Felipe7l 0 Denunciar post Postado Fevereiro 28, 2010 Pc fico lento de uma hora pra outra.... ta ai o log... vlw! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:41:12, on 27/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Felipe de Souza\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9610 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Março 7, 2010 :) Olá Felipe! :seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) _____________________________ :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos. _____________________________ :seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe7l 0 Denunciar post Postado Março 9, 2010 Olá Antonio :D ta ai o log do malwarebytes, novo hijackthis e fiz um scan com o avira tb... pq continua um pouco lento mas melhorou na inicialização e finalização do windows... - Malwarebytes: Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 3037 Windows 5.1.2600 Service Pack 3 (Safe Mode) 8/3/2010 22:05:05 mbam-log-2010-03-08 (22-05-05).txt Tipo de Verificação: Completa (A:\|C:\|D:\|F:\|) Objetos verificados: 200964 Tempo decorrido: 46 minute(s), 51 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) - HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:57:57, on 9/3/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Felipe de Souza\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9123 bytes - Scan Avira: Avira AntiVir Personal Report file date: segunda-feira, 8 de março de 2010 21:29 Scanning for 1830646 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Save mode with network Username : Felipe de Souza Computer name : ACAS-6C15302737 Version information: BUILD.DAT : 9.0.0.419 21701 Bytes 22/1/2010 18:29:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 22:14:28 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 22:14:28 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 22:14:28 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 12:08:39 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 12:13:52 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 17:45:39 VBASE005.VDF : 7.10.4.204 2048 Bytes 5/3/2010 17:45:39 VBASE006.VDF : 7.10.4.205 2048 Bytes 5/3/2010 17:45:40 VBASE007.VDF : 7.10.4.206 2048 Bytes 5/3/2010 17:45:40 VBASE008.VDF : 7.10.4.207 2048 Bytes 5/3/2010 17:45:41 VBASE009.VDF : 7.10.4.208 2048 Bytes 5/3/2010 17:45:42 VBASE010.VDF : 7.10.4.209 2048 Bytes 5/3/2010 17:45:42 VBASE011.VDF : 7.10.4.210 2048 Bytes 5/3/2010 17:45:42 VBASE012.VDF : 7.10.4.211 2048 Bytes 5/3/2010 17:45:43 VBASE013.VDF : 7.10.4.242 153088 Bytes 8/3/2010 21:22:23 VBASE014.VDF : 7.10.4.243 2048 Bytes 8/3/2010 21:22:23 VBASE015.VDF : 7.10.4.244 2048 Bytes 8/3/2010 21:22:23 VBASE016.VDF : 7.10.4.245 2048 Bytes 8/3/2010 21:22:24 VBASE017.VDF : 7.10.4.246 2048 Bytes 8/3/2010 21:22:24 VBASE018.VDF : 7.10.4.247 2048 Bytes 8/3/2010 21:22:24 VBASE019.VDF : 7.10.4.248 2048 Bytes 8/3/2010 21:22:25 VBASE020.VDF : 7.10.4.249 2048 Bytes 8/3/2010 21:22:25 VBASE021.VDF : 7.10.4.250 2048 Bytes 8/3/2010 21:22:25 VBASE022.VDF : 7.10.4.251 2048 Bytes 8/3/2010 21:22:26 VBASE023.VDF : 7.10.4.252 2048 Bytes 8/3/2010 21:22:26 VBASE024.VDF : 7.10.4.253 2048 Bytes 8/3/2010 21:22:26 VBASE025.VDF : 7.10.4.254 2048 Bytes 8/3/2010 21:22:27 VBASE026.VDF : 7.10.4.255 2048 Bytes 8/3/2010 21:22:27 VBASE027.VDF : 7.10.5.0 2048 Bytes 8/3/2010 21:22:27 VBASE028.VDF : 7.10.5.1 2048 Bytes 8/3/2010 21:22:27 VBASE029.VDF : 7.10.5.2 2048 Bytes 8/3/2010 21:22:28 VBASE030.VDF : 7.10.5.3 2048 Bytes 8/3/2010 21:22:28 VBASE031.VDF : 7.10.5.5 16896 Bytes 8/3/2010 21:22:29 Engineversion : 8.2.1.180 AEVDF.DLL : 8.1.1.3 106868 Bytes 23/1/2010 12:04:38 AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 26/2/2010 16:53:58 AESCN.DLL : 8.1.5.0 127347 Bytes 26/2/2010 16:53:44 AESBX.DLL : 8.1.2.0 254323 Bytes 26/2/2010 16:54:04 AERDL.DLL : 8.1.4.2 479602 Bytes 16/2/2010 18:26:50 AEPACK.DLL : 8.2.1.0 426356 Bytes 3/3/2010 00:38:55 AEOFFICE.DLL : 8.1.0.39 196987 Bytes 19/2/2010 23:01:41 AEHEUR.DLL : 8.1.1.7 2326902 Bytes 19/2/2010 23:01:22 AEHELP.DLL : 8.1.10.1 237942 Bytes 26/2/2010 16:53:40 AEGEN.DLL : 8.1.2.0 373107 Bytes 26/2/2010 16:53:36 AEEMU.DLL : 8.1.1.0 393587 Bytes 13/11/2009 16:52:19 AECORE.DLL : 8.1.12.2 188790 Bytes 3/3/2010 00:38:42 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 14/11/2009 15:55:54 AVREP.DLL : 8.0.0.7 159784 Bytes 17/2/2010 18:27:14 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 18:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 18:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 19/11/2009 22:14:26 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: repair Secondary action....................: delete Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: segunda-feira, 8 de março de 2010 21:29 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '50' files ). Starting the file scan: Begin scan in 'C:\' <Disco Local> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP55\A0029753.exe [0] Archive type: ZIP SFX (self extracting) --> AutoPlay/Docs/Copie de server-clean.exe [DETECTION] Is the TR/Drop.VB.mwt.7 Trojan --> AutoPlay/Docs/server-clean.exe [DETECTION] Is the TR/Drop.VB.mwt.7 Trojan [NOTE] A backup was created as '4bc5a07d.qua' ( QUARANTINE ) [NOTE] The file was deleted! Begin scan in 'D:\' <DADOS> D:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. End of the scan: segunda-feira, 8 de março de 2010 22:38 Used time: 1:08:58 Hour(s) The scan has been done completely. 7644 Scanned directories 331772 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 1 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 331768 Files not concerned 4923 Archives were scanned 2 Warnings 3 Notes Vlw! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Março 9, 2010 continua um pouco lento :seta: Ainda há este programa desnecessário iniciando com o seu Windows, o que pode deixar seu PC meio lento: O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" Seria importante seguir as dicas daquele tutorial que te passei para desabilitar a inicialização automática desde programa. _____________________________ :seta: Siga também as dicas dos tutoriais abaixo: Tutorial do Norman Malware Cleaner Tutorial do antivírus BitDefender Online ___________________________ :seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe7l 0 Denunciar post Postado Março 10, 2010 Olá Antônio. Estou fazendo os precedimentos dos tutoriais... esqueci de comentar com você no ultimo topico q quando eu fui rodar o malware bytes em modo de segurança, o "Modo Seguro" não quiz entrar de maneira alguma... Somente no "Modo Seguro com Rede" que eu pude realizar o scan com o malwarebytes... Isso interfere em algo? Tem alguma coisa a ver? Estou tentando passar agora o Norman Malware Cleaner pelo modo de segurança com rede... [OFF] - Você recomenda o novo anti virus avast 5? Vlw! Felipe. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe7l 0 Denunciar post Postado Março 10, 2010 Opa. Com relação ao bit torrent... ele eh bem levinho, nao pesa ao iniciar... So deixo ele e o antivirus no pra inicializar... Ah eu ainda continuo sem modo de segurança.... (após tentar usar as ferramentas do link'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]link agora nen o modo de segurança com rede quer iniciar... agradeço desde ja.... está logo abaixo os logs pedidos... Log Bit defender: [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 10:03:2010 Time = 12:26:26 Scan Path = A:\;C:\;D:\;F:\; [Engines Info] Virus Definitions = 5431681 Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Jan 06 2010)" Scan plugins = 17 Archive plugins = 44 Unpack plugins = 8 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 3690 Files = 164365 Archives = 1967 Packed files = 10802 Identified viruses = 0 Infected files = 0 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 0 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 9 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000000 = "No problems found." Log HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56:25, on 10/3/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Felipe de Souza\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9312 bytes Log Norman: (em modo normal) Norman Malware Cleaner Version 1.6.2 Copyright © 1990 - 2009, Norman ASA. Built 2010/03/10 03:51:37 Norman Scanner Engine Version: 6.04.08 Nvcbin.def Version: 6.04.00, Date: 2010/03/10 03:51:37, Variants: 5475839 Scan started: 10/03/2010 15:43:56 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Logged on user: ACAS-6C15302737\Felipe de Souza Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> "" Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoChangeStartMenu = 0x00000000 Scanning bootsectors... Number of sectors found: 0 Number of sectors scanned: 0 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s Scanning running processes and process memory... Number of processes/threads found: 3361 Number of processes/threads scanned: 3361 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 1m 46s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Arquivos de programas\adobe\Adobe Photoshop CS3\Photoshop.dll (Infected with W32/Smalltroj.VTTM) Deleted file C:\Arquivos de programas\adobe\Adobe Photoshop CS3\PSArt.dll (Infected with W32/Suspicious_Gen.DXVF) Deleted file C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A)) C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb) C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\xfonts.7z/fonts/Type1/.fonts-config-timestamp (Error whilst scanning file: I/O Error (0x00000057)) C:\Arquivos de programas\Valve\hl.exe (Infected with W32/Suspicious_Gen2.PWGE) Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Valve\hl.exe = "C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher" Removed registry value: HKLM\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Valve\hl.exe = "C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher" Deleted file C:\ComboFix\rehide.reg (Infected with REG/Small.A) Deleted file C:\Documents and Settings\Felipe de Souza\Desktop\Torrents\LST.06x061.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\Felipe de Souza\Desktop\Torrents\PNTHR.2009.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035161.dll (Infected with W32/Smalltroj.VTTM) Deleted file C:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035162.dll (Infected with W32/Suspicious_Gen.DXVF) Deleted file C:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035163.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file C:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035164.reg (Infected with REG/Small.A) Deleted file C:\WINDOWS\Installer\MSI1B.tmp (Error whilst scanning file: I/O Error (0x00000026)) C:\WINDOWS\Installer\MSI1C.tmp (Error whilst scanning file: I/O Error (0x00000026)) C:\WINDOWS\Installer\MSI1D.tmp (Error whilst scanning file: I/O Error (0x00000026)) Scanning: D:\*.* D:\BACK UP DO DIA 20-04-2009\felipe\Programas\BadCopy.Pro.v3.72.1012.WinALL.Incl.Keygen-ECLiPSE.zip/eclbc372.zip/keygen.zip/eclbc372.exe (Infected with W32/Suspicious_Gen.BOGK) Deleted file D:\BACK UP DO DIA 20-04-2009\felipe\Programas\Emulador play 2\biosPsx2.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) D:\BACK UP DO DIA 20-04-2009\felipe\Programas\Free_Download_do_Rapidshare-By_Roby.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) D:\BACK UP DO DIA 20-04-2009\felipe\Programas\progs do moden\progs do moden\MacMakeUp.exe (Infected with W32/Packed_Yoda.A) Deleted file D:\BACK UP DO DIA 20-04-2009\felipe\Programas\VSO ConvertXtoDVD 3.3.1.99+keygen\Keygen\Keygen.exe (Infected with Smalldoor.JJEW) Deleted file D:\BACK UP DO DIA 20-04-2009\felipe\progs do moden\progs do moden\MacMakeUp.exe (Infected with W32/Packed_Yoda.A) Deleted file D:\System Volume Information\_restore{21049F84-C62B-4FC5-A2F3-829B9BF55BC8}\RP132\A0204259.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file D:\System Volume Information\_restore{21049F84-C62B-4FC5-A2F3-829B9BF55BC8}\RP132\A0206281.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file D:\System Volume Information\_restore{21049F84-C62B-4FC5-A2F3-829B9BF55BC8}\RP135\A0221737.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file D:\System Volume Information\_restore{21049F84-C62B-4FC5-A2F3-829B9BF55BC8}\RP135\A0221764.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file D:\System Volume Information\_restore{21049F84-C62B-4FC5-A2F3-829B9BF55BC8}\RP135\A0221796.exe (Infected with W32/Suspicious_Gen2.PWGE) Deleted file D:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035165.exe (Infected with W32/Packed_Yoda.A) Deleted file D:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035166.exe (Infected with Smalldoor.JJEW) Deleted file D:\System Volume Information\_restore{907FC9DC-94A0-48AD-83FB-1039B743510D}\RP59\A0035167.exe (Infected with W32/Packed_Yoda.A) Deleted file Scanning: postscan Running post-scan cleanup routine: Number of files found: 184285 Number of archives unpacked: 2273 Number of files scanned: 184247 Number of files not scanned: 38 Number of files skipped due to exclude list: 0 Number of infected files found: 21 Number of infected files repaired/deleted: 20 Number of infections removed: 20 Total scanning time: 1h 24m 48s Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Março 11, 2010 :) Vários problemas foram removidos pelo Norman Malware Cleaner. ____________________________ :seta: Siga, por gentileza, as dicas dos tutoriais abaixo: Tutorial do Dr. Web CureIt Tutorial do antivirus Nod32 Online _________________________________ :seta: Na sua próxima resposta poste este log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Dr. Web CureIt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe7l 0 Denunciar post Postado Março 17, 2010 Opa. Log Eset Online Scanner ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=ba707e1c543f9f43888429abc3c4503c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-12-20 11:49:40 # local_time=2009-12-20 09:49:40 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 100 0 36851390 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=71293 # found=6 # cleaned=6 # scan_time=10085 C:\Arquivos de programas\UsbFix\Tools\Proc.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\temp\OpenDNS Updater\update.exe probably a variant of Win32/Veslorn.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\BACK UP DO DIA 20-04-2009\felipe\Programas\Alcohol 120 v1.9.5.3105+Crack\Patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\BACK UP DO DIA 20-04-2009\felipe\Programas\BABYLON 7.0\Patch Update 1.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\BACK UP DO DIA 20-04-2009\felipe\Programas\Vdownloader\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\BACK UP DO DIA 20-04-2009\felipe\Programas\Vdownloader\vd_setup.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C Log HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:46, on 17/3/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Java\jre6\bin\java.exe C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\Felipe de Souza\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9420 bytes Log Dr. Web CureIt: ELe fecho e esqueci de pegar o log... =/ mas eu li q nao foram encontrados virus... Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Março 17, 2010 :) Outros problemas foram removidos pelo Nod32 Online. ____________________________ :seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor: Tutorial do Spyware Doctor Starter Edition Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Abril 18, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites