[Resolvido!] Explorer abrindo sem parar

[Pedroto11 0]

o explorer.exe fica abrindo e fechando sozinho a cada 10 segundos

Já passei Advanced SystemCare e avast, e nenhum encontra nenhum virus ou spyware..

 

Não consigo resolver esse problema !!

Não aguento mais isso !!!

 

Alguém pode me ajudar,por favor??

 

 

Passei o HijackThis fui em main menu fui em Do a system scan and save a logfile

dai o Bloco de Notas abriu com esses codigos:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:42:00, on 10/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe\HijackThis.exe

C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pedro Vinícius\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{72A21011-A87A-4F26-B182-266D4B6BC34E}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{72A21011-A87A-4F26-B182-266D4B6BC34E}: NameServer = 201.10.128.2,201.10.120.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{72A21011-A87A-4F26-B182-266D4B6BC34E}: NameServer = 201.10.128.2,201.10.120.2

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

 

--

End of file - 6875 bytes

[wings 22]

Boa noite....

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Pedroto11 0]

Malwarebytes' Anti-Malware 1.46 beta

www.malwarebytes.org

 

Versão da Base de Dados: 4426

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

14/08/2010 00:36:14

mbam-log-2010-08-14 (00-36-14).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 175801

Tempo decorrido: 32 minuto(s), 5 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

Agradeço muito a sua ajuda!

[wings 22]

1.

*Baixe o ERUNT e salve-o no desktop

*Extraia o conteúdo para a pasta C:\ERUNT

*Duplo clique em ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[Pedroto11 0]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

[wings 22]

1.

*Execute o arquivo c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

2.

*Baixe o SCRP e salve-o no desktop

*Execute o SCRP, aguarde e clique em [OK]

 

3.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

[Pedroto11 0]

ComboFix 10-08-14.06 - Pedro Vinícius 15/08/2010 11:47:33.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.960.237 [GMT -3:00]

Executando de: c:\users\Pedro Vinícius\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Pedro Vinícius\AppData\Local\Temp\C58F.tmp

c:\users\PEDROV~1\AppData\Local\Temp\C58F.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-15 to 2010-08-15 ))))))))))))))))))))))))))))

.

 

2010-08-15 14:52 . 2010-08-15 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-15 14:40 . 2010-08-15 14:40 -------- d-----w- c:\windows\system32\Wat

2010-08-15 03:44 . 2010-08-15 03:44 -------- d-----w- c:\program files\Software Informer

2010-08-15 03:44 . 2010-08-15 03:44 -------- d-----w- c:\programdata\FreeDownloadManager.ORG

2010-08-15 03:44 . 2010-08-15 03:48 -------- d-----w- c:\program files\Free Download Manager

2010-08-15 01:17 . 2010-08-15 01:28 -------- d-----w- C:\ERUNT

2010-08-15 00:37 . 2010-08-15 00:37 -------- d-----w- c:\programdata\Messenger Plus!

2010-08-15 00:36 . 2010-08-15 00:36 -------- d-----w- c:\program files\Messenger Plus! Live

2010-08-14 02:52 . 2010-04-26 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 02:52 . 2010-08-14 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 02:52 . 2010-08-14 02:52 -------- d-----w- c:\programdata\Malwarebytes

2010-08-14 02:52 . 2010-04-26 18:07 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-13 14:58 . 2010-08-13 14:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-08-13 13:51 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-08-13 13:49 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-08-13 13:49 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-08-13 13:49 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-08-13 13:49 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-08-13 13:49 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-08-12 20:51 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-08-12 20:51 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-08-12 20:51 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe

2010-08-12 20:51 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe

2010-08-12 20:50 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-08-12 20:15 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-08-12 20:05 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-08-12 20:05 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-08-12 20:05 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 20:05 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-08-12 20:05 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-08-12 20:00 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-12 19:59 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-08-12 19:59 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Microsoft

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-08-12 19:57 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 19:57 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 19:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2010-08-12 19:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-08-12 19:57 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Windows Live

2010-08-12 19:55 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 19:55 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 19:55 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-12 19:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-08-12 19:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-08-12 19:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-08-12 19:55 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 19:52 . 2010-08-12 19:52 -------- d-----w- c:\program files\Common Files\Windows Live

2010-08-12 19:52 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-08-12 19:52 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-08-12 19:52 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-08-12 19:49 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-08-12 19:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\programdata\McAfee Security Scan

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\programdata\McAfee

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\program files\McAfee Security Scan

2010-08-12 14:22 . 2010-08-12 14:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-08-12 14:22 . 2010-08-12 14:22 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-08-12 14:05 . 2010-08-12 14:05 -------- d-----w- c:\windows\system32\Macromed

2010-08-12 14:01 . 2010-05-21 17:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 14:01 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-12 14:01 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-12 14:01 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-12 14:01 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-12 14:01 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-08-12 14:00 . 2010-08-12 19:58 -------- d-sh--w- c:\windows\Installer

2010-08-12 14:00 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-12 14:00 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-12 14:00 . 2010-08-12 14:00 -------- d-----w- c:\programdata\Alwil Software

2010-08-12 14:00 . 2010-08-12 14:00 -------- d-----w- c:\program files\Alwil Software

2010-08-12 13:47 . 2010-08-15 14:42 -------- d-----w- c:\windows\system32\wbem\Performance

2010-08-12 13:35 . 2010-08-12 13:42 -------- d-----w- c:\windows\Panther

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-15 14:42 . 2009-07-14 08:31 654272 ----a-w- c:\windows\system32\prfh0416.dat

2010-08-15 14:42 . 2009-07-14 08:31 124724 ----a-w- c:\windows\system32\prfc0416.dat

2010-08-13 15:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Modelos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Menu Iniciar

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Favoritos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Documentos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Dados de aplicativos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\program files\Common Files\Sistema

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\program files\Arquivos Comuns

2010-08-12 13:38 . 2010-08-12 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-06-22 02:47 . 2010-08-12 19:56 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-12 19:56 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-12 19:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-08 06:02 . 2010-08-12 19:56 1233920 ----a-w- c:\windows\system32\msxml3.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]

"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-06-29 2322501]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

 

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

 

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Baixar com o Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

TCP: {9B95F25F-FA1E-4EAB-B4D7-10C3C6283AA1} = 201.10.128.2,201.10.120.2

FF - ProfilePath - c:\users\Pedro Vinícius\AppData\Roaming\Mozilla\Firefox\Profiles\9k3fqq6x.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-fsm - (no file)

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\windows\system32\sppsvc.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-08-15 11:56:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-08-15 14:56

 

Pré-execução: 51.937.480.704 bytes disponíveis

Pós execução: 51.687.587.840 bytes disponíveis

 

- - End Of File - - 407CF46662F9D63298273D8AB12C2A64

 

ComboFix 10-08-14.06 - Pedro Vinícius 15/08/2010 11:47:33.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.960.237 [GMT -3:00]

Executando de: c:\users\Pedro Vinícius\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Pedro Vinícius\AppData\Local\Temp\C58F.tmp

c:\users\PEDROV~1\AppData\Local\Temp\C58F.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-15 to 2010-08-15 ))))))))))))))))))))))))))))

.

 

2010-08-15 14:52 . 2010-08-15 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-15 14:40 . 2010-08-15 14:40 -------- d-----w- c:\windows\system32\Wat

2010-08-15 03:44 . 2010-08-15 03:44 -------- d-----w- c:\program files\Software Informer

2010-08-15 03:44 . 2010-08-15 03:44 -------- d-----w- c:\programdata\FreeDownloadManager.ORG

2010-08-15 03:44 . 2010-08-15 03:48 -------- d-----w- c:\program files\Free Download Manager

2010-08-15 01:17 . 2010-08-15 01:28 -------- d-----w- C:\ERUNT

2010-08-15 00:37 . 2010-08-15 00:37 -------- d-----w- c:\programdata\Messenger Plus!

2010-08-15 00:36 . 2010-08-15 00:36 -------- d-----w- c:\program files\Messenger Plus! Live

2010-08-14 02:52 . 2010-04-26 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 02:52 . 2010-08-14 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 02:52 . 2010-08-14 02:52 -------- d-----w- c:\programdata\Malwarebytes

2010-08-14 02:52 . 2010-04-26 18:07 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-13 14:58 . 2010-08-13 14:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-08-13 13:51 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-08-13 13:49 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-08-13 13:49 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-08-13 13:49 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-08-13 13:49 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-08-13 13:49 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-08-12 20:51 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-08-12 20:51 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-08-12 20:51 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe

2010-08-12 20:51 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe

2010-08-12 20:50 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-08-12 20:15 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-08-12 20:05 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-08-12 20:05 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-08-12 20:05 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 20:05 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-08-12 20:05 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-08-12 20:00 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-12 19:59 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-08-12 19:59 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Microsoft

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-08-12 19:57 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 19:57 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 19:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2010-08-12 19:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-08-12 19:57 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-08-12 19:57 . 2010-08-12 19:57 -------- d-----w- c:\program files\Windows Live

2010-08-12 19:55 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 19:55 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 19:55 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-12 19:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-08-12 19:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-08-12 19:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-08-12 19:55 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 19:52 . 2010-08-12 19:52 -------- d-----w- c:\program files\Common Files\Windows Live

2010-08-12 19:52 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-08-12 19:52 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-08-12 19:52 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-08-12 19:49 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-08-12 19:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\programdata\McAfee Security Scan

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\programdata\McAfee

2010-08-12 14:37 . 2010-08-12 14:37 -------- d-----w- c:\program files\McAfee Security Scan

2010-08-12 14:22 . 2010-08-12 14:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-08-12 14:22 . 2010-08-12 14:22 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-08-12 14:05 . 2010-08-12 14:05 -------- d-----w- c:\windows\system32\Macromed

2010-08-12 14:01 . 2010-05-21 17:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 14:01 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-12 14:01 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-12 14:01 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-12 14:01 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-12 14:01 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-08-12 14:00 . 2010-08-12 19:58 -------- d-sh--w- c:\windows\Installer

2010-08-12 14:00 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-12 14:00 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-12 14:00 . 2010-08-12 14:00 -------- d-----w- c:\programdata\Alwil Software

2010-08-12 14:00 . 2010-08-12 14:00 -------- d-----w- c:\program files\Alwil Software

2010-08-12 13:47 . 2010-08-15 14:42 -------- d-----w- c:\windows\system32\wbem\Performance

2010-08-12 13:35 . 2010-08-12 13:42 -------- d-----w- c:\windows\Panther

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-15 14:42 . 2009-07-14 08:31 654272 ----a-w- c:\windows\system32\prfh0416.dat

2010-08-15 14:42 . 2009-07-14 08:31 124724 ----a-w- c:\windows\system32\prfc0416.dat

2010-08-13 15:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Modelos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Menu Iniciar

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Favoritos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Documentos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\programdata\Dados de aplicativos

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\program files\Common Files\Sistema

2010-08-12 13:42 . 2010-08-12 13:42 -------- d-sh--we c:\program files\Arquivos Comuns

2010-08-12 13:38 . 2010-08-12 13:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-06-22 02:47 . 2010-08-12 19:56 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-12 19:56 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-12 19:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-08 06:02 . 2010-08-12 19:56 1233920 ----a-w- c:\windows\system32\msxml3.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]

"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-06-29 2322501]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

 

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

 

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Baixar com o Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

TCP: {9B95F25F-FA1E-4EAB-B4D7-10C3C6283AA1} = 201.10.128.2,201.10.120.2

FF - ProfilePath - c:\users\Pedro Vinícius\AppData\Roaming\Mozilla\Firefox\Profiles\9k3fqq6x.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-fsm - (no file)

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\windows\system32\sppsvc.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-08-15 11:56:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-08-15 14:56

 

Pré-execução: 51.937.480.704 bytes disponíveis

Pós execução: 51.687.587.840 bytes disponíveis

 

- - End Of File - - 407CF46662F9D63298273D8AB12C2A64

[wings 22]

Colega...não estou te entendendo!!

 

O log do hijack aponta Windows XP SP3

 

O log do combofix aponta Microsoft Windows 7 Ultimate

 

?????????????

 

O log está limpo...

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

Um abraço.

[Pedroto11 0]

Me desculpe amigo. o problema é que quando mandei a primeira pergunta eu estava usando o win xp sp3 msm! dai fiz o scaner com hijack.

dai tentei resolver o problema formatando com windows 7 ultimate,isso antes de você responder minha primeira pergunta.

mais o problema percisti... nao deu jeito!

Um abraço.

 

Quero que você me ajude a resolver esse problema que a cada dia me deixa mais nervoso... to puto com isso!

[wings 22]

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar, seja paciente!

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

 

Responda também:

 

1) O que abre e fecha?..Windows explorer ou Internet Explorer?

 

Caso seja o Windows explorer, experimente outro teclado. Pode ser uma tecla presa.

[Pedroto11 0]

Vlw por tudo amigo. mais hoje o problema nao se manifestou! Mais Obrigado por tudo... abrass

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.