[Resolvido!] Infectado por Keylogger

[Nilton Neto 0]

Gostaria de solicitar ajuda aos moderadores ou analistas para resover um problema de infeção no meu notebook.

 

De repente ao iniciar o windows 7 estão aparecendo mensagens estranhas como se estivesse algum programa aberto, bem como meu notebook ficou lento, assim como a velocidade da internet ter despencado. Não tenho conhecimento sobre o assunto, somente sou um usuário normal e sem especialização.

Alem disso, consultei o gerenciador de tarefas e notei nomes de arquivos estranhos com essa limha abaixo:

 

igfxpers.exe - persistence Module

igfxsrv.exe - igfxsrv Module

 

 

Abaixo segue o resultado do teste realizado com o HijackThis segundo orientação do fórum sobre como realizar o teste.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:42:58, on 19/08/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Conexant\SAII\SmartAudio.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\DigibestTV\ScheduleMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\HiJack This\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 213.203.216.114 http://www.marketsamurai.com

O1 - Hosts: 213.203.216.114 marketsamurai.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

O4 - HKLM\..\Run: [ximuSoft-T] C:\\Google Translate Desktop.exe mini

O4 - HKLM\..\Run: [HKLMU] C:\Users\Nilton Neto\AppData\Roaming\WWM\svchost.exe

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

O4 - HKCU\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [HKCUM] C:\Users\Nilton Neto\AppData\Roaming\WWM\svchost.exe

O4 - HKLM\..\Policies\Explorer\Run: [security Center] C:\Users\Nilton Neto\AppData\Roaming\WWM\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [security Center] C:\Users\Nilton Neto\AppData\Roaming\WWM\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

O4 - Global Startup: ScheduleMonitor.lnk = C:\Program Files (x86)\DigibestTV\ScheduleMonitor.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\windows\SysWOW64\ASTSRV.EXE

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12243 bytes

 

Obrigado pela ajuda.

 

Nilton Neto.

[wings 22]

Boa noite...

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Nilton Neto 0]

Olá wings,

 

Em primeiro lugar muito obrigado por responder ao meu tópico.

Abaixo segue o resultado da verificação indicada por você.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4451

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

20/08/2010 12:45:47

mbam-log-2010-08-20 (12-45-47).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 298088

Tempo decorrido: 53 minuto(s), 23 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 2

Valores de Registro Infectados: 4

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 26

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{jy4rlwf0-741u-7bl2-ld8y-i2k64gag86n7} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{r268ja18-7331-g208-bkd7-0a20b055e67p} (Generic.Bot.H) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\security center (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcum (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\security center (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklmu (Trojan.Agent) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Users\Nilton Neto\AppData\Roaming\WWM\svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\Users\Nilton (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\ADOBE CS3\adobe_cs3_Keygen.Collection_2007\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\PARTE 2\BURLAR PROGRAMAS SHEWARE\Trial-Reset.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\PARTE 2\BURLAR PROGRAMAS SHEWARE\Plugins\Alcohol 1.x.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\PARTE 2\BURLAR PROGRAMAS SHEWARE\Plugins\Empty Key.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\Arquivos Outro Micro\PARTE 2\BURLAR PROGRAMAS SHEWARE\Plugins\SLYSOFT.DLL (Malware.Packer) -> Quarantined and deleted successfully.

C:\downloads\VuzeSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\Users\Nilton Neto\AppData\Local\Install.exe (Rogue.Removeit) -> Quarantined and deleted successfully.

 

 

Mais uma vez obrigado.

[wings 22]

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar, seja paciente!

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

[Nilton Neto 0]

Olá wings,

Abaixo segue o relatório do Kaspersky Virus Removal Tool.

 

Autoscan: completed 1 minute ago (events: 33, objects: 397076, time: 01:56:10)

21/08/2010 15:37:25 Task started

21/08/2010 15:49:26 Detected: Hoax.Win32.WebMoner.im C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe/Compiler.exe/data0000

21/08/2010 15:50:23 Untreated: Hoax.Win32.WebMoner.im C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe/Compiler.exe/data0000 Write not supported

21/08/2010 15:50:24 Detected: Hoax.Win32.WebMoner.qg C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe/Nhelp.exe

21/08/2010 15:52:09 Detected: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

21/08/2010 15:52:13 Untreated: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe Write not supported

21/08/2010 16:00:13 Detected: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\Todos os Usuários\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

21/08/2010 16:00:24 Untreated: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\Todos os Usuários\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe Write not supported

21/08/2010 16:05:00 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org.rar/NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org/nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe

21/08/2010 16:05:04 Untreated: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org.rar/NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org/nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe Write not supported

21/08/2010 16:06:10 Detected: Trojan.Win32.FraudPack.alte C:\downloads\Press_Release_Submitter.rar/pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect

21/08/2010 16:06:14 Untreated: Trojan.Win32.FraudPack.alte C:\downloads\Press_Release_Submitter.rar/pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect Write not supported

21/08/2010 16:08:23 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.exe

21/08/2010 16:08:27 Untreated: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.exe Skipped by user

21/08/2010 16:08:30 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe

21/08/2010 16:08:33 Untreated: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe Write not supported

21/08/2010 16:08:42 Detected: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium.zip/Elite-Premium2.exe

21/08/2010 16:08:45 Untreated: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium.zip/Elite-Premium2.exe Skipped by user

21/08/2010 16:08:46 Detected: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium2.exe

21/08/2010 16:08:49 Untreated: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium2.exe Skipped by user

21/08/2010 16:26:56 Detected: Trojan.Win32.FraudPack.alte C:\Ganhar Dinheiro\RELEASE SUBMETER\pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect

21/08/2010 16:29:11 Untreated: Trojan.Win32.FraudPack.alte C:\Ganhar Dinheiro\RELEASE SUBMETER\pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect Write not supported

21/08/2010 16:44:49 Detected: HEUR:Trojan.Script.Iframer C:\Ganhar Dinheiro\Programas\Your-Very-Own-Article-Directory_fuLL\Your-Very-Own-Article-Directory\ArticleSiteDir-Rights.zip/index.htm

21/08/2010 16:44:54 Untreated: HEUR:Trojan.Script.Iframer C:\Ganhar Dinheiro\Programas\Your-Very-Own-Article-Directory_fuLL\Your-Very-Own-Article-Directory\ArticleSiteDir-Rights.zip/index.htm Skipped by user

21/08/2010 17:01:00 Detected: HackTool.Win32.Kiser.fm C:\Program Files (x86)\Nitro PDF\Professional\nitro.pdf.professional-patch.exe

21/08/2010 17:01:05 Untreated: HackTool.Win32.Kiser.fm C:\Program Files (x86)\Nitro PDF\Professional\nitro.pdf.professional-patch.exe Skipped by user

21/08/2010 17:03:10 Detected: Trojan-PSW.Win32.Dybalom.rl C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

21/08/2010 17:03:14 Untreated: Trojan-PSW.Win32.Dybalom.rl C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe Write not supported

21/08/2010 17:04:50 Detected: Trojan-PSW.Win32.Dybalom.rl C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

21/08/2010 17:04:54 Untreated: Trojan-PSW.Win32.Dybalom.rl C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe Write not supported

21/08/2010 17:11:04 Detected: Trojan-PSW.Win32.Dybalom.rl C:\Users\Todos os Usuários\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

21/08/2010 17:11:08 Untreated: Trojan-PSW.Win32.Dybalom.rl C:\Users\Todos os Usuários\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe Write not supported

21/08/2010 17:33:35 Task completed

 

 

Mais uma vez obrigado,

 

Nilton Neto.

[wings 22]

*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start

*A tela principal do Kaspersky será aberta novamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar, seja paciente!

*Caso encontre algo, clique em [Disinfect], caso não seja possível, clique em [Delete]

*Ao término do scan, clique em [Report]

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log2.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

[Nilton Neto 0]

Olá wings,

Abaixo segue o segundo relatório do Kaspersky Virus Removal Tool.

 

Autoscan: completed 1 day ago (events: 33, objects: 397076, time: 01:56:10)

Autoscan: completed 3 minutes ago (events: 25, objects: 226416, time: 01:25:53)

23/08/2010 13:28:58 Task started

23/08/2010 13:37:23 Detected: Hoax.Win32.WebMoner.im C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe/Compiler.exe/data0000

23/08/2010 13:38:04 Detected: Hoax.Win32.WebMoner.qg C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe/Nhelp.exe

23/08/2010 13:38:04 Deleted: Hoax.Win32.WebMoner.qg C:\Arquivos Outro Micro\PARTE 2\Natata_eBook_Compiler_Gold_3.03_Portable\NATATA eBook Compiler.exe

23/08/2010 13:40:30 Detected: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar/Website Popularity v2.9/Website.Popularity.v2.9.0.0/setup/websitepopularitysetup.rar/websitepopularitysetup.exe/data0000.cab/install.exe

23/08/2010 13:40:59 Deleted: Trojan-PSW.Win32.Dybalom.rl C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7A6B20AF-0D60-49DE-AF5A-911D2E93F9AF}-Website_Popularity_v2.9.rar

23/08/2010 13:49:35 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org.rar/NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org/nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe

23/08/2010 13:50:41 Deleted: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org.rar

23/08/2010 13:50:46 Detected: Trojan.Win32.FraudPack.alte C:\downloads\Press_Release_Submitter.rar/pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect

23/08/2010 13:51:04 Deleted: Trojan.Win32.FraudPack.alte C:\downloads\Press_Release_Submitter.rar

23/08/2010 13:51:38 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.exe

23/08/2010 13:51:40 Detected: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.rar/nitro.pdf.professional-patch.exe

23/08/2010 13:51:52 Detected: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium2.exe

23/08/2010 13:52:00 Deleted: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.exe

23/08/2010 13:52:00 Deleted: HackTool.Win32.Kiser.fm C:\downloads\NitroPDFProfessional6.0.1.8x64-www.baixandolegal.org\nitro.pdf.professional-patch.rar

23/08/2010 13:52:03 Deleted: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium2.exe

23/08/2010 13:52:04 Detected: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium.zip/Elite-Premium2.exe

23/08/2010 13:52:13 Deleted: Trojan.Win32.Agent.efgv C:\FERNANDO AUGUSTO\CURSOS\Elite-Premium.zip/Elite-Premium2.exe

23/08/2010 13:54:38 Detected: HEUR:Trojan.Script.Iframer C:\Ganhar Dinheiro\Programas\Your-Very-Own-Article-Directory_fuLL\Your-Very-Own-Article-Directory\ArticleSiteDir-Rights.zip/index.htm

23/08/2010 13:55:03 Detected: Trojan.Win32.FraudPack.alte C:\Ganhar Dinheiro\RELEASE SUBMETER\pressreleasesubmittersetup.exe/data0000/PE_Patch/ASProtect

23/08/2010 13:55:29 Deleted: HEUR:Trojan.Script.Iframer C:\Ganhar Dinheiro\Programas\Your-Very-Own-Article-Directory_fuLL\Your-Very-Own-Article-Directory\ArticleSiteDir-Rights.zip/index.htm

23/08/2010 13:55:40 Deleted: Trojan.Win32.FraudPack.alte C:\Ganhar Dinheiro\RELEASE SUBMETER\pressreleasesubmittersetup.exe

23/08/2010 14:19:22 Detected: HackTool.Win32.Kiser.fm C:\Program Files (x86)\Nitro PDF\Professional\nitro.pdf.professional-patch.exe

23/08/2010 14:19:40 Deleted: HackTool.Win32.Kiser.fm C:\Program Files (x86)\Nitro PDF\Professional\nitro.pdf.professional-patch.exe

23/08/2010 14:54:52 Task completed

 

Mais uma vez obrigado.

 

Nilton Neto.

[wings 22]

Por favor...novo log do hijack.

 

Informe, também, como está o PC.

[Nilton Neto 0]

Olá wings,

Em relação ao meu PC, o mesmo está com a conexão de internet restabelecida no que se refere a velocidade, assim como também não estou mais recebendo mensagens estranhas na área de trabalho.

Acredito que os problemas que relatei no primeiro dia, não existam mais.

 

Abaixo está o segundo log do hijack.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:21:36, on 23/08/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Conexant\SAII\SmartAudio.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Program Files (x86)\DigibestTV\ScheduleMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\HiJack This\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 213.203.216.114 http://www.marketsamurai.com

O1 - Hosts: 213.203.216.114 marketsamurai.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

O4 - HKLM\..\Run: [ximuSoft-T] C:\\Google Translate Desktop.exe mini

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

O4 - HKCU\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: setup_9.0.0.722_20.08.2010_21-52.lnk = Nilton Neto\Desktop\Virus Removal Tool\setup_9.0.0.722_20.08.2010_21-52\startup.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

O4 - Global Startup: ScheduleMonitor.lnk = C:\Program Files (x86)\DigibestTV\ScheduleMonitor.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\windows\SysWOW64\ASTSRV.EXE

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12166 bytes

 

Mais uma vez obrigado,

 

Nilton Neto.

[wings 22]

OK...o log está limpo.

 

*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start

*A tela principal do Kaspersky será aberta novamente

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete os arquivos setup do Kaspersky, log.txt e log2.txt salvos no desktop

 

Um abraço.

[Nilton Neto 0]

Olá wings,

 

Meu muito obrigado pela ajuda e pela paciência.

 

Mais uma dúvida.

 

Eu preciso fechar o tópico ou você mesmo fecha. Não estou acostumado com fórums.

 

Sucesso sempre e que Deus ilumine seus caminhos e de sua família.

 

 

Nilton Neto.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.