[Arquivado] &nbspExplorer.exe encontrou um problema e precisa ser fech

[bigboy 0]

sempre q eu abro os meus documentos ou quando eu vo abrir meus hds externos pelo meu computador,aparece esse erro dizendo q o "explorer.exe encontrou um problema e precisa ser fechado".Na parte de ver o relatório de erros aparece aquele ntdll.dll,eu tava vendo nos topicos mais nenhum me ajudaram,e vi num topico que tinha q baixa esse ntdll.dll e substituir pelo q ta dando erro,agora n sei se da certo,gostaria q vcs me ajuda-se pois eu preciso muito acessar meus documentos e meus hds externos afinal de conta meus arquivos tao tudo la...

[Mário Monteiro 179]

Se entende mesmo que possa ser problemas com malwares post um log conforme regra'>http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/"]regra 2

 

Para uma boa participação leia as demais regras também

[bigboy 0]

Se entende mesmo que possa ser problemas com malwares post um log conforme regra'>http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/"]regra 2

 

Para uma boa participação leia as demais regras também

 

 

Desculpas por n postar o relatório do Hijackthis,pois eu so novato aki,gostaria muito que vcs ajuda-se no meu problema q to tendo, aki esta o relatório do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:27:48, on 4/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmctxth.exe

C:\Arquivos de programas\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE

C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Logitech\Logitech WebCam Software\LWS.exe

C:\Arquivos de programas\AVG\AVG10\avgfws.exe

C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

C:\Arquivos de programas\Razer\Copperhead\razerhid.exe

C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Razer\Diamondback 3G\razerhid.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Arquivos de programas\Razer\Copperhead\razerofa.exe

C:\Arquivos de programas\Arquivos comuns\Logishrd\LQCVFX\COCIManager.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmsrvc.exe

C:\Arquivos de programas\AVG\AVG10\avgam.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

C:\Arquivos de programas\Razer\Diamondback 3G\razerofa.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

C:\ARQUIV~1\AVG\AVG10\avgrsx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Arquivos de programas\Razer\Diamondback 3G\razertra.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nmctxth] "C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Copperhead] C:\Arquivos de programas\Razer\Copperhead\razerhid.exe

O4 - HKLM\..\Run: [Diamondback] C:\Arquivos de programas\Razer\Diamondback 3G\razerhid.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Proprietário\Dados de aplicativos\SystemProc\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.rr.getran.com.br/sah/js/smsx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187939970493

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44068FAF-8FF1-46A4-B3DD-201BEE975298}: NameServer = 200.175.5.139,200.175.89.139

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: CmsemitaPsb - {EAA64D1E-7DF1-489A-86CE-0D5E601C0EC3} - (no file)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 15299 bytes

[wings 22]

Olá bigboy

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[bigboy 0]

Olá bigboy

 

*Baixe o MalwareBytes'>http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html"]MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

 

 

 

Desculpe a demora aki esta

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4785

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

10/10/2010 01:37:06

mbam-log-2010-10-10 (01-37-06).txt

 

Tipo de Verificação: Verificação Completa (C:\|I:\|L:\|M:\|)

Objetos escaneados: 345869

Tempo decorrido: 1 hora(s), 35 minuto(s), 49 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 8

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

L:\Documents\Programas Instalados no Meu Desktop\LimeWire PRO v5.4.6.1 Final.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\BS Player v2.41 Build 1003 Final Multilingual\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\RealPlayer 11.1.2 Build 6.0.14.954 Plus\Dfx Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\RealPlayer 11.1.2 Build 6.0.14.954 Plus\RealPlayer Crack Plus.exe (Trojan.Agent) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\TuneUp Utilities 2009 v8.0.3300.1\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\BS.Player.PRO.v2.50.Build.1012\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

L:\Documents\Programas Instalados no Meu Desktop\Cisco Network Magic V.5.5.9195.0.incl.Patch-RES\Patch\Patch.exe (Patch.NetworkMagic) -> Quarantined and deleted successfully.

C:\Documents and Settings\Proprietário\wpad001.txt (Malware.Trace) -> Quarantined and deleted successfully.

[wings 22]

Olá bigboy

 

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[bigboy 0]

Olá bigboy

 

*Faça um scan online com o NOD32'>http://eset.com/onlinescan"]NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

 

aki esta o log,pego bastante virus em

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=aa012ba355a2684b897778435df4a6cc

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-14 09:59:31

# local_time=2010-10-14 06:59:31 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 51973929 51973929 0 0

# compatibility_mode=1024 16777175 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=7937 16777214 0 25 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=348541

# found=15

# cleaned=15

# scan_time=27513

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudXPAntivirus.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Proprietário\Meus documentos\Sony.Sound.Forge.Pro.10.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Proprietário\Meus documentos\Documents\Programas Instalados no Meu Desktop\Format Factory 1.70.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Arquivos de programas\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul.vir Win32/Dursg.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\hanlinne.dll.vir Win32/BHO.NWT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\autorun.i Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\maps\soundcache\valve\Downloads\Filmes,Seriados,Programas etc\Nero_9.2.6.0\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Documents\VDownloader 0.82.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Documents\Programas Instalados no Meu Desktop\DigiDNA.DiskAid.v3.11.WinAll.Incl.Keygen-CRD.rar probably a variant of Win32/Keygen.AL application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Downloads\Filmes ja Assistidos\Filmes Não Assistidos\--- Villa 3D\3D.sv.eXe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero 9\Keymaker - Nero 9.4.26.0.rar probably a variant of Win32/Agent.KQNXJLO trojan (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero 9\Instalador\Nero 9.4.13.2.c.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\nero-8.3.6.0\Nero-8.3.6.0_ptb_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\nero-8.3.6.0\nero-8.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero_9.2.6.0\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

 

Olá bigboy

 

*Faça um scan online com o NOD32'>http://eset.com/onlinescan"]NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

 

aki esta o log,pego bastante virus em

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=aa012ba355a2684b897778435df4a6cc

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-10-14 09:59:31

# local_time=2010-10-14 06:59:31 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 51973929 51973929 0 0

# compatibility_mode=1024 16777175 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=7937 16777214 0 25 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=348541

# found=15

# cleaned=15

# scan_time=27513

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudXPAntivirus.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Proprietário\Meus documentos\Sony.Sound.Forge.Pro.10.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Proprietário\Meus documentos\Documents\Programas Instalados no Meu Desktop\Format Factory 1.70.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Arquivos de programas\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul.vir Win32/Dursg.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\hanlinne.dll.vir Win32/BHO.NWT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\autorun.i Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\maps\soundcache\valve\Downloads\Filmes,Seriados,Programas etc\Nero_9.2.6.0\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Documents\VDownloader 0.82.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Documents\Programas Instalados no Meu Desktop\DigiDNA.DiskAid.v3.11.WinAll.Incl.Keygen-CRD.rar probably a variant of Win32/Keygen.AL application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Downloads\Filmes ja Assistidos\Filmes Não Assistidos\--- Villa 3D\3D.sv.eXe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero 9\Keymaker - Nero 9.4.26.0.rar probably a variant of Win32/Agent.KQNXJLO trojan (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero 9\Instalador\Nero 9.4.13.2.c.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\nero-8.3.6.0\Nero-8.3.6.0_ptb_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\nero-8.3.6.0\nero-8.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

L:\Filmes,Seriados,Programas etc\Aplicativos\Nero_9.2.6.0\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

[wings 22]

Olá bigboy

 

1.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

2.

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

*Clique na aba [Logs], selecione o relatório e clique [Apagar]

 

3.

*Desative temporariamente seu antivírus

 

Clique em [iniciar] > [Programas] > [AVG]

Abra a Interface do usuário do AVG

Duplo clique na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.