Japaxd 0 Denunciar post Postado Novembro 5, 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:58, on 05/11/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\HijHackthis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file) O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8393 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Novembro 5, 2010 :) Olá Japaxd! :seta: Há muitas toolbars (barras de ferramentas) instaladas em seu PC que podem deixar a navegação muito mais lenta, além do fato de que algumas toolbars costumam não ser confiáveis, sugiro que desinstale-as (a não ser alguma que você precise muito). ____________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file) O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing) ______________________________ :seta: Baixe e execute este programa que desativa o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento): http://download.gizmo5.com/jasmine/TurnOffBonjour.exe ______________________________ :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos. ______________________________ :seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Japaxd 0 Denunciar post Postado Novembro 6, 2010 HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:48, on 06/11/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\HijHackthis\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file) O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8066 bytes Malwarebytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 5055 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06/11/2010 20:21:30 mbam-log-2010-11-06 (20-21-30).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 283346 Tempo decorrido: 2 hora(s), 11 minuto(s), 51 segundo(s) Processos de Memória Infectados: 1 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 2 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 3 Arquivos Infectados: 53 Processos de Memória Infectados: C:\Level Up! Games\PW\element\elementclient.exe (Malware.Packer.Gen) -> Unloaded process successfully. Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CURRENT_USER\SOFTWARE\System3048 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\System3048 (Malware.Trace) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: C:\Windows\Svchost (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso (Backdoor.Bot) -> Quarantined and deleted successfully. Arquivos Infectados: C:\Level Up! Games\PW\element\elementclient.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Ramon\Desktop\Pasta ²\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\IceCold ReLoaded.exe (HackTool.Agent) -> Quarantined and deleted successfully. C:\ProgramLog\MsnNet.exe (Trojan.Banker.Gen) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\04032010.Dat (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Config.ini (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\ERRODLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\EXCLDLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\INFDLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Intdlg.dat (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Portugues.lng (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\recurso.$$$ (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Skin.ini (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Uninstall.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\uninstall.spk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\alt_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\barra_fundo.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\bksp_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\caps_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\ctrl_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\del_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\end_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\enter_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\esc_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\espaco_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f10_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f11_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f12_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f1_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f2_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f3_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f4_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f5_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f6_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f7_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f8_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\f9_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\home_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\ins_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\menu_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\num_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\pause_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\pgd_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\pgup_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\pscr_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\scro_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\setabaixo_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\setacima_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\setadir_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\setaesq_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\shift_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\tab_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\Svchost\svchost\Recurso\win_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ramon\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. obrigado pela atençao OBRIGADO PELA ANTEÇAO E BOA NOITE Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Novembro 6, 2010 :) Vários problemas foram removidos pelo Malwarebytes. ____________________________ :seta: Mas pelo visto você não seguiu as orientações que te passei para desinstalar toolbars desnecessárias e para dar um fix checked naquelas entradas do Hijackthis que te passei, seria muito bom fazer isto. _____________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> O log do Combofix estará em C:\ComboFix.txt _______________________________ :seta: Siga também estas dicas: '>http://www.caixadedicas.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner '>http://www.caixadedicas.com/2009/10/tutorial-do-bankerfix.html"]Tutorial do Bankerfix ______________________________ :seta: Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis, o relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt, o log do Combofix que estará em C:\ComboFix.txt e nos diga como está o seu PC depois disto. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Japaxd 0 Denunciar post Postado Novembro 7, 2010 aaaaaaaaaaaa em relaçao ao toolbar eu tentei deleta mais num pego como eu faço pra deleta e obrigado novamente Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Novembro 7, 2010 aaaaaaaaaaaa em relaçao ao toolbar eu tentei deleta mais num pego como eu faço pra deleta e obrigado novamente Deixe para depois então a desinstalação delas e siga as outras etapas que te passei hoje e poste os novos logs para analisarmos. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Japaxd 0 Denunciar post Postado Novembro 7, 2010 BankerFix BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2010-11-06 - 22:32 ------------------------------------------------------- Lista de Definição: 2010-09-22-1 | CORE: 2010-01-14-1 ======================================================= ----- Fim ------------------------- Combofix ComboFix 10-11-07.01 - Ramon 06/11/2010 22:17:27.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2047.1157 [GMT -3:00] Executando de: c:\users\Ramon\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Downloaded Installers c:\program files\Downloaded Installers\{0FA15394-2695-48AB-9BA9-3F21EC94D5C0}\setup.msi c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ARA\ChipsetARA.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHS\ChipsetCHS.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHT\ChipsetCHT.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CSY\ChipsetCSY.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DAN\ChipsetDAN.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DEU\ChipsetDEU.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ELL\ChipsetELL.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ENU\ChipsetENU.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ESP\ChipsetESP.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FIN\ChipsetFIN.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FRA\ChipsetFRA.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HEB\ChipsetHEB.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HUN\ChipsetHUN.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ITA\ChipsetITA.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\JPN\ChipsetJPN.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\KOR\ChipsetKOR.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NLD\ChipsetNLD.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NOR\ChipsetNOR.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PLK\ChipsetPLK.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTB\ChipsetPTB.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTG\ChipsetPTG.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\RUS\ChipsetRUS.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\SVE\ChipsetSVE.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\THA\ChipsetTHA.dll c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\TRK\ChipsetTRK.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ARA\ChipsetARA.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CHS\ChipsetCHS.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CHT\ChipsetCHT.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CSY\ChipsetCSY.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\DAN\ChipsetDAN.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\DEU\ChipsetDEU.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ELL\ChipsetELL.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ENU\ChipsetENU.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ESP\ChipsetESP.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\FIN\ChipsetFIN.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\FRA\ChipsetFRA.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\HEB\ChipsetHEB.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\HUN\ChipsetHUN.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ITA\ChipsetITA.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\JPN\ChipsetJPN.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\KOR\ChipsetKOR.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\NLD\ChipsetNLD.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\NOR\ChipsetNOR.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PLK\ChipsetPLK.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PTB\ChipsetPTB.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PTG\ChipsetPTG.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\RUS\ChipsetRUS.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\SVE\ChipsetSVE.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\THA\ChipsetTHA.dll c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\TRK\ChipsetTRK.dll C:\ProgramLog c:\users\Ramon\dat2.000 c:\users\Ramon\GoogleEarthSetup.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))) . 2010-11-07 01:24 . 2010-11-07 01:25 -------- d-----w- c:\users\Ramon\AppData\Local\temp 2010-11-07 01:24 . 2010-11-07 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-07 01:24 . 2010-11-07 01:24 -------- d-----w- c:\users\Convidado\AppData\Local\temp 2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes 2010-11-05 23:46 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\programdata\Malwarebytes 2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-05 23:46 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-05 20:22 . 2010-11-06 23:29 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-11-05 20:22 . 2010-11-05 20:22 -------- d-----w- c:\program files\Intel 2010-11-05 20:21 . 2010-11-05 20:21 -------- d-----w- C:\Intel 2010-11-05 19:26 . 2010-11-05 19:26 -------- d-----w- c:\users\Ramon\AppData\Local\SlimWare Utilities Inc 2010-11-05 19:25 . 2010-11-05 19:25 -------- d-----w- c:\program files\SlimDrivers 2010-11-05 19:24 . 2008-12-03 20:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe 2010-11-05 19:24 . 2010-11-05 20:21 -------- d-----w- c:\program files\Driver Checker 2010-11-05 15:32 . 2010-11-06 23:33 -------- d-----w- C:\HijHackthis 2010-11-05 12:31 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{441D2A7E-846F-4134-B254-F86CEBDD8BEC}\mpengine.dll 2010-11-02 23:37 . 2010-11-02 23:37 -------- d-----w- c:\program files\Sony 2010-11-02 22:42 . 2010-11-02 22:42 -------- d-----w- c:\program files\SystemRequirementsLab 2010-11-02 22:42 . 2010-11-02 22:42 -------- d-----w- c:\users\Ramon\SystemRequirementsLab 2010-11-02 01:59 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-11-02 01:59 . 2009-09-04 20:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2010-11-02 01:59 . 2009-09-04 20:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2010-11-02 01:59 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-11-02 01:59 . 2009-09-04 20:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2010-11-02 01:58 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-11-02 01:58 . 2008-10-27 13:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll 2010-11-02 01:58 . 2008-10-27 13:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll 2010-11-02 01:58 . 2008-10-27 13:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll 2010-11-02 01:58 . 2008-10-27 13:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll 2010-11-02 01:58 . 2008-07-31 13:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2010-11-02 01:58 . 2008-07-31 13:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2010-11-02 01:58 . 2008-07-31 13:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-11-02 00:20 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco322030.dll 2010-11-02 00:20 . 2010-10-22 06:23 57960 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-02 00:20 . 2010-10-22 06:23 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-11-02 00:20 . 2010-10-22 06:23 14899816 ----a-w- c:\windows\system32\nvoglv32.dll 2010-11-02 00:20 . 2010-10-22 06:23 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-11-02 00:20 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco322050.dll 2010-11-02 00:20 . 2010-10-22 06:23 319080 ----a-w- c:\windows\system32\nvdecodemft.dll 2010-11-02 00:20 . 2010-10-22 06:23 4837480 ----a-w- c:\windows\system32\nvcuda.dll 2010-11-02 00:20 . 2010-10-22 06:23 2912360 ----a-w- c:\windows\system32\nvcuvid.dll 2010-11-02 00:20 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-11-02 00:20 . 2010-10-22 06:23 13019752 ----a-w- c:\windows\system32\nvcompiler.dll 2010-11-02 00:18 . 2010-11-02 00:18 -------- d-----w- C:\NVIDIA 2010-11-02 00:11 . 2010-11-02 01:37 108279664 ----a-w- c:\users\Ramon\directx_aug2009_redist.exe 2010-11-01 23:01 . 2004-12-12 22:04 1069056 ----a-w- c:\users\Ramon\dat3.000 2010-11-01 23:01 . 2004-12-11 00:50 -------- d-----w- c:\users\Ramon\images 2010-11-01 23:01 . 2004-12-11 00:44 52736 ----a-w- c:\users\Ramon\ForceDLL.dll 2010-11-01 23:01 . 2004-12-11 00:44 90112 ----a-w- c:\users\Ramon\hook_3DA.dll 2010-11-01 23:01 . 2004-12-12 22:13 208896 ----a-w- c:\users\Ramon\3DAnalyze.exe 2010-11-01 23:01 . 2004-12-11 00:45 765952 ----a-w- c:\users\Ramon\dat1.000 2010-11-01 23:01 . 2004-12-12 22:13 208896 ----a-w- c:\program files\Mozilla Firefox\3DAnalyze.exe 2010-11-01 23:01 . 2004-12-11 00:44 52736 ----a-w- c:\program files\Mozilla Firefox\ForceDLL.dll 2010-11-01 23:01 . 2004-12-11 00:44 90112 ----a-w- c:\program files\Mozilla Firefox\hook_3DA.dll 2010-10-30 00:08 . 2010-10-30 00:09 -------- d-----w- c:\program files\Teamspeak2_RC2 2010-10-27 17:22 . 2010-10-27 17:22 -------- d-----w- c:\programdata\Nexon 2010-10-27 11:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll 2010-10-27 11:48 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-10-27 11:48 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax 2010-10-27 11:48 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2010-10-27 11:48 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2010-10-25 23:21 . 2010-10-25 23:21 -------- d-----w- c:\programdata\Adobe Systems 2010-10-25 23:13 . 2010-10-25 23:13 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2010-10-25 23:11 . 2010-10-25 23:11 -------- d-----w- c:\program files\Topaz Labs LLC 2010-10-24 21:49 . 2010-11-06 18:06 -------- d-----w- c:\program files\thriXXX 2010-10-16 15:42 . 2010-10-16 15:42 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-10-16 15:42 . 2010-10-16 15:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe 2010-10-16 15:42 . 2010-10-16 15:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll 2010-10-16 15:42 . 2010-10-16 15:42 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-10-16 15:42 . 2010-10-16 15:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 15:42 . 2010-10-16 15:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll 2010-10-09 20:29 . 2010-10-09 20:29 -------- d-----w- c:\program files\Advanced IP Scanner 2010-10-09 12:09 . 2010-10-09 12:10 -------- d-----w- c:\program files\Microsoft IntelliPoint . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-22 06:23 . 2009-08-05 23:50 10023528 ----a-w- c:\windows\system32\nvd3dum.dll 2010-10-22 06:23 . 2010-11-02 00:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2010-10-22 06:23 . 2009-08-05 23:50 1719912 ----a-w- c:\windows\system32\nvapi.dll 2010-10-19 14:41 . 2010-01-16 02:02 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-08-21 05:32 . 2010-09-15 10:54 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-10 08:15 . 2010-08-10 08:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-08-10 08:15 . 2010-08-10 08:15 69632 ----a-w- c:\windows\system32\QuickTime.qts . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 13:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 311680] c:\users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MSN Pictures Displayer.lnk - c:\programdata\MSN Pictures Displayer\MSN Pictures Displayer.exe [2010-7-18 2068480] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bitcomet Ultra Accelerator.lnk - c:\program files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe [2010-6-22 260096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA1VBExx Device Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA1VBExx Device Manager.lnk backup=c:\windows\pss\Philips GoGear SA1VBExx Device Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Ramon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] path=c:\users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-07-13 18:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 14:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate] 2010-09-05 17:22 232912 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10i_Plugin.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2010-07-21 19:54 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 18:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes] 2009-10-09 03:50 2203648 ----a-w- c:\program files\Lingoes\Translator2\Lingoes.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 19:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 08:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 13:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 14:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-07-07 20:42 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1cabe12939d1d8a;Google Update Service (gupdate1cabe12939d1d8a);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 133104] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400] R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x] R3 XDva297;XDva297;c:\windows\system32\XDva297.sys [x] R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 16:23] 2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 16:23] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.minilua.com/ uInternet Settings,ProxyOverride = local IE: &B&aixar &com o BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &B&aixar tudo usando o BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: {A1B246D1-CD68-4E20-8A18-9A33AE4D35AC} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436531&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - iUserbar Customized Web Search FF - prefs.js: network.proxy.http - 68.68.107.60 FF - prefs.js: network.proxy.http_port - 29505 FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{51d37496-c262-4d13-a8c1-c93e59bf50b9}\components\FFExternalAlert.dll FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{51d37496-c262-4d13-a8c1-c93e59bf50b9}\components\RadioWMPCore.dll FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\windows\system32\Wat\npWatWeb.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-Msnnet - c:\programlog\MsnNet.exe . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2010-11-06 22:26:52 ComboFix-quarantined-files.txt 2010-11-07 01:26 Pré-execução: 96.351.309.824 bytes disponíveis Pós execução: 96.282.484.736 bytes disponíveis - - End Of File - - E7C48F0133B476C9A3D39F16DB243E96 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:19, on 06/11/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe C:\Windows\explorer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Downloads\Combatarms_VER_2.1010.01.exe C:\Program Files\iTunes\iTunes.exe C:\HijHackthis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file) O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 7609 bytes OBG e boa noite Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Novembro 7, 2010 :) Vários problemas foram removidos pelo Combofix. _________________________ :seta: Mas ficou faltando você executar o Norman Malware Cleaner e postar o log dele. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 8, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites