[Arquivado] &nbspAnalise de Log!

GildazioJr · Fevereiro 15, 2011

Olá estou postando o log de minha maquina devido te-la notado um pouco mais lenta do que o normal e travando constantemente, fico no aguardo de ajuda, desde ja, obrigado!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:28, on 15/02/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\MySQL\bin\mysqld-max.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Wizards\EasyFinance\EasyFinance.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: 66.36.245.154 www2.bancobrasil.com.br

O1 - Hosts: 66.36.245.158 bradesco.com.br

O1 - Hosts: 66.36.245.158 www.bradesco.com.br

O1 - Hosts: 66.36.245.158 www.realsecureweb.com.br

O1 - Hosts: 66.235.176.176 aapj.bb.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKLM\..\Run: [OpenSource] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\javatmp4237948111759349074.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin

O4 - HKUS\S-1-5-21-842925246-1580436667-682003330-1004\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" (User '?')

O4 - HKUS\S-1-5-21-842925246-1580436667-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySql - Unknown owner - C:\MySQL\bin\mysqld-max.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--

End of file - 12693 bytes

Felipe_88 · Fevereiro 16, 2011

Olá, GildazioJr!

Desinstale o Hijackthis instalado em sua máquina, pois o mesmo está desatualizado.

Obs.: Na sua máquina há instalado dois softwares antivírus, isso afeta muito o desempenho do computador. Sugiro optar por apenas um software antivírus. Outro detalhe é que há vários programas iniciando com o sistema e ativos sem necessidade. Sugiro desativá-los.

1º

* Baixe o programa HostsXpert

* Salve-o e descompacte em uma pasta temporária;

* Execute o arquivo [HostsXpert.exe];

* Em "File Handling" > clique em [Restore MS Hosts File];

* Uma caixa de confirmação será exibida, clique em [OK];

*Feche o HostsXpert.

2º

*Faça um scan online com o NOD32

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

GildazioJr · Fevereiro 18, 2011

Ai vai o log do Eset Scanner

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-16 03:58:30

# local_time=2010-08-16 10:58:30 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775125 100 98 0 217338123 0 0

# compatibility_mode=1797 16774105 100 100 0 58297009 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=95989

# found=3

# cleaned=3

# scan_time=6560

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\27\38cf81db-11300478 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\52\17acdc34-6ee00510 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\MsgPlusLive-479.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-16 10:54:32

# local_time=2011-02-16 05:54:32 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775125 100 98 0 233260636 0 0

# compatibility_mode=1797 16775125 100 100 0 71836446 0 0

# compatibility_mode=8192 67108863 100 0 15001431 15001431 0 0

# scanned=98347

# found=12

# cleaned=12

# scan_time=6623

C:\Documents and Settings\Administrador\Configurações locais\temp\1899616.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\22474167.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\78423702.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\96470243.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-388db10d probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-5139d5a5 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-7c4a9263 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-34cbbca2 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-48840c89 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-4d8a7379 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\18\720e60d2-75fa8781 Java/Agent.AA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-17 06:31:45

# local_time=2011-02-17 01:31:45 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=769 16775125 100 98 0 233326806 0 0

# compatibility_mode=1797 16775125 100 100 0 71902616 0 0

# compatibility_mode=8192 67108863 100 0 15067601 15067601 0 0

# scanned=131508

# found=7

# cleaned=7

# scan_time=11073

C:\RECYCLER\S-1-5-21-842925246-1580436667-682003330-500\Dc313.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\RECYCLER\S-1-5-21-842925246-1580436667-682003330-500\Dc314.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP306\A0087699.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP306\A0087701.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP315\A0094704.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP332\A0102526.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP332\A0102527.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

Felipe_88 · Fevereiro 18, 2011

GildazioJr,

1º

Vá no menu: Iniciar > Painel de Controle > Sistema > Clique na aba: Restauração do Sistema > Marque a caixinha: Desativar restauração do sistema > Clique no botão: Aplicar e no botão: Ok. Depois ative-a novamente.

2º

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

GildazioJr · Fevereiro 21, 2011

Certo, ai vai o 'LOG.txt'

Logfile of random's system information tool 1.08 (written by random/random)

Run by GildazioJr at 2011-02-21 10:32:55

Microsoft Windows XP Professional Service Pack 3

System drive C: has 181 GB (59%) free of 305 GB

Total RAM: 1015 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:33:36, on 21/02/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\MySQL\bin\mysqld-max.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\GildazioJr.exe