01-17 02:14 . 1998-10-29 17:45 306688 -c--a-w- c:\windows\IsUninst.exe

2010-01-17 02:13 . 2004-07-09 10:43 364544 -c----w- c:\windows\system32\TwnLib4.dll

2010-01-17 02:12 . 2010-01-17 02:12 -------- dc----w- c:\windows\InCD

2010-01-17 02:11 . 2010-01-17 02:11 -------- dc----w- c:\arquivos de programas\CyberLink

2010-01-17 02:11 . 2010-01-17 02:11 -------- dc----w- C:\MyWorks

2010-01-17 02:11 . 2010-01-17 14:17 -------- dc-h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-17 02:11 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\CyberLink DVD Solution

2010-01-17 02:11 . 2004-10-01 17:00 118784 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

2010-01-17 02:10 . 2010-01-17 14:15 -------- dc----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-16 22:27 . 2010-01-16 22:27 0 -c--a-w- c:\windows\nsreg.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-27 17:30 . 2010-01-16 20:47 -------- dc----w- c:\arquivos de programas\Oi Velox

2010-01-27 12:36 . 2010-01-17 02:57 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\Lightcomm

2010-01-24 22:50 . 2010-01-16 20:53 -------- dc----w- c:\documents and settings\oscar\Dados de aplicativos\Lightcomm

2010-01-24 13:57 . 2001-10-28 18:07 48628 ----a-w- c:\windows\system32\perfc016.dat

2010-01-24 13:57 . 2001-10-28 18:07 344380 ----a-w- c:\windows\system32\perfh016.dat

2010-01-22 22:34 . 2010-01-16 21:21 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-01-17 14:17 . 2010-01-17 14:17 -------- dc----w- c:\arquivos de programas\Analog Devices

2010-01-17 02:13 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\Ahead

2010-01-17 02:13 . 2010-01-17 02:12 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-01-16 21:22 . 2010-01-16 21:22 -------- dc----w- c:\arquivos de programas\microsoft frontpage

2010-01-16 21:21 . 2010-01-16 21:21 -------- dc----w- c:\arquivos de programas\Serviços on-line

2010-01-16 21:20 . 2010-01-16 21:20 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-01-16 21:18 . 2010-01-16 21:18 21844 -c--a-w- c:\windows\system32\emptyregdb.dat

2009-12-22 05:41 . 2004-08-04 03:45 664064 -c----w- c:\windows\system32\wininet.dll

2009-12-22 05:41 . 2004-08-04 03:45 81920 -c--a-w- c:\windows\system32\ieencode.dll

2009-11-21 16:42 . 2004-08-04 03:45 470528 ----a-w- c:\windows\AppPatch\aclayers.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2009-12-31 13:53 2349080 -c--a-w- c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\arquivos de programas\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3961664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 106496]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2006-03-14 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2010-01-17 634880]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 135680]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 999424]

"LtMoh"="c:\arquivos de programas\ltmoh\Ltmoh.exe" [2005-05-18 258048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\PhotoScape\\PhotoScape.exe"=

"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmdbexport.exe"=

"c:\\WINDOWS\\system32\\HDAShCut.exe"=

"c:\\Arquivos de programas\\lg_fwupdate\\getodd.exe"=

"c:\\Arquivos de programas\\lg_fwupdate\\GetODDModel.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=

"c:\\Arquivos de programas\\lg_fwupdate\\getadmin.exe"=

"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=

"c:\\Arquivos de programas\\Analog Devices\\Core\\smax4pnp.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jucheck.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\Arquivos de programas\\lg_fwupdate\\fwupdate.exe"=

"c:\\oscar\\wlsetup-custom.exe"=

"c:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"=

"c:\\Arquivos de programas\\Windows Live\\Contacts\\wlcomm.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\1.2.183.13\\GoogleCrashHandler.exe"=

"c:\\Arquivos de programas\\lg_fwupdate\\Buyer.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\Arquivos de programas\\ltmoh\\Ltmoh.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\Smax4.exe"=

 

R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\plrqj.sys --> c:\windows\system32\drivers\plrqj.sys [?]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - ASC3360PR

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

TCP: {229BCC09-E9B9-4C62-A762-04A24156DA2A} = 200.165.132.148 200.165.132.155

FF - ProfilePath - c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13

FF - component: c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-29 14:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3836)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-29 14:40:02 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-29 16:40

ComboFix2.txt 2010-01-29 16:21

 

Pré-execução: 10 pasta(s) 66.561.691.648 bytes disponíveis

Pós execução: 11 pasta(s) 66.461.241.344 bytes disponíveis

 

- - End Of File - - 7C75B49D58A67BA7095E7EC973D3B971

O que devo fazer sendo que nao consigo achar tais comandos citado na explicaçao acima..

fikarei no guardado..

abraço!!!

Ps: se precisar de um explicaçao mais detalhada me informe!

[Power Max 54]

:seta: Poste também um novo log do Hijackthis para analisarmos.

[Ragde 0]

Aqui estas..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:56, on 29/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 5272 bytes

abraço..

[Power Max 54]

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[Ragde 0]

Como pedido segue os seguintes logs!

1°Log-Malwarebytes

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3658

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

 

29/1/2010 19:45:19

mbam-log-2010-01-29 (19-45-18).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 156419

Tempo decorrido: 1 hour(s), 17 minute(s), 42 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 38

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\edgar\Configurações locais\temp\kwebw.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP10\A0001614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP10\A0001615.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001820.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001826.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0001907.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP12\A0002174.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002300.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002301.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0002464.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0003297.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0003298.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0004300.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP13\A0004301.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004507.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004664.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP14\A0004665.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP16\A0005370.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP16\A0005371.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005520.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005521.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005692.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005693.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005793.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005796.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0005797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006000.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006038.exe (Worm.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP18\A0006040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP33\A0020555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0022625.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0022654.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0023490.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0023517.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0024543.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP34\A0024570.com (Trojan.Agent) -> Quarantined and deleted successfully.

 

2°log-Norman Malware Cleaner

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/01/29 11:48:23

 

Norman Scanner Engine Version: 6.04.03

Nvcbin.def Version: 6.04.00, Date: 2010/01/29 11:48:23, Variants: 4854236

 

Scan started: 30/01/2010 01:17:43

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: CASA-77512E3B81\edgar

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

 

 

Scanning running processes and process memory...

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\ltmoh\Ltmoh.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Documents and Settings\edgar\Configurações locais\temp\winqabp.exe (Infected with W32/Horst.gen33)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\edgar\CONFIG~1\Temp\winqabp.exe = "C:\DOCUME~1\edgar\CONFIG~1\Temp\winqabp.exe:*:Enabled:ipsec"

Deleted file

 

C:\Documents and Settings\edgar\Configurações locais\temp\wingirpa.exe (Infected with Spambot.EZ)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\edgar\CONFIG~1\Temp\wingirpa.exe = "C:\DOCUME~1\edgar\CONFIG~1\Temp\wingirpa.exe:*:Enabled:ipsec"

Deleted file

 

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Infected with W32/Sality.AN)

Failed to repair file

 

Number of processes/threads found: 3097

Number of processes/threads scanned: 3097

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 2

Total scanning time: 1m 56s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\CoverDesigner\CoverDes.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\InCD\InCDL.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\nero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\NeroCmd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\Uninstall\UNNero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\BackItUp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBR.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero SoundTrax\SoundTrax.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\CDSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\DMAManager.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\DriveSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\DXEnum.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\WaveEdit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\WMPBurn\WMPBurn.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\Analog Devices\SoundMAX\AEEnable.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Analog Devices\SoundMAX\DevSetup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4Wiz.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Analog Devices\SoundMAX\SMHelp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\specialoffer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\CLDMA.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\cltest.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\dvdrgn.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\OLRSubmission\OLRSubmission.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\CLDMA.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\OLRSubmission\OLRStateCheck.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\OLRSubmission\OLRSubmission.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberLink DVD Solution\PowerProducer\Producer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberScript32\CyberScript.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll (Infected with W32/Suspicious_Gen2.IYCS)

Deleted file

 

C:\Arquivos de programas\CyberScript32\sistema\gif2bmp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javacpl.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaw.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaws.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jbroker.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jp2launcher.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jqsnotify.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jureg.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\keytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\kinit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\klist.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\ktab.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\orbd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\pack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\policytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmid.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmiregistry.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\servertool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\ssvagent.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\tnameserv.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\unpack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\Buyer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\fwautoup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\fwcsetup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\fwinfo.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\fwname.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\lg_fwupdate\getadmin.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\getodd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\lg_fwupdate\lgafs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\LigasOnline\Truco\Truco LigasOnline.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\ltmoh\ltmoh.exe (Infected with W32/Sality.AN)

Failed to repair file

 

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Infected with W32/Sality.AN)

3°log-HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:27:41, on 30/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\edgar\Meus documentos\Diguinho\goold.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 5297 bytes

Lembrando que mesmu com issu nao consigo acessar meu jogo e quando abro ele

nao consigo fechalo ao nao ser no gerenciador de tarefas.

E tambem nao consigo instalar o antivirus AVAST o pc apresenta os memos

sintomas.Aguardo resposta.

Abraço!

[Ragde 0]

Nao querendo apressar ninguem mais passei os logs

e nao obitive resposta será que nao soube colocar

os logs necessario?Se for ese o motivo espero que

me informe ok.

 

Abraços!

[Power Max 54]

Nao querendo apressar ninguem mais passei os logs

e nao obitive resposta será que nao soube colocar

os logs necessario?Se for ese o motivo espero que

me informe ok.

 

Abraços!

Olá amigo. Você postou o log ontem e o prazo de resposta dos analistas é de 5 dias, como você pode ver no tópico abaixo:

http://forum.imasters.com.br/index.php?/topic/176886-regra-n-03-tempo-de-espera-5-dias/

______________________________________

 

:seta: Seu sistema está com um file infector (que infecta os arquivos com extensão EXE, PIF e SCR do PC, como você pode ver '>http://www.pandasecurity.com/homeusers/security-info/203155/information/Sality.AN"]neste site). Para evitar que as infecções voltem, desative a restauração do sistema e mantenha ela desativada até que todos os problemas sejam resolvidos. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________________________

 

:seta: Depois disto siga as dicas deste tutorial:

 

Tutorial do Dr. Web CureIt

 

Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Ragde 0]

Só uma pergunta...

Sera que é necessario remover os seguintes

ant malwares:MalwareBytes,Norman Malware,ComboFix

e o Microsoft Securuty essentials para poder

usar esse DR.Web.Curelt?

Fikarei no guardado um abraço!

[Power Max 54]

Só uma pergunta...

Sera que é necessario remover os seguintes

ant malwares:MalwareBytes,Norman Malware,ComboFix

e o Microsoft Securuty essentials para poder

usar esse DR.Web.Curelt?

Fikarei no guardado um abraço!

Não precisa. Pode deixar todos estes programas que você tem aí e executar tranquilamente o Dr WebCureIt seguindo as dicas do tutorial que te passei e postar os logs pedidos.

[Ragde 0]

OLHA NAO SEI SE FIZ CERTO MAIS O LOG DO DR.WEB É ESSE..

CyberScript.exe;C:\Arquivos de programas\CyberScript32;Program.mIRC.617;Incurável.Movido.;

WmaInfo.dll;C:\Program Files\AMT;BackDoor.Click.679;Eliminado.;

FP_AX_CAB_INSTALLER.exe;C:\WINDOWS\Downloaded Program Files;Win32.Sector.5;Desinfectado.;

 

E do hijackthis é..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44:27, on 1/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'ramom')

O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [Google Update] "C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (User 'ramom')

O4 - HKUS\S-1-5-21-507921405-492894223-682003330-1005\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'ramom')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 6201 bytes

[Power Max 54]

:) Outros problemas foram removidos pelo Dr. Web CureIt.

________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Ragde 0]

Bom minha maquina ja foi mais rapida e alem do mais

eu vim aqui procurar uma juda pois como citei um

determinado jogo nao estava abrindo e depois de efetuar esses

teste o mesmu nao abre gostaria de saber o que pode ser o jogo

chama Truco ligasonline! depois disso já desintalei e exclui ele

depois tornei a baixar e passei o verificado Malwarebytes e nao

foi cosntatado nenhuma infecçao! passarei o log pra mais soluçoes!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:47, on 2/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijackthis\HiJackThis.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

 

--

End of file - 5625 bytes

 

E outro do removal.tool virus

Autoscan: completed 2 minutes ago (events: 10, objects: 139078, time: 01:12:40)

2/2/2010 10:30:51 Task started

2/2/2010 10:48:50 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322

2/2/2010 10:48:51 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed

2/2/2010 11:30:27 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322

2/2/2010 11:30:27 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed

2/2/2010 11:34:41 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322

2/2/2010 11:34:41 Untreated: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed

2/2/2010 11:40:54 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322

2/2/2010 11:43:32 Deleted: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe

2/2/2010 11:43:32 Task completed

Ficarei no guardado abraço!

[Power Max 54]

:) Outros problemas foram detectados pelo Kaspersky. Você removeu todos estes problemas encontrados por ele?

[Ragde 0]

se foi do jeito que falaste sim removi

segui tudo a regra!!!

[Ragde 0]

será que vai ser necessario formatalo

pois ele esta meui devagar ou pode ser pelos outros

programas!

[Power Max 54]

se foi do jeito que falaste sim removi

segui tudo a regra!!!

Disse isto porque no seu log está constando assim:

2/2/2010 11:34:41 Detected: Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322

2/2/2010 11:34:41 Untreated(que quer dizer Não tratado): Trojan.Win32.Zapchast.zh C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe/data0322 Postponed

 

A questão é a seguinte: sempre que o Kaspersky vai detectando os problemas ele te dá as opções disponíveis, sempre que for possível deve-se clicar em Desinfection (quando for possível), e quando não for possível a Desinfection (desinfecção), deve-se clicar na opção Delete.

 

Você fez este procedimento?

 

Mas de qualquer forma, as infecções que o Kaspersky detectou estão neste local destacado em vermelho:

 

C:\Documents and Settings\edgar\Meus documentos\Diguinho\CyberScript32.exe

 

Então basta você observar aí no seu PC se este item existe, e caso exista ainda, delete ele.

______________________________________

 

:seta: Configure também seu antivirus Microsoft Security Essentials seguindo estas dicas abaixo:

 

Tutorial do Microsoft Security Essentials (instalação e configuração)

 

Tutorial do Microsoft Security Essentials (como usá-lo corretamente)

 

Depois disto atualize seu antivirus (faça um update) e faça uma verificação completa com ele, e à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.

 

Depois disto poste um novo log do Hijackthis e nos diga como está seu PC depois disto e se algum virus foi removido (ou desinfectado) pelo Microsoft Security Essentials.

 

Ficamos no aguardo.