[Resolvido!] Problema ao desligar o PC

[Luizfc_ 0]

Oi, estou com problemas ao desligar meu PC, ele não desliga do modo convencional no menu Iniciar....

 

Ele só desliga pelo trocar usuário.

 

Aqui está meu Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:49:09, on 22/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Hijack\HiJackThis.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257104335869

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: STSService - Unknown owner - C:\Arquivos de programas\SoundTaxi Media Suite\STSService.exe (file missing)

 

--

End of file - 9725 bytes

 

 

Obrigado desde já!

[wings 22]

Boa noite....

 

 

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

[Luizfc_ 0]

Bom dia wings,

 

Segue o Log.

 

.

======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 19/05/10 à 19:20

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Started: 07:29:26 le 26/05/2010 | Normal boot | Option: CLEAN

Executed from: C:\Ad-Remover\ADR.exe

OS: Microsoft Windows XP Professional (Service Pack 3 - X86)

Computer name: CASA-72A2ETXOUB

Current user: Luizinho

.

============== FIXED ELEMENTS ==============

.

.

C:\Arquivos de programas\Ask.com

C:\DOCUME~1\Luizinho\CONFIG~1\Temp\AskSearch

C:\DOCUME~1\Luizinho\CONFIG~1\Temp\ASKSUTBLOG

C:\DOCUME~1\Luizinho\CONFIG~1\Temp\Del_AskHPRFF.VBS

C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Luizinho\Dados de aplicativos\AskToolbar

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

(!) -- Deleted temporary files.

.

HKCU\Software\AppDataLow\AskToolbarInfo

HKCU\Software\Ask.com

HKCU\Software\AskToolbar

HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook

HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5

HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de programas\Ask.com\TaskScheduler.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de programas\Ask.com\UpdateTask.exe

.

.

============== ADDITIONNAL SCAN ==============

.

* Mozilla FireFox Version 3.6.3 (pt-BR) *

.

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Luizinho\\Desktop\\orkut fake

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.search.defaultenginename: Winamp Search

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.search.defaulturl: hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.search.selectedEngine: Winamp Search

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.startup.homepage: hxxp://www.google.com.br/

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3

C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - keyword.URL: hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=

.

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.cbid", "NA");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.l", "dis");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1263050488712");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.nero.userName", "");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.o", "15422");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");

ERASED: C:\Documents and Settings\Luizinho\Dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\prefs.js - user_pref("extensions.asktb.r", "2");

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: YES

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 3 Files

C:\Ad-Remover\Backup: 13 Files

.

C:\Ad-Report-CLEAN[1].txt - 7811 Byte(s)

.

End at: 07:34:24, 26/05/2010

.

============== E.O.F - CLEAN[1] ==============

[wings 22]

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

2.

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Duplo clique em dds e aguarde. Salve os relatórios no desktop

*Cole o relatório criado em DDS.txt

[Luizfc_ 0]

Segue Log..

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Luizinho at 22:45:26,51 on qua 26/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2428 [GMT -3:00]

 

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Luizinho\Meus documentos\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

uWindow Title =

uInternet Settings,ProxyOverride = local

uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\arquivos de programas\shoutcast radio toolbar\shoutcasttb.dll

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\arquivos de programas\winamp toolbar\winamptb.dll

mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\arquivos de programas\shoutcast radio toolbar\shoutcasttb.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\arquivos de programas\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\arquivos de programas\winamp toolbar\winamptb.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\arquivos de programas\shoutcast radio toolbar\shoutcasttb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\arquivos de programas\winamp toolbar\winamptb.dll

TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\arquivos de programas\shoutcast radio toolbar\shoutcasttb.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sMSERIAL] c:\arquivos de programas\motorola\smserial\sm56hlpr.exe

mRun: [synTPStart] c:\arquivos de programas\synaptics\syntp\SynTPStart.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [WinampAgent] "c:\arquivos de programas\winamp\winampa.exe"

mRunOnce: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\luizinho\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: &SHOUTcast Search - c:\documents and settings\all users\dados de aplicativos\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html

IE: &Winamp Search - c:\documents and settings\all users\dados de aplicativos\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\luizinho\dados de aplicativos\dvdvideosoftiehelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\documents and settings\luizinho\dados de aplicativos\dvdvideosoftiehelpers\youtubetomp3.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257104335869

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\luizinho\dadosd~1\mozilla\firefox\profiles\dzuv881t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\documents and settings\luizinho\dados de aplicativos\mozilla\firefox\profiles\dzuv881t.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NpFv501.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npwachk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

 

FF - user.js: browser.sessionstore.resume_from_crash - false

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-1 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-1 29512]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 242896]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\avg\avg9\avgwdsvc.exe [2010-3-13 308064]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-11-1 113504]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-1 340096]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-4-24 136176]

S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys --> c:\windows\system32\drivers\lgusbsmodem.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 STSService;STSService;"c:\arquivos de programas\soundtaxi media suite\stsservice.exe" --> c:\arquivos de programas\soundtaxi media suite\STSService.exe [?]

 

=============== Created Last 30 ================

 

2010-05-23 03:24:09 0 d-----w- c:\docume~1\luizinho\dadosd~1\Malwarebytes

2010-05-23 03:24:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-23 03:24:00 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2010-05-23 03:23:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-23 03:23:59 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-23 02:47:37 0 d-----w- C:\Hijack

2010-05-21 10:27:03 0 d-----w- c:\docume~1\alluse~1\dadosd~1\MessengerDiscovery 2

2010-05-19 02:33:50 0 d-----w- c:\arquivos de programas\PluginLetras

2010-05-07 03:03:20 0 d-----w- C:\Brasfoot2010

2010-04-29 01:59:07 411368 ----a-w- c:\windows\system32\deployJava1.dll

 

==================== Find3M ====================

 

2010-04-21 15:26:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-13 16:09:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-13 02:12:33 81620 ----a-w- c:\windows\system32\perfc016.dat

2010-03-13 02:12:33 476824 ----a-w- c:\windows\system32\perfh016.dat

2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll

 

============= FINISH: 22:45:57,25 ===============

 

Acabou? Meu PC ainda está com problema... :(

[wings 22]

1.

*Delete o DDS

 

Vejo que você tem o Malwarebytes instalado. Execute-o e atualize-o.

 

*Selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Luizfc_ 0]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4156

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

30/5/2010 19:02:23

mbam-log-2010-05-30 (19-02-23).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 193658

Tempo decorrido: 45 minuto(s), 15 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 6

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\addons\PkForever\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\addons\Tabelas\CopaBR2007\1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\addons\Tabelas\CopaBR2007\sounds\r1dll.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\addons\textos\xIRCM\1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\addons\textos\xIRCM\sounds\r1dll.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luizinho\Meus documentos\MP4\z - Diversas coisas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[wings 22]

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[Luizfc_ 0]

ComboFix 10-05-30.02 - Luizinho 30/05/2010 21:25:03.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2288 [GMT -3:00]

Executando de: c:\documents and settings\Luizinho\Meus documentos\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Luizinho\Dados de aplicativos\inst.exe

c:\windows\system32\i

c:\windows\system32\Thumbs.db

c:\windows\system32\vbzlib1.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-31 ))))))))))))))))))))))))))))

.

 

2010-05-30 21:14 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-30 21:14 . 2010-05-30 21:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-30 21:14 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-30 13:38 . 2010-05-30 13:39 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\MessengerDiscovery 2

2010-05-30 13:38 . 2010-05-30 13:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MessengerDiscovery 2

2010-05-30 13:38 . 2010-05-30 13:38 -------- d-----w- c:\arquivos de programas\MessengerDiscovery

2010-05-30 13:22 . 2010-05-30 13:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SureThing Shared

2010-05-30 13:13 . 2010-05-30 13:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LightScribe

2010-05-23 03:24 . 2010-05-23 03:24 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\Malwarebytes

2010-05-23 03:24 . 2010-05-23 03:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-05-23 02:47 . 2010-05-23 02:56 -------- d-----w- C:\Hijack

2010-05-22 13:22 . 2010-05-22 13:22 503808 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3124e9f8-n\msvcp71.dll

2010-05-22 13:22 . 2010-05-22 13:22 499712 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3124e9f8-n\jmc.dll

2010-05-22 13:22 . 2010-05-22 13:22 348160 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3124e9f8-n\msvcr71.dll

2010-05-22 13:22 . 2010-05-22 13:22 61440 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1684204c-n\decora-sse.dll

2010-05-22 13:22 . 2010-05-22 13:22 12800 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1684204c-n\decora-d3d.dll

2010-05-19 02:33 . 2010-05-19 02:34 -------- d-----w- c:\arquivos de programas\PluginLetras

2010-05-07 03:03 . 2010-05-07 03:03 -------- d-----w- C:\Brasfoot2010

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-20 02:49 . 2009-11-02 01:51 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\uTorrent

2010-05-20 01:52 . 2009-11-02 01:54 -------- d-----w- c:\arquivos de programas\uTorrent

2010-05-19 14:51 . 2010-04-24 19:29 -------- d-----w- c:\arquivos de programas\Google

2010-05-15 23:36 . 2010-04-24 03:34 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers

2010-05-15 23:36 . 2010-04-24 03:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2010-05-15 23:36 . 2010-04-24 03:33 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-12 10:45 . 2009-11-01 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-09 23:37 . 2009-11-01 22:25 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-04-29 01:59 . 2009-11-07 13:06 -------- d-----w- c:\arquivos de programas\Java

2010-04-24 19:24 . 2010-01-09 00:21 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2010-04-24 14:27 . 2010-04-24 14:27 -------- d-----w- c:\arquivos de programas\abgx360

2010-04-24 13:50 . 2010-04-24 13:50 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\Canneverbe Limited

2010-04-24 04:36 . 2010-04-24 04:36 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-04-21 15:26 . 2009-11-02 02:38 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-12 20:29 . 2010-04-29 01:59 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-10 20:20 . 2010-04-10 20:16 -------- d-----w- c:\documents and settings\Luizinho\Dados de aplicativos\Amazon

2010-04-10 20:20 . 2010-04-10 20:13 -------- d-----w- c:\arquivos de programas\Amazon

2010-04-02 14:10 . 2010-04-02 14:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-04-02 14:10 . 2010-04-02 14:10 503808 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6871c542-n\msvcp71.dll

2010-04-02 14:10 . 2010-04-02 14:10 499712 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6871c542-n\jmc.dll

2010-04-02 14:10 . 2010-04-02 14:10 348160 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6871c542-n\msvcr71.dll

2010-04-02 14:09 . 2010-04-02 14:09 61440 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3aa5fc80-n\decora-sse.dll

2010-04-02 14:09 . 2010-04-02 14:09 12800 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3aa5fc80-n\decora-d3d.dll

2010-03-25 13:56 . 2010-03-27 15:19 131360 ----a-w- c:\documents and settings\Luizinho\Dados de aplicativos\Mozilla\Firefox\Profiles\dzuv881t.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2010-03-13 16:09 . 2010-03-13 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-13 16:09 . 2009-11-02 02:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-13 16:08 . 2009-11-02 02:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-13 02:12 . 2001-10-28 18:07 81620 ----a-w- c:\windows\system32\perfc016.dat

2010-03-13 02:12 . 2001-10-28 18:07 476824 ----a-w- c:\windows\system32\perfh016.dat

2010-03-10 06:16 . 2002-09-09 17:08 420352 ----a-w- c:\windows\system32\vbscript.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

 

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2009-02-12 53248]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]

"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Luizinho\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-7 110592]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-11-1 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-13 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/11/2009 23:38 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/11/2009 23:38 242896]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [13/3/2010 13:09 308064]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [1/11/2009 15:51 113504]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1/11/2009 16:50 340096]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/4/2010 16:29 136176]

S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\DRIVERS\lgusbsmodem.sys --> c:\windows\system32\DRIVERS\lgusbsmodem.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 STSService;STSService;"c:\arquivos de programas\SoundTaxi Media Suite\STSService.exe" --> c:\arquivos de programas\SoundTaxi Media Suite\STSService.exe [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

 

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-24 19:29]

 

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-24 19:29]

 

2010-05-30 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Winamp Search - c:\documents and settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\documents and settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Luizinho\Dados de aplicativos\Mozilla\Firefox\Profiles\dzuv881t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\documents and settings\Luizinho\Dados de aplicativos\Mozilla\Firefox\Profiles\dzuv881t.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NpFv501.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

 

FF - user.js: browser.sessionstore.resume_from_crash - false

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\arquivos de programas\Winamp Toolbar\winamptb.dll

HKCU-Run-LightScribe Control Panel - c:\arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

HKLM-Run-WinampAgent - c:\arquivos de programas\Winamp\winampa.exe

AddRemove-HijackThis - c:\documents and settings\Luizinho\Meus documentos\Downloads\HijackThis.exe

AddRemove-Winamp Toolbar - c:\arquivos de programas\Winamp Toolbar\uninstall.exe

AddRemove-Winamp Detect - c:\arquivos de programas\Winamp Detect\UninstWaDetect.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-30 21:27

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2010-05-30 21:29:02

ComboFix-quarantined-files.txt 2010-05-31 00:29

 

Pré-execução: 10 pasta(s) 284.018.868.224 bytes disponíveis

Pós execução: 13 pasta(s) 283.998.523.392 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

- - End Of File - - A4D4A4EF54F421EEB11EA112E3920349

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

O log está limpo. Informe sobre o problema.

[Luizfc_ 0]

Wings, muito obrigado o problema foi resolvido...

 

Obrigado mesmo!

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.