[Resolvido!] Verificação de Log

[marianaborges 0]

Oi, gostaria de pedir a ajuda de vocês, poderiam analisar esse Log por favor?!

Obrigada desde já, Mariana

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:36:25, on 19.02.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\javawsa.exe

C:\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wbsecsvc.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Usuário\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.g1.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [searchSettings] C:\Arquivos de programas\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [javawsa.exe] C:\WINDOWS\javawsa.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [NitroPC] "C:\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232812442942

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

 

--

End of file - 7414 bytes

[Erickz 0]

Você n uso o Whook pra wyd tbm n eh? tenho quase certeza q você uso ele,olha essa linha ae O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k eh o mesmo q eu to aki no pc e eu usei Whook ^^ olha o meu topico =/

[wings 22]

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[marianaborges 0]

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1705

Windows 5.1.2600 Service Pack 2

 

20.02.2010 16:06:40

mbam-log-2010-02-20 (16-06-40).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 98436

Tempo decorrido: 1 hour(s), 6 minute(s), 9 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[wings 22]

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Desative o Spyware Doctor

Clique com o botão direito do mouse no ícone do Spyware Doctor ao lado do relógio do computador ->

Clique na opção Sair;

Na próxima janela clique em OK e aguarde a desativação da proteção do anti-spyware.

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[marianaborges 0]

ComboFix 10-02-20.02 - Usuário 20.02.2010 17:37:15.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.623.309 [GMT -3:00]

Executando de: c:\documents and settings\Usuário\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Search Settings

c:\arquivos de programas\Search Settings\kb127\SearchSettings.dll

c:\arquivos de programas\Search Settings\kb127\SearchSettingsRes409.dll

c:\arquivos de programas\Search Settings\SearchSettings.exe

c:\windows\gendel32.exe

c:\windows\system32\_id.dat

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))

.

 

2010-02-20 01:00 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-20 01:00 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-20 01:00 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-20 01:00 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-20 01:00 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-20 01:00 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-20 01:00 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-20 01:00 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-20 01:00 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-20 01:00 . 2010-02-20 01:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-02-20 01:00 . 2010-02-20 01:00 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-02-12 22:02 . 2010-02-13 22:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-02-12 21:48 . 2010-02-12 21:55 -------- dc-h--w- c:\windows\ie8

2010-02-01 00:23 . 2010-02-01 00:23 -------- d-----w- c:\arquivos de programas\TweetDeck

2010-02-01 00:20 . 2010-02-01 00:19 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-01 00:20 . 2010-02-01 00:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-01-28 17:18 . 2010-01-28 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-28 17:17 . 2010-01-28 17:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-20 20:44 . 2004-08-04 03:45 577536 ----a-w- c:\windows\system32\user32.dll

2010-02-20 20:27 . 2009-01-29 19:35 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-02-18 15:48 . 2009-01-29 19:34 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-02-06 01:08 . 2009-06-17 21:15 -------- d-----w- c:\arquivos de programas\Opera

2010-01-20 00:04 . 2008-11-22 11:45 -------- d-----w- c:\arquivos de programas\Google

2009-12-13 00:26 . 2009-12-31 19:10 231936 ----a-w- c:\windows\javawsa.exe

.

Infected c:\windows\system32\user32.dll hex repaired

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NitroPC"="c:\nitropc\NitroPC.exe" [2009-07-11 3477504]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsTranslator"="c:\arquiv~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe" [2003-06-26 407040]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-15 198160]

"javawsa.exe"="c:\windows\javawsa.exe" [2009-12-13 231936]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe [2009-1-6 671744]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 21:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 17:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-21 12:10 136600 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-10-15 16:32 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2008-07-09 21:33 36352 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsTranslator]

2003-06-26 19:20 407040 ------w- c:\arquiv~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [21.11.2008 08:39 30894]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.05.2009 14:45 130936]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.02.2010 22:00 162512]

R1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\drivers\wbsecdrv.sys [06.01.2009 15:40 17952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.02.2010 22:00 19024]

R2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [06.01.2009 15:40 274432]

R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [21.11.2008 08:25 221824]

S3 129a0b86-7e2e-42f8-b990-8d87912b54f1;129a0b86-7e2e-42f8-b990-8d87912b54f1;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]

S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\drivers\gnct511.sys [02.11.2009 19:43 229376]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29.01.2009 16:34 348752]

S3 W35UND;W89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [06.01.2009 15:40 111232]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - MBAMSwissArmy

*Deregistered* - mchInjDrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-20 c:\windows\Tasks\User_Feed_Synchronization-{4FDE24A5-41BB-4C09-8173-6551769054EA}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.g1.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\arquivos de programas\Search Settings\kb127\SearchSettings.dll

BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\arquivos de programas\Search Settings\kb127\SearchSettings.dll

HKLM-Run-SearchSettings - c:\arquivos de programas\Search Settings\SearchSettings.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-20 17:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-02-20 17:54:13

ComboFix-quarantined-files.txt 2010-02-20 20:54

 

Pré-execução: 21 pasta(s) 28.005.785.600 bytes disponíveis

Pós execução: 24 pasta(s) 28.020.838.400 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - E234B3361FE6500717DD2717034C62BF

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\javawsa.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"javawsa.exe"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

[marianaborges 0]

ComboFix 10-02-20.02 - Usuário 20.02.2010 18:34:02.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.623.137 [GMT -3:00]

Executando de: c:\documents and settings\Usuário\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Usuário\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\javawsa.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\javawsa.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))

.

 

2010-02-20 01:00 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-20 01:00 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-20 01:00 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-20 01:00 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-20 01:00 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-20 01:00 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-20 01:00 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-20 01:00 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-20 01:00 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-20 01:00 . 2010-02-20 01:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-02-20 01:00 . 2010-02-20 01:00 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-02-12 22:02 . 2010-02-13 22:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-02-12 21:48 . 2010-02-12 21:55 -------- dc-h--w- c:\windows\ie8

2010-02-01 00:23 . 2010-02-01 00:23 -------- d-----w- c:\arquivos de programas\TweetDeck

2010-02-01 00:20 . 2010-02-01 00:19 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-01 00:20 . 2010-02-01 00:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-01-28 17:18 . 2010-01-28 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-28 17:17 . 2010-01-28 17:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-20 20:44 . 2004-08-04 03:45 577536 ------w- c:\windows\system32\user32.dll

2010-02-20 20:27 . 2009-01-29 19:35 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-02-18 15:48 . 2009-01-29 19:34 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-02-06 01:08 . 2009-06-17 21:15 -------- d-----w- c:\arquivos de programas\Opera

2010-01-20 00:04 . 2008-11-22 11:45 -------- d-----w- c:\arquivos de programas\Google

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NitroPC"="c:\nitropc\NitroPC.exe" [2009-07-11 3477504]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsTranslator"="c:\arquiv~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe" [2003-06-26 407040]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-15 198160]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe [2009-1-6 671744]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 21:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 17:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-21 12:10 136600 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-10-15 16:32 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2008-07-09 21:33 36352 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsTranslator]

2003-06-26 19:20 407040 ------w- c:\arquiv~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [21.11.2008 08:39 30894]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.05.2009 14:45 130936]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.02.2010 22:00 162512]

R1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\drivers\wbsecdrv.sys [06.01.2009 15:40 17952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.02.2010 22:00 19024]

R2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [06.01.2009 15:40 274432]

R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [21.11.2008 08:25 221824]

S3 129a0b86-7e2e-42f8-b990-8d87912b54f1;129a0b86-7e2e-42f8-b990-8d87912b54f1;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]

S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\drivers\gnct511.sys [02.11.2009 19:43 229376]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29.01.2009 16:34 348752]

S3 W35UND;W89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [06.01.2009 15:40 111232]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - MBAMSwissArmy

*Deregistered* - mchInjDrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-20 c:\windows\Tasks\User_Feed_Synchronization-{4FDE24A5-41BB-4C09-8173-6551769054EA}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.g1.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-20 18:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-02-20 18:47:22

ComboFix-quarantined-files.txt 2010-02-20 21:47

ComboFix2.txt 2010-02-20 20:54

 

Pré-execução: 23 pasta(s) 28.011.819.008 bytes disponíveis

Pós execução: 24 pasta(s) 28.049.833.984 bytes disponíveis

 

- - End Of File - - 1939891153BBD57C087AD46C1B0FDC9B

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:48:04, on 20.02.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wbsecsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Usuário\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.g1.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [NitroPC] "C:\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232812442942

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

 

--

End of file - 6116 bytes

[wings 22]

OK...log limpo

 

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

 

Um abraço.

[marianaborges 0]

Que bom, muito obrigada pela atenção e pela ajuda!

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.