Iceds 0 Denunciar post Postado Maio 15, 2010 Olá pessoal, estou criando este topico para dizer que meu pc do nada começou a ficar lento na inicialização. Até ontem ele iniciava em cerca de 35 segundos, naquela parte que fica processando o windows exp com as barrinhas passando era muito ligeiro e agora do nada ta muito lento. A unica coisa que eu percebi de estranho nele foi que quando eu inicio um jogo chamado RisingForce Online, antigamente ele entrava em modo full screen normal e agora ele abre uma janela do windows chamada "Active Movie Window". De resto não percebi nenhuma diferença... vou enviar o log do hijack e peço que por favor me ajudem. Abraços e fiquem com Deus. Log do Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:04, on 15/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\csrcs.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7749 bytes DigRam meu amigo, se estiver por ae, você que ja conhece bem meu pc rs. ajuda plx :) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 18, 2010 :) Olá Iceds! :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> O log do Combofix estará em C:\ComboFix.txt _______________________________ :seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware _______________________________ :seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com o log que estará em C:\ComboFix.txt e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 20, 2010 Olá Antonio, fiz td e vou postar os logs aki para você, desde ja agradeço, abraço. Logo do combo.fix: ComboFix 10-05-19.02 - user 19/05/2010 21:57:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2045.1394 [GMT -3:00] Executando de: c:\documents and settings\user\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\3753519.dll c:\windows\system32\8893845.dll c:\windows\system32\csrcs.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))) . 2010-05-20 00:17 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\88475aa.dll 2010-05-20 00:17 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\69f5988.dll 2010-05-20 00:15 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\77aae86.dll 2010-05-20 00:15 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2f156680.dll 2010-05-19 23:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\91eefc0.dll 2010-05-19 23:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2fa3b85e.dll 2010-05-19 23:16 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\805557a.dll 2010-05-19 22:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\a0bcd4c.dll 2010-05-19 22:58 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\1d77b898.dll 2010-05-19 22:56 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\40f9ce.dll 2010-05-19 22:56 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\1a5b3588.dll 2010-05-19 22:50 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\f543864.dll 2010-05-19 22:50 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\8d163ec.dll 2010-05-19 20:59 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\cbf24d2.dll 2010-05-19 20:59 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\2a1b8736.dll 2010-05-19 19:25 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\fc49800.dll 2010-05-19 19:25 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\37813da6.dll 2010-05-19 19:08 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\30a63940.dll 2010-05-19 19:08 . 2004-08-04 03:45 82944 ---h-tw- c:\windows\system32\258e556.dll 2010-05-17 23:01 . 2010-05-17 23:04 -------- d-----w- c:\arquivos de programas\Satsuki Decoder Pack 2010-05-17 22:00 . 2010-05-17 22:00 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\TeamViewer 2010-05-17 22:00 . 2010-05-17 22:00 -------- d-----w- c:\documents and settings\user\temp 2010-05-17 19:28 . 2010-05-17 19:28 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Publish Providers 2010-05-17 19:28 . 2010-05-17 22:10 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Sony 2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\arquivos de programas\Vstplugins 2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony 2010-05-06 11:42 . 2010-05-06 11:42 -------- d-----w- c:\windows\system32\Nova pasta 2010-05-02 00:25 . 2010-05-02 00:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2010-04-25 01:33 . 2010-04-25 01:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-04-22 15:49 . 2010-04-22 15:49 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\dvdcss 2010-04-22 15:36 . 2010-05-17 22:58 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\vlc 2010-04-22 15:35 . 2010-04-22 15:35 -------- d-----w- c:\arquivos de programas\VideoLAN . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-18 15:39 . 2010-04-17 14:08 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\TS3Client 2010-05-15 06:10 . 2008-05-05 05:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Skype 2010-05-15 04:14 . 2008-05-05 05:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\skypePM 2010-05-12 10:26 . 2010-04-11 15:56 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Dropbox 2010-05-10 18:19 . 2008-01-19 07:30 -------- d-----w- c:\arquivos de programas\Tibia 2010-05-09 01:02 . 2008-02-09 11:23 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\LimeWire 2010-05-08 16:51 . 2008-04-24 06:10 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\teamspeak2 2010-04-25 00:45 . 2009-11-29 21:53 -------- d-----w- c:\arquivos de programas\PokerStars 2010-04-11 15:57 . 2010-04-11 15:57 89831 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\Uninstall.exe 2010-04-05 12:13 . 2010-04-05 12:08 -------- d-----w- c:\arquivos de programas\NCSoft 2010-04-05 12:13 . 2008-01-16 16:21 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-04-05 12:07 . 2010-04-05 12:07 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2010-03-04 10:30 . 2001-10-28 18:07 67450 ----a-w- c:\windows\system32\perfc016.dat 2010-03-04 10:30 . 2001-10-28 18:07 425426 ----a-w- c:\windows\system32\perfh016.dat 2010-03-04 10:29 . 2010-03-04 10:29 152576 ----a-w- c:\documents and settings\user\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-04 10:29 . 2009-11-23 20:29 79488 ----a-w- c:\documents and settings\user\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\Dropbox.exe 2009-02-11 11:41 . 2009-02-11 11:57 2576 --sha-r- c:\windows\system32\DirectX\Dinput\desktop.inf.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 16:03 1230080 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "nwiz"="nwiz.exe" [2007-06-29 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 56928] "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-31 10:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Tibia\\Tibia.exe"= "c:\\Arquivos de programas\\WinRAR\\WinRAR.exe"= "c:\\Arquivos de programas\\Movie Maker\\moviemk.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Spybot - Search & Destroy\\SpybotSD.exe"= "c:\\Arquivos de programas\\Real Alternative\\settings.exe"= "c:\\WINDOWS\\system32\\mshearts.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Tibia\\TibiCAM\\TibiCAM.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\condition zero\\hl.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\dedicated server\\hlds.exe"= "c:\\CCR INC\\RFOnline\\RF.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\dedicated server\\hltv.exe"= "c:\\Arquivos de programas\\Sony Interactive\\Twisted Metal 2\\TM2.EXE"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\day of defeat\\hl.exe"= "e:\\Level Up! Games\\RF Online\\RF.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Documents and Settings\\user\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2\\srcds.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\oblivion\\OblivionLauncher.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\marcosfillus\\counter-strike\\hl.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/12/2009 12:56 28552] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/8/2009 07:36 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/8/2009 07:36 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [31/8/2009 07:36 908056] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [31/8/2009 07:36 297752] S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8/4/2005 19:46 162176] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mWindow Title = IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\qcm48twq.default\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORFÃOS REMOVIDOS - - - - AddRemove-Juliana Góes - c:\arquivos de programas\Juliana Góes\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-19 22:01 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2010-05-19 22:02:22 ComboFix-quarantined-files.txt 2010-05-20 01:02 Pré-execução: 18 pasta(s) 12.918.530.048 bytes disponíveis Pós execução: 20 pasta(s) 13.663.846.400 bytes disponíveis - - End Of File - - 3C45894915215377093469058482A50C Log do Malware~: Malwarebytes' Anti-Malware 1.34 Versão do banco de dados: 1879 Windows 5.1.2600 Service Pack 2 19/5/2010 22:06:41 mbam-log-2010-05-19 (22-06-41).txt Tipo de Verificação: Rápida Objetos verificados: 67519 Tempo decorrido: 2 minute(s), 11 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:22, on 19/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\WgaTray.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7436 bytes Esperando novas instruções, obrigado desde já. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 20, 2010 :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) _________________________________ O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site Estas entradas acima no Hosts foi você que acrescentou? _________________________________ :seta: Siga as dicas deste tutorial: Tutorial do Norman Malware Cleaner _________________________________ Malwarebytes' Anti-Malware 1.34Versão do banco de dados: 1879 Windows 5.1.2600 Service Pack 2 19/5/2010 22:06:41 mbam-log-2010-05-19 (22-06-41).txt Tipo de Verificação: Rápida No seu log do Malwarebytes está constando que você fez só uma verificação rápida e é muito importante fazer uma Verificação Completa com ele. *Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). * Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal *Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa" *Clique no botão: "Verificar" * Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação” *Ao término do scan, clique em "OK" > "Mostrar Resultados" *Selecione todas as entradas e clique em "Remover Selecionados" *Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM" *Um log será apresentado com o resultado das ações *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. *Ao término do processo, reinicie o PC em Modo Normal. * Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo. *Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está seu PC depois disto. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 25, 2010 :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) _________________________________ O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site Estas entradas acima no Hosts foi você que acrescentou? _________________________________ :seta: Siga as dicas deste tutorial: Tutorial do Norman Malware Cleaner _________________________________ Malwarebytes' Anti-Malware 1.34Versão do banco de dados: 1879 Windows 5.1.2600 Service Pack 2 19/5/2010 22:06:41 mbam-log-2010-05-19 (22-06-41).txt Tipo de Verificação: Rápida No seu log do Malwarebytes está constando que você fez só uma verificação rápida e é muito importante fazer uma Verificação Completa com ele. *Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). * Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal *Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa" *Clique no botão: "Verificar" * Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação” *Ao término do scan, clique em "OK" > "Mostrar Resultados" *Selecione todas as entradas e clique em "Remover Selecionados" *Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM" *Um log será apresentado com o resultado das ações *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. *Ao término do processo, reinicie o PC em Modo Normal. * Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo. *Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Norman Malware Cleaner e um novo log do Hijackthis e nos diga como está seu PC depois disto. Olá Antonio, tenho estado ocupado com a faculdade e por isso só consegui finalizar o processo agora. Estas entradas fui eu mesmo que adicionei, são para um "anti-cheater" em um jogo online. Bem após tudo o processo Antonio, ae vao os logs dos 2 anti-malwares e do Hijack atualizado. Notei meu pc mais rapido, só que hoje quando estava mexendo nele, do nada começou a abrir uma janela do IE (uso mozila como padrao) com uma pagina daquelas tipo pop-up, entrei no IE e tentei deletar a pagina do historico, porém ela volta...(aqui no historico a pagina está como ad.harrenmedianetwork.com) Acho que não é nada demais, porém após você vizualizar os logs, espero que possa me dizer o que é rs. Bem ai vão os logs, espero que estejam todos limpos e corretos :). Log do Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.34 Versão do banco de dados: 1879 Windows 5.1.2600 Service Pack 2 25/5/2010 22:38:34 mbam-log-2010-05-25 (22-38-34).txt Tipo de Verificação: Completa (C:\|E:\|F:\|) Objetos verificados: 209400 Tempo decorrido: 58 minute(s), 13 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) Log do Norman Malware Cleaner: Norman Malware Cleaner Version 1.6.2 Copyright © 1990 - 2009, Norman ASA. Built 2010/05/25 10:16:50 Norman Scanner Engine Version: 6.04.08 Nvcbin.def Version: 6.04.00, Date: 2010/05/25 10:16:50, Variants: 5779226 Scan started: 25/05/2010 21:53:50 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: MICRO2\user Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe csrcs.exe" -> "Explorer.exe" Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> "" Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Scanning bootsectors... Number of sectors found: 0 Number of sectors scanned: 0 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s Scanning running processes and process memory... C:\WINDOWS\system32\csrcs.exe (Infected with AutoRun.BHAO) Terminated process Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run -> csrcs = "C:\WINDOWS\system32\csrcs.exe" Deleted file Number of processes/threads found: 3743 Number of processes/threads scanned: 3743 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 1 Total scanning time: 1m 44s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Arquivos de programas\AMR Converter Pro\AMR Converter Pro.exe (Infected with Malware.DLPH) Removed link file: C:\Documents and Settings\All Users\Desktop\AMR Converter Pro.lnk Deleted file C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe (Infected with W32/Smalldrp.ACPY) Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe = "C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM" Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe = "C:\Arquivos de programas\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM" Deleted file C:\CCR INC\RFOnline\System\FileData.z/./System/FileData.dat (Error whilst scanning file: I/O Error (0x00220005)) C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\offline\59737481\6AE473CA\AMR Converter Pro.exe (Infected with Malware.DLPH) Deleted file C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057)) C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057)) C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057)) C:\Documents and Settings\All Users\Dados de aplicativos\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00000057)) C:\Documents and Settings\All Users\Documentos\hvtzdc.exe (Infected with AutoRun.BHAO) Deleted file C:\Documents and Settings\user\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\61\58bf333d-45b45fd2/Inicio.class (Infected with JAVA/DLoader.A) Deleted file C:\Documents and Settings\user\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\12c83dbf-3b72951f/d8z (Infected with W32/Agent.MQTY.dropper) Deleted file C:\Documents and Settings\user\Desktop\AT\BBB\Playboy_Especial_2009_10_Brasil.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Filmes\xmn_orns_wvrn.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\Downloads\crepusculo(2).rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\Downloads\hq04.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\Downloads\hqhen08.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\Downloads\PPZ-Ariane-Gonzale.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\Downloads\qmqrsumlro.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\PB-AsMelhoresDaFazenda+www.sexymaioresde18.blogspot.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Desktop\Installers\tibicam_8.11.zip/TibiCAM/TibiCAM.exe (Infected with W32/Smalldrp.ACPY) Deleted file C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar/Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Patch\patch.exe (Infected with W32/Suspicious_Gen2.dam) Deleted file C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar/Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Motion blends.exe (Infected with Suspicious_Gen2.ADZET) Deleted file C:\Documents and Settings\user\Meus documentos\Downloads\VIP201004_Cacau.BBB10.rar/VIP201004_Cacau.BBB10\+FOTOS.URL (Error whilst scanning file: I/O Error (0x00220005)) C:\Documents and Settings\user\Meus documentos\Sum[1].Eletrohits.vol5_www.coletaneascompletas.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Documents and Settings\user\Meus documentos\Sum[1].Eletrohits.vol5_www.coletaneascompletas.com.rar/+ Musicas\Todas as Faixas do CD.exe (Infected with W32/Obfuscated.O!genr) Deleted file C:\Kombo.exe\NirCmdC.cfexe (Infected with Malware.JSER) Deleted file C:\LinhaDefensiva\exec\download.exe (Infected with Suspicious_Gen.CQSA) Deleted file C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir (Infected with AutoRun.BHAO) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP273\A0818770.exe (Infected with AutoRun.BHAO) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829492.exe (Infected with AutoRun.BHAO) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829494.exe (Infected with Malware.DLPH) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829495.exe (Infected with W32/Smalldrp.ACPY) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829496.exe (Infected with Malware.DLPH) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829497.exe (Infected with AutoRun.BHAO) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829500.exe (Infected with Suspicious_Gen.CQSA) Deleted file C:\WINDOWS\Juliana Góes.scr (Infected with W32/DLoader.KFZD) Deleted file C:\WINDOWS\Natália Casassola.scr (Infected with W32/DLoader.KFZD) Deleted file Scanning: E:\*.* E:\Back MD\Mu\GameGuard\GameMon.des (Infected with SDBot.gen8) Deleted file E:\Back MD\Mu\main.exe (Infected with W32/Obfuscated.AK!genr) Deleted file E:\Back MD\Mu\mu.exe (Infected with W32/Obfuscated.AK!genr) Deleted file E:\Backup Games\Tibia\Tibia.exe (Infected with W32/Tibia.ACE) Deleted file E:\Backup Games\Tibia\TibiCAM\TibiCAM.exe (Infected with W32/Smalldrp.ACPY) Deleted file E:\Level Up! Games\RF Online\System\FileData.z/./System/FileData.dat (Error whilst scanning file: I/O Error (0x00220005)) E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829503.des (Infected with SDBot.gen8) Deleted file E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829504.exe (Infected with W32/Obfuscated.AK!genr) Deleted file E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829505.exe (Infected with W32/Obfuscated.AK!genr) Deleted file E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829506.exe (Infected with W32/Tibia.ACE) Deleted file E:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829507.exe (Infected with W32/Smalldrp.ACPY) Deleted file Scanning: F:\*.* F:\aeae\MVW\pl0508.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) Scanning: C:\System Volume Information\*.* C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829501.scr (Infected with W32/DLoader.KFZD) Deleted file C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829502.scr (Infected with W32/DLoader.KFZD) Deleted file Scanning: postscan Running post-scan cleanup routine: Number of files found: 228322 Number of archives unpacked: 1014 Number of files scanned: 228304 Number of files not scanned: 18 Number of files skipped due to exclude list: 0 Number of infected files found: 34 Number of infected files repaired/deleted: 34 Number of infections removed: 34 Total scanning time: 1h 20m 6s Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:17:54, on 25/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Ufyqea.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\DOCUME~1\user\CONFIG~1\Temp\Umh.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\user\CONFIG~1\Temp\Umh.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7371 bytes Fiz esse processo todo agora de noite. Durante o processo, o IE do nada abriram janelas do IE com aquelas paginas que não tenho noção de onde vieram e como começaram a abrir, espero que esteja tudo bem. Aguardo novas instruções e desde já agradeço, abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 26, 2010 Olá Antonio, acabei de finalizar o scan online usando o ActiveScan 2.0 do Panda antivirus. Aqui vai o relatorio do bloco de notas, desde já agradeço. Relatório do ActiveScan: ;*********************************************************************************************************************************************************************************** ANALYSIS: 2010-05-26 01:20:56 PROTECTIONS: 1 MALWARE: 15 SUSPECTS: 9 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG Anti-Virus Free 8.5 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@atdmt[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@xiti[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ad.yieldmanager[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\configurações locais\temp\cookies\user@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@bs.serving-sys[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@server.iad.liveperson[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@statse.webtrendslive[2].txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@ig.com[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@terra.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@uol.com[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@questionmarket[1].txt 00209833 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\user\cookies\user@acesso.uol.com[1].txt 01674996 Application/Psexec.A HackTools No 0 Yes No c:\kombo.exe\psexec.cfexe 06125448 BAT/Autorun.JVF Virus/Worm No 1 Yes No c:\windows\system32\autorun.in 06125448 BAT/Autorun.JVF Virus/Worm No 1 Yes No c:\windows\system32\autorun.i ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== No c:\docume~1\user\config~1\temp\umh.exe No c:\windows\ufyqea.exe No c:\windows\system32\sshnas21.dll No c:\documents and settings\user\configurações locais\temp\umf.exe No c:\documents and settings\user\configurações locais\temp\umg.exe No c:\documents and settings\user\configurações locais\temp\umh.exe No c:\documents and settings\user\configurações locais\temporary internet files\content.ie5\0x6j896v\install[1].48534.exe No c:\documents and settings\user\desktop\installers\tibia810.exe No c:\documents and settings\user\meus documentos\msncleaner(www.portalmes.com).zip[msncleaner (www.portalmes.com).exe] ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 219830 HIGH MS10-029 219822 HIGH MS10-021 219821 HIGH MS10-020 219647 HIGH MS10-018 217842 HIGH MS10-015 217839 HIGH MS10-012 217838 HIGH MS10-011 217834 HIGH MS10-008 217832 HIGH MS10-006 217831 HIGH MS10-005 217169 HIGH MS10-002 216839 HIGH MS10-001 215938 HIGH MS09-072 215935 HIGH MS09-069 215048 HIGH MS09-065 214076 HIGH MS09-059 971486 HIGH MS09-058 214074 HIGH MS09-057 214073 HIGH MS09-056 214072 HIGH MS09-055 214071 HIGH MS09-054 213109 HIGH MS09-046 212494 HIGH MS09-042 212493 HIGH MS09-041 212530 HIGH MS09-034 211784 HIGH MS09-032 211781 HIGH MS09-029 210625 HIGH MS09-026 210624 HIGH MS09-025 210621 HIGH MS09-022 210618 HIGH MS09-019 208380 HIGH MS09-015 208379 HIGH MS09-014 208378 HIGH MS09-013 208377 HIGH MS09-012 206981 HIGH MS09-007 206980 HIGH MS09-006 204670 HIGH MS09-001 203806 HIGH MS08-078 203508 HIGH MS08-073 203505 HIGH MS08-071 202465 HIGH MS08-068 201683 HIGH MS08-067 201258 HIGH MS08-066 201256 HIGH MS08-064 201255 HIGH MS08-063 201253 HIGH MS08-061 201250 HIGH MS08-058 209275 HIGH MS08-049 209273 HIGH MS08-045 196455 MEDIUM MS08-037 194862 HIGH MS08-032 194861 HIGH MS08-031 194860 HIGH MS08-030 191618 HIGH MS08-025 191617 HIGH MS08-024 191616 HIGH MS08-023 191614 HIGH MS08-021 191613 HIGH MS08-020 ;=================================================================================================================================================================================== Aguardando instruções. Desde já agradeço. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 26, 2010 :) Muitos problemas foram removidos. Mas ainda há outros problemas em seu PC. _______________________________ :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix Tutorial do antivirus Nod32 Online _______________________________ :seta: Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com o log que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e um novo log do Hijackthis e nos diga como está o PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 26, 2010 Boa tarde Antonio. Estou enviando os logs dos procedimentos que você me pediu para fazer, aguardando instruções, abraço. Log do UsbFix: ############################## | UsbFix V6.115 | User : user (Administradores) # MICRO2 Update on 26/05/2010 by El Desaparecido , C_XX & Chimay8 Start at: 12:51:13 | 26/5/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU E6750 @ 2.66GHz Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Enabled AV : AVG Anti-Virus Free 8.5 [ (!) Disabled | Updated ] C:\ -> Disco fixo local # 74,6 Go (6,52 Go free) # NTFS D:\ -> Disco CD-ROM E:\ -> Disco fixo local # 74,31 Go (14,32 Go free) # NTFS F:\ -> Disco fixo local # 83,98 Go (79,02 Go free) # NTFS G:\ -> Disco removível # 3,73 Go (1,77 Go free) [KINGSTON] # FAT32 ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Supprimido ! C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job Supprimido ! C:\WINDOWS\System32\sshnas21.dll Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\a.dat Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\Umf.exe Supprimido ! C:\DOCUME~1\user\CONFIG~1\Temp\Umg.exe Supprimido ! C:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003 Supprimido ! E:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003 Supprimido ! F:\Recycler\S-1-5-21-746137067-1035525444-725345543-1003 G:\autorun.inf -> ficheiro chamado : "G:\isbtLb.exe" ( Presente ! ) Supprimido ! G:\isbtLb.exe Supprimido ! G:\autorun.inf Supprimido ! G:\nds0q.exe Supprimido ! G:\viuoqu.exe Supprimido ! G:\viuoqu.scr Supprimido ! C:\WINDOWS\Ufyqea.exe ################## | Registro | Supprimido ! [HKCU\SOFTWARE\M5T8QL3YW3] Supprimido ! [HKCU\SOFTWARE\Microsoft\Handle] Supprimido ! [HKCU\SOFTWARE\QZAIB7KITK] Supprimido ! [HKCU\SOFTWARE\XML] Supprimido ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M5T8QL3YW3" Supprimido ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS] Supprimido ! [HKLM\SYSTEM\ControlSet002\Services\SSHNAS] Supprimido ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS] Supprimido ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS] ################## | Mountpoints2 | ################## | Listing | [16/01/2008 13:04|--a------|0] C:\AUTOEXEC.BAT [11/02/2009 17:58|--a------|178597] C:\bankerfix.exe [16/01/2008 13:00|--a------|211] C:\Boot.bak [11/02/2009 09:32|-rahs----|281] C:\boot.ini [28/10/2001 15:06|-rahs----|4952] C:\Bootfont.bin [04/08/2004 08:00|--a------|261856] C:\cmldr [19/05/2010 22:02|--a------|14547] C:\ComboFix.txt [16/01/2008 13:04|--a------|0] C:\CONFIG.SYS [16/01/2008 13:04|-rahs----|0] C:\IO.SYS [05/05/2010 06:22|-rahs----|0] C:\khx [16/01/2008 13:21|--a------|197] C:\lan.log [16/01/2008 13:04|-rahs----|0] C:\MSDOS.SYS [11/02/2009 09:26|--a------|257] C:\MSNCleaner.txt [03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM [03/08/2004 22:59|-rahs----|251168] C:\ntldr [?|?|?] C:\pagefile.sys [27/04/2009 23:14|--a------|0] C:\random [17/01/2008 03:26|--a------|206] C:\realtek.log [17/01/2008 03:26|--a------|575] C:\RHDSetup.log [20/10/2008 07:43|--a------|921632] C:\StiImg.dat [26/05/2010 13:03|--a------|3255] C:\UsbFix.txt [21/03/2010 16:03|--a------|59180650] E:\filme pb 1.wmv [05/05/2010 06:22|-rahs----|0] E:\khx [27/03/2010 20:03|--a------|97374612] E:\pb do xadrez.wmv [27/03/2010 20:16|--a------|146726612] E:\pb do xadrez_0001.wmv [18/03/2010 11:58|--a------|8548590] E:\rf test 1.wmv [18/03/2010 12:05|--a------|8427498] E:\rf test 2.wmv [18/03/2010 12:09|--a------|8627582] E:\rf test 2_0001.wmv [07/02/2010 14:48|--a------|983624462] F:\Avatar.DVDScr.Leg.by.B4rm4n-www.clubwarez.ws.avi [01/02/2010 04:20|--a------|155103386] F:\Flash.Forward.S01E02.HDTV.XviD-NoTV.rmvb [01/02/2010 05:56|--a------|148636560] F:\Flashforward[ 01x03 _ks series.rmvb [05/05/2010 06:22|-rahs----|0] F:\khx [29/10/2009 20:58|--a------|651776] G:\Fenomenos de transporte.ppt [21/01/2010 23:43|--a------|2209792] G:\The Beatles - Help!.mp3 [31/10/2009 12:59|--a------|5609646] G:\Kings of Leons - Use Somebody.mp3 [31/10/2009 21:43|--a------|3265720] G:\Kings Of Leon - --- is On Fire.mp3 [15/02/2010 23:47|--a------|3353613] G:\Lady GaGa - Paparrazzi.mp3 [13/11/2009 14:45|--a------|44907] G:\884611222284.pdf [19/07/2009 12:33|--a------|4553956] G:\Yes Man ~ Munchausen by proxy & Zooey Deschanel.mp3 [01/01/2010 11:09|--a------|4214161] G:\Shiny Toy Guns - Stripped.mp3 [15/11/2009 18:38|--a------|109056] G:\trabalho biotrans.ppt [18/11/2009 08:10|--a------|763392] G:\TM 2009.ppt [22/11/2009 21:34|--a------|11577209] G:\Analítica 2.rar [30/12/2009 21:25|--a------|5218219] G:\004_Markus Enochson - For You to See (feat_ Masaya) (Tiger Stripes vocal remix).mp3 [30/01/2010 20:27|--a------|6266109] G:\Kaskade & Deadmau5 - Move For Me.mp3 [10/02/2010 23:44|--a------|11761499] G:\02. Lady Gaga - Bad Romance (Album Version).mp3 [17/04/2009 22:32|--a------|4245885] G:\Andrea Bocceli & Laura Pausini - Vivo por ella (Span).MP3 [19/04/2009 12:12|--a------|4260806] G:\Andrea Bocelli & Giorgia - Vivo Per Lei (Italian).mp3 [01/08/2009 12:23|--a------|5460471] G:\Nickelback - Never Gonna Be Alone.mp3 [26/02/2010 16:35|--a------|65320685] G:\DBBR_Dragon_Ball_GT_31.rmvb [04/03/2010 08:50|--a------|5536253] G:\Jay-Z - Empire State of Mind (feat Alicia Keys).mp3 [11/05/2010 23:37|--a------|219648] G:\trabalho do soccol 4.doc [11/05/2010 23:40|--a------|62976] G:\capa trab soccol44.doc [04/03/2010 06:56|--a------|59482] G:\Formulário 2010.pdf [12/05/2010 11:11|--a------|49664] G:\trabalho aula pratica ferm.doc [16/05/2010 21:03|--a------|1590272] G:\Trabalho soccol slides.ppt [16/05/2010 21:38|--a------|64512] G:\texto soccol.doc [17/05/2010 11:26|--a------|7438848] G:\apresentacao_final.ppt [17/05/2010 00:13|--a------|92672] G:\texto soccol1.doc [11/05/2010 16:19|--a------|28088797] G:\Bioreactor Design_4_0_321_4+dotnet.zip [19/05/2010 07:23|--a------|32] G:\site bioreac.txt [25/05/2010 00:03|--a------|313856] G:\trabalho soccol meios de cultivo.doc [24/05/2010 23:01|--a------|62976] G:\capa trab inoculo.doc [24/05/2010 23:26|--a------|1796096] G:\trabalho do soccol de inóculo.doc [24/05/2010 23:56|--a------|62976] G:\capa trab meios de cultivo.doc [23/09/2009 12:49|--a------|54031] G:\20092-cf061-lista-1.pdf [10/12/2009 10:30|--a------|53422] G:\20092-cf061-lista-4.pdf [17/12/2009 18:08|--a------|1328640] G:\Provas 1,2,3.doc [04/02/2009 09:05|--a------|384686] G:\pokblue-port.zip [04/02/2009 09:21|--a------|659797] G:\VisualBoyAdvance-1.8.0-beta3.zip [06/01/2010 13:06|--a------|63488] G:\cola para apresentação.doc [16/01/2010 19:46|--a------|19265735] G:\Pokemon+Online+1.2.rar [06/01/2010 19:49|--a------|19433095] G:\Christmas_Edition.rar [07/02/2010 14:48|--a------|983624462] G:\Avatar.DVDScr.Leg.by.B4rm4n-www.clubwarez.ws.avi [27/01/2010 01:16|--a------|6931456] G:\Boneca.pps [28/11/2009 23:13|--a------|147334733] G:\FF_101_www.downloadscorp.com.rmvb [01/02/2010 05:56|--a------|148636560] G:\Flashforward[ 01x03 _ks series.rmvb [01/02/2010 04:20|--a------|155103386] G:\Flash.Forward.S01E02.HDTV.XviD-NoTV.rmvb [14/11/2009 00:56|--a------|5901952] G:\Kaskade - Angel On My Shoulder.mp3 [02/01/2010 18:20|--a------|11365659] G:\Kaskade - I Remember (Strobelite Edit).mp3 [24/02/2010 22:57|--a------|2178] G:\fontes rf.txt [19/02/2010 15:57|--a------|18264] G:\SS forum.JPG [24/02/2010 20:49|--a------|29771] G:\forum 2.JPG [16/01/2010 03:51|--a------|1539979] G:\1203315054467uq4.gif [19/01/2010 17:08|--a------|1551141] G:\geronimooooooooooo.gif [17/02/2010 14:14|--a------|96] G:\ticket.txt [16/02/2010 19:41|--a------|1725] G:\cali.txt [12/01/2010 13:16|--a------|1064] G:\dup.txt [20/01/2010 20:39|--a------|52223] G:\fudeo.jpg [27/12/2009 23:17|--a------|9326341] G:\Requiem For A Dream - Clint Mansell - Lux Aeterna (Full Orch.mp3 [27/12/2009 22:55|--a------|3750765] G:\Requiem For A Dream Soundtrack - Lux Aeterna.mp3 ################## | Vaccinação | # C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). # E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). # F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). # G:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). ################## | Upload | Favor enviar o arquivo : C:\UsbFix_Upload_Me_MICRO2.zip : http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição . ################## | ! Fim do relatório # UsbFix V6.115 ! | Log do Nod32 online: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=bc892ed87eb3d44d9b052068a55ca0ff # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-26 07:21:42 # local_time=2010-05-26 04:21:42 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 74201325 74201325 0 0 # compatibility_mode=1024 16777191 100 0 22263603 22263603 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=141579 # found=11 # cleaned=11 # scan_time=5119 C:\UsbFix_Upload_Me_MICRO2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\UsbFix\Tools\Proc.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\user\Desktop\Installers\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829624.dll a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0830642.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umf.exe.UsbFix a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\C\WINDOWS\system32\sshnas21.dll.UsbFix a variant of Win32/Kryptik.EOI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\G\isbtlb.exe.UsbFix Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\G\nds0q.exe.UsbFix Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\G\viuoqu.exe.UsbFix Win32/AutoRun.VB.GG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\UsbFix\Quarantine\G\viuoqu.scr.UsbFix Win32/AutoRun.VB.GG worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C No progama Antonio, o que devo fazer? Deletar os arquivos da quarentena ou restaurá-los? Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:42:25, on 26/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7669 bytes Desde já agradeço, abraço e fique com Deus. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 26, 2010 Muitos outros problemas foram removidos. _________________________ No progama Antonio, o que devo fazer? Deletar os arquivos da quarentena ou restaurá-los? Pode deletá-los. ________________________ :seta: Siga as dicas deste tutorial: Tutorial do antivírus BitDefender Online Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador: C:\Windows\BDOSCAN8\bdoscan.log Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 26, 2010 Boa Noite Antonio, aqui vai os logs do bitdefender e do hijack atualizado, no aguardo de novas instruções. Meu pc está iniciando normalmente denovo e aquela janela de pop-up parou de abrir, mas mesmo assim agaurdo novas instruções, desde já agradeço, abraço e fique com Deus. Log do Bitdefender: [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 26:05:2010 Time = 18:45:21 Scan Path = C:\;D:\;E:\;F:\; [Engines Info] Virus Definitions = 6095974 Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Apr 09 2010)" Scan plugins = 17 Archive plugins = 43 Unpack plugins = 10 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 8274 Files = 311524 Archives = 3583 Packed files = 17089 Identified viruses = 3 Infected files = 7 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 6 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 27 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000016 = "C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar=>Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Art effects.exe Detected with: Adware.Generic.64429" Line00000015 = "C:\Documents and Settings\user\Meus documentos\Downloads\Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3.rar=>Sony Vegas Movie Studio Platinum Pro 9.0 + Todos os Plugins + Pacth_NazgoOl M3\Plugins\NewBlue FX\Art effects.exe Disinfection failed" Line00000014 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Infected with: Gen:Variant.Renos.14" Line00000013 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Disinfection failed" Line00000012 = "C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP276\A0829629.exe Deleted" Line00000011 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Infected with: Gen:Variant.Renos.14" Line00000010 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Disinfection failed" Line00000009 = "C:\UsbFix\Quarantine\C\DOCUME~1\user\CONFIG~1\temp\Umg.exe.UsbFix Deleted" Line00000008 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Infected with: Gen:Variant.Renos.14" Line00000007 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Disinfection failed" Line00000006 = "C:\UsbFix\Quarantine\C\WINDOWS\Ufyqea.exe.UsbFix Deleted" Line00000005 = "C:\UsbFix\Quarantine\G\autorun.inf.UsbFix Infected with: Trojan.AutorunINF.Gen" Line00000004 = "C:\UsbFix\Quarantine\G\autorun.inf.UsbFix Deleted" Line00000003 = "C:\WINDOWS\system32\autorun.i Infected with: Trojan.AutorunINF.Gen" Line00000002 = "C:\WINDOWS\system32\autorun.i Deleted" Line00000001 = "C:\WINDOWS\system32\autorun.in Infected with: Trojan.AutorunINF.Gen" Line00000000 = "C:\WINDOWS\system32\autorun.in Deleted" Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:30, on 26/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7626 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 26, 2010 Mais problemas foram eliminados pelo BitDefender Online. ____________________________ :seta: Você está usando uma versão antiga do Avg (que é a versão 8 dele). Sugiro que desinstale-o e baixe um ótimo antivirus como o Avira Antivir 10. Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 10 free (instalação e configuração) '>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html]Tutorial do Avira Antivir 10 free (como usá-lo corretamente) ___________________________________ * Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start AntiVir > clique na opção Scan system now > e aguarde a conclusão do escaneamento. Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal. _______________________________________________________________ :seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start AntiVir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 27, 2010 Olá Antonio, aqui vai o log do scan do Avira, creio que meu pc já está melhor e parece mais rapido, abraço e fique com Deus. Log do Avira: Avira AntiVir Personal Report file date: quarta-feira, 26 de maio de 2010 21:42 Scanning for 2163364 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MICRO2 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 19/4/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 27/5/2010 00:33:43 AVSCAN.DLL : 10.0.3.0 46440 Bytes 27/5/2010 00:33:43 LUKE.DLL : 10.0.2.3 104296 Bytes 7/3/2010 21:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 11/2/2010 02:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 12:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 22:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 20:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 19:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 14:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/4/2010 00:33:43 VBASE006.VDF : 7.10.6.83 2048 Bytes 15/4/2010 00:33:43 VBASE007.VDF : 7.10.6.84 2048 Bytes 15/4/2010 00:33:43 VBASE008.VDF : 7.10.6.85 2048 Bytes 15/4/2010 00:33:43 VBASE009.VDF : 7.10.6.86 2048 Bytes 15/4/2010 00:33:43 VBASE010.VDF : 7.10.6.87 2048 Bytes 15/4/2010 00:33:43 VBASE011.VDF : 7.10.6.88 2048 Bytes 15/4/2010 00:33:43 VBASE012.VDF : 7.10.6.89 2048 Bytes 15/4/2010 00:33:43 VBASE013.VDF : 7.10.6.90 2048 Bytes 15/4/2010 00:33:43 VBASE014.VDF : 7.10.6.123 126464 Bytes 19/4/2010 00:33:43 VBASE015.VDF : 7.10.6.152 123392 Bytes 21/4/2010 00:33:43 VBASE016.VDF : 7.10.6.178 122880 Bytes 22/4/2010 00:33:43 VBASE017.VDF : 7.10.6.206 120320 Bytes 26/4/2010 00:33:43 VBASE018.VDF : 7.10.6.232 99328 Bytes 28/4/2010 00:33:43 VBASE019.VDF : 7.10.7.2 155648 Bytes 30/4/2010 00:33:43 VBASE020.VDF : 7.10.7.26 119808 Bytes 4/5/2010 00:33:43 VBASE021.VDF : 7.10.7.51 118272 Bytes 6/5/2010 00:33:43 VBASE022.VDF : 7.10.7.75 404992 Bytes 10/5/2010 00:33:43 VBASE023.VDF : 7.10.7.100 125440 Bytes 13/5/2010 00:33:43 VBASE024.VDF : 7.10.7.119 177664 Bytes 17/5/2010 00:33:43 VBASE025.VDF : 7.10.7.139 129024 Bytes 19/5/2010 00:33:43 VBASE026.VDF : 7.10.7.157 145920 Bytes 21/5/2010 00:33:43 VBASE027.VDF : 7.10.7.173 147456 Bytes 25/5/2010 00:33:43 VBASE028.VDF : 7.10.7.174 2048 Bytes 25/5/2010 00:33:43 VBASE029.VDF : 7.10.7.175 2048 Bytes 25/5/2010 00:33:43 VBASE030.VDF : 7.10.7.176 2048 Bytes 25/5/2010 00:33:43 VBASE031.VDF : 7.10.7.181 75776 Bytes 26/5/2010 00:33:43 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 27/5/2010 00:33:43 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 27/5/2010 00:33:43 AESCN.DLL : 8.1.6.1 127347 Bytes 27/5/2010 00:33:43 AESBX.DLL : 8.1.3.1 254324 Bytes 27/5/2010 00:33:43 AERDL.DLL : 8.1.4.6 541043 Bytes 27/5/2010 00:33:43 AEPACK.DLL : 8.2.1.1 426358 Bytes 27/5/2010 00:33:43 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 27/5/2010 00:33:43 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 27/5/2010 00:33:43 AEHELP.DLL : 8.1.11.3 242039 Bytes 27/5/2010 00:33:43 AEGEN.DLL : 8.1.3.9 377203 Bytes 27/5/2010 00:33:43 AEEMU.DLL : 8.1.2.0 393588 Bytes 27/5/2010 00:33:43 AECORE.DLL : 8.1.15.3 192886 Bytes 27/5/2010 00:33:43 AEBB.DLL : 8.1.1.0 53618 Bytes 27/5/2010 00:33:43 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2010 15:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/1/2010 15:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/2/2010 19:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 27/5/2010 00:33:43 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 27/5/2010 00:33:43 AVARKT.DLL : 10.0.0.14 227176 Bytes 27/5/2010 00:33:43 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/1/2010 12:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2010 15:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2010 18:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2010 17:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 16:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 27/5/2010 00:33:43 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Arquivos de programas\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: repair Secondary action....................: delete Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, F:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: quarta-feira, 26 de maio de 2010 21:42 Starting search for hidden objects. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '58' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '68' Module(s) have been scanned Scan process 'avgnt.exe' - '49' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'sched.exe' - '44' Module(s) have been scanned Scan process 'firefox.exe' - '87' Module(s) have been scanned Scan process 'WgaTray.exe' - '46' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned Scan process 'wscntfy.exe' - '18' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'TeamSpeak.exe' - '54' Module(s) have been scanned Scan process 'avgcsrvx.exe' - '8' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'jusched.exe' - '20' Module(s) have been scanned Scan process 'avgnsx.exe' - '33' Module(s) have been scanned Scan process 'avgrsx.exe' - '8' Module(s) have been scanned Scan process 'avgemc.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'PAStiSvc.exe' - '6' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned Scan process 'MDM.EXE' - '22' Module(s) have been scanned Scan process 'jqs.exe' - '87' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '31' Module(s) have been scanned Scan process 'PDVDServ.exe' - '24' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '29' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned Scan process 'Explorer.EXE' - '97' Module(s) have been scanned Scan process 'spoolsv.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '153' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '50' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '43' Module(s) have been scanned Scan process 'winlogon.exe' - '73' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '975' files ). Starting the file scan: Begin scan in 'C:\' C:\Arquivos de programas\TibiaCam TV Lite\play-00000008.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydf back-door program [NOTE] A backup was created as '4eca6a39.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00000108.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydk back-door program [NOTE] A backup was created as '565d459e.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00000208.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyeq back-door program [NOTE] A backup was created as '04021f76.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00000408.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyes back-door program [NOTE] A backup was created as '623550b4.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00000508.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyev back-door program [NOTE] A backup was created as '27b17d8a.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00010108.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyde back-door program [NOTE] A backup was created as '58aa4feb.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00010208.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyep back-door program [NOTE] A backup was created as '141263a1.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00010308.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyew back-door program [NOTE] A backup was created as '680a23f0.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00010408.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydj back-door program [NOTE] A backup was created as '45500cbd.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00020408.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyet back-door program [NOTE] A backup was created as '5c383727.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Arquivos de programas\TibiaCam TV Lite\play-00020907.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydh back-door program [NOTE] A backup was created as '30641b17.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831667.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydf back-door program [NOTE] A backup was created as '41b60f4e.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831668.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydk back-door program [NOTE] A backup was created as '4fac3f89.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831669.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyeq back-door program [NOTE] A backup was created as '0a8546cb.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831670.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyes back-door program [NOTE] A backup was created as '038e4260.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831671.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyev back-door program [NOTE] A backup was created as '5bcf5b09.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831672.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyde back-door program [NOTE] A backup was created as '773b22c5.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831673.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyep back-door program [NOTE] A backup was created as '49c54210.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831674.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyew back-door program [NOTE] A backup was created as '2acb6963.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831675.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydj back-door program [NOTE] A backup was created as '0c03297e.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831676.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kyet back-door program [NOTE] A backup was created as '3e9752db.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\System Volume Information\_restore{50B75DA3-F994-4BE2-851B-9A7DDEEE6795}\RP277\A0831677.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.kydh back-door program [NOTE] A backup was created as '34d279a5.qua' ( QUARANTINE ) [NOTE] The file was deleted! Begin scan in 'E:\' Begin scan in 'F:\' End of the scan: quinta-feira, 27 de maio de 2010 03:07 Used time: 5:25:17 Hour(s) The scan has been done completely. 36089 Scanned directories 1675708 Files were scanned 22 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 22 files were deleted 0 Viruses and unwanted programs were repaired 22 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1675686 Files not concerned 9811 Archives were scanned 0 Warnings 22 Notes 766716 Objects were scanned with rootkit scan 0 Hidden objects were found Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:15:53, on 27/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\WgaTray.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 8040 bytes Ps: Instalei o avira porém n desisntalei o AVG, vou usar um e enquanto esse estiver ligado, vou deixar o outro desligado. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 28, 2010 Ps: Instalei o avira porém n desisntalei o AVG, vou usar um e enquanto esse estiver ligado, vou deixar o outro desligado Sim, mas neste caso sugiro que você desinstale esta versão do Avg que já está antiga e instale o novo Avg 9 seguindo as dicas deste tutorial: Tutorial do Avg 9 Free (como instalá-lo corretamente) Depois disto atualize o Avg 9 (faça um update) e à medida em que forem sendo achados vírus e programas espiões escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente. ________________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe ______________________________ :seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho): http://swandog46.geekstogo.com/avenger2/download.php *Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo: Files to delete:C:\WINDOWS\system32\csrcs.exe *Execute o programa Avenger *Clique em [Load Script] > [Paste from Clipboard] *Clique em [Execute] > [OK] *O PC será reiniciado *O relatório será criado em C:\avenger.txt ______________________________ :seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor: Tutorial do Spyware Doctor Starter Edition Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto e se algum virus foi removido pelo Avg 9. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Maio 28, 2010 Olá Antonio, estou passando o AVG no pc, porém ja conclui as outras etapas. Como disse anteriormente, meu pc está normal, melhor do que estava no inicio do topico. Vou mandar os logs, tanto do avenger, como do hijack e do spydoc atualizados. Log do avenger: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\csrcs.exe" not found! Deletion of file "C:\WINDOWS\system32\csrcs.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Log do Spydoc atualizado: ps: (ficou um negócio absurdamente grande no bloco de notas, pois o formato original era .htm, então postei no megaupload., o tamanho do arquivo eh pequeno, porém o texto é muito grande para postar aqui.) http://www.megaupload.com/?d=QIFK16D1 Log do Hijack atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:08:07, on 28/5/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7452 bytes Aguardando novas instruções, desde já agradeço, fique com Deus, abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 28, 2010 B) Vários outros problemas foram removidos pelo Spyware Doctor e Hijackthis. Obs: Se o seu computador ficar lento depois da instalação do Spyware Doctor, clique com o botão do mouse sobre o ícone do Spyware Doctor na barra de tarefas (ao lado do relógio do Windows) e escolha a opção Sair. Aparecerá uma mensagem perguntando se você tem certeza de que deseja fechar o Spyware Doctor, clique em Ok. Aí quando você quizer utilizar novamente o Spyware Doctor é só você ir no menu: Iniciar --> Todos os programas --> Spyware Doctor --> Spyware Doctor. E depois de utilizá-lo basta você realizar o procedimento descrito acima para desativá-lo novamente. __________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) __________________________ Olá Antonio, estou passando o AVG no pc :seta: Depois que o escaneamento com o Avg 9 tiver terminado, você nos diz, por gentileza, se alguns outros problemas foram removidos por ele e como está o PC depois disto. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Iceds 0 Denunciar post Postado Junho 1, 2010 Olá Antonio, desculpe a demora da resposta porém estava muito ocupado com a faculdade. Estou enviando o resultado do AVG, que finlamente não encontrou problema algum. Resultado do AVG: "Verificação ""Verificar todo o computador"" foi concluída." "Nenhuma infecção foi encontrada durante esta verificação" "Pastas selecionadas para verificação:";"Verificar todo o computador" "Verificação iniciada: ";"terça-feira, 1 de junho de 2010, 17:04:56" "Teste concluído:";"terça-feira, 1 de junho de 2010, 17:27:59 (23 minuto(s) 2 segundo(s))" "Total de objetos verificados:";"322459" "Usuário que iniciou o teste:";"user" Para terminar após usar a ferramenta de "Fix Checked" do hijack nos itens que você citou, passei o hijack denovo e estou enviando este log, mas creio que está tudo OK. Meu pc está mais rapido tanto no iniciar quanto no desligar, creio que todos os problemas foram resolvidos. Peço que olhe o log e apenas me confirme isso, mas desde já agradeço e se tiver mais algumas instruções para correções de outros possiveis problemas, estou no aguardo. Abraço e fique com Deus. Log do Hijack 01/06/2010 atualizado : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:41, on 1/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Valve\Steam\Steam.exe C:\WINDOWS\system32\dllhost.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\AVG\AVG9\avgtray.exe C:\Arquivos de programas\AVG\AVG9\avgui.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7861 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 1, 2010 Creio que está tudo OK. Meu pc está mais rapido tanto no iniciar quanto no desligar, creio que todos os problemas foram resolvidos. Peço que olhe o log e apenas me confirme isso, mas desde já agradeço e se tiver mais algumas instruções para correções de outros possiveis problemas, estou no aguardo. :) Ficamos felizes que os problemas foram resolvidos. Só há mais estes passos importantes a serem feitos: :seta: <@> Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK. <@> Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. ____________________________ :seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner: Tutorial do ToolsCleaner ___________________________ :seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado: MV RegClean Auslogics Disk Defrag SpywareBlaster ________________________________ :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos. ______________________________ :seta: Se o seu Windows for original, baixe e instale o Service Pack 3: http://www.superdownloads.com.br/download/61/windows-service-pack/ ________________________________ :seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. ______________________________ :) Foi um prazer ajudar, conte sempre conosco! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 2, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
