[Resolvido] &nbspanalize de log

[drakos 0]

opa bom dia!

agradeço se puderem dar uma olhada no meu log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:47:02, on 29/3/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9E83-2DB586E27190} - (no file)

O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9E83-2DB586E27190} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [FLMG] C:\WINDOWS\system32\SVCShell.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\FAMILIA\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7818 bytes

[Power Max 54]

:) Olá drakos!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

 

O2 - BHO: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: (no name) - {A057A204-BACC-4D26-9E83-2DB586E27190} - (no file)

 

O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)

 

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9E83-2DB586E27190} - (no file)

 

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\FAMILIA\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

_________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

[drakos 0]

boa noite!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:07:39, on 29/3/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\EVGA Precision\Bundle\OSDServer\RTSS.exe

C:\Arquivos de programas\AutoHotkey\AutoHotkey.exe

C:\Arquivos de programas\EVGA Precision\EVGAPrecision.exe

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\bf2\fila da #@?$%~ não mexe aqui\HitFixer 1.41.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASRockOCTuner] "C:\Arquivos de programas\ASRock Utility\OCTuner\ASROC.exe"

O4 - HKLM\..\Policies\Explorer\Run: [FLMG] C:\WINDOWS\system32\SVCShell.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7496 bytes

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Versão da Base de Dados: 6200

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

29/3/2011 22:44:56

mbam-log-2011-03-29 (22-44-56).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)

Objetos escaneados: 218180

Tempo decorrido: 34 minuto(s), 54 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\system volume information\_restore{5fba571e-9abd-4cb8-be79-ae0247765730}\RP36\A0015023.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

[Power Max 54]

:thumbsup: Alguns problemas foram removidos.

_______________________

 

:seta: Siga também esta dica:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[drakos 0]

ola bom dia!

 

Norman Malware Cleaner

Version 1.8.3

Copyright © 1990 - 2010, Norman ASA. Built 2011/03/29 00:21:15

 

Norman Scanner Engine Version: 6.07.03

Nvcbin.def Version: 6.07.00, Date: 2011/03/29 00:21:15, Variants: 11015937

 

Scan started: 2011/03/30 16:05:46

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: PAI\FAMILIA

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scanning kernel...

 

Kernel scan complete

 

 

Scanning bootsectors...

 

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 47ms

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 3621

Number of processes/threads scanned: 3621

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 48s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\WINDOWS\unins000.exe (Infected with W32/Suspicious_Gen.OOOL)

Removed registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -> {4646A999-6C40-41FC-BFC8-926D5C2EB949}_is1

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\XP_CodecPack-2[1].4.3.exe/noname.nsis/file0/file45 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\bf2\fila da #@?$%~ não mexe aqui\HitFixer 1.41.exe (Infected with W32/Suspicious_Gen.IRGA)

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\bf2\fila da #@?$%~ não mexe aqui\projetoreality.exe.exe (Infected with W32/Suspicious_Gen2.GZNUA)

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\ComboFix.exe (Infected with W32/Suspicious_Gen2.HTRNH)

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 2\Sony.Vegas.v6.0d.Incl.Keygen-SSG\sfpaplug.cab/sfpaplug.dll (Infected with W32/Zlob.gen4)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 2\Alcatech.BPM.Studio.Professional.v4.9.1-H2O\Alcatech.BPM.Studio.Professional.v4.9.1-H2O\Setup.exe/file11 (Infected with Smalltroj.WSXQ.dropper)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 1\setupMSNSpy.exe/file0 (Infected with W32/Suspicious_Gen2.CLCG)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 1\setupMSNSpy.exe/file1 (Infected with W32/Suspicious_Gen2.HSDCK)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 1\setupMSNSpy.exe/file2 (Infected with W32/Delf.DMTR)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 1\soundforge8\KEYGEN.RAR/keygen.exe (Infected with W32/Suspicious_Gen2.GRCPW)

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades\Traktor DJ Studio 2.5.1.exe/file396 (Infected with Smalltroj.WSXQ.dropper)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades\Traktor DJ Studio 2.5.3 setup.exe/file9 (Infected with Smalltroj.WSXQ.dropper)

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\MACROMEDIA 8\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 , Freehand Mx 11.0.2.zip/Macromedia Studio 8 Full Edition\Keygen\keygen.exe (Infected with W32/Smallworm.GBV)

Deleted file

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\TeamSpeak3-Client-win32-3.0.0-beta12.exe/noname.nsis/file0/file7 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\wlite550.exe/noname.nsis/file0/file18 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Documents and Settings\FAMILIA\Meus documentos\LEANDRO\musicasleandro\Samba\turma dp pagode coisas do amor.mp3 (Infected with WMA/Wimad.H)

Deleted file

 

 

Running post-scan cleanup routine:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:49:40, on 31/3/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [FLMG] C:\WINDOWS\system32\SVCShell.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7148 bytes

[Power Max 54]

:seta: Exclua (delete) estes itens abaixo que estão infectados:

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 2\Sony.Vegas.v6.0d.Incl.Keygen-SSG

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 2\Alcatech.BPM.Studio.Professional.v4.9.1-H2O

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades 1\setupMSNSpy.exe

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades\Traktor DJ Studio 2.5.1.exe

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades\Traktor DJ Studio 2.5.3 setup.exe

___________________________

 

:!: Também é muito importante desinstalar todos os programas pirateados ou crackeados que existam em seu PC, pois um programa falsificado é mais perigoso do que os próprios vírus. A enorme maioria destes programas vem com virus, malwares e brechas de segurança neles, o que pode causar vários problemas em seu PC e facilitar a invasão dele.

________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

_______________________

 

:seta: Acesse o site http://www.virustotal.com/ e envie estes arquivos destacados em vermelho para serem analisados (um de cada vez):

 

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\TeamSpeak3-Client-win32-3.0.0-beta12.exe

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\wlite550.exe

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\XP_CodecPack-2[1].4.3.exe

 

Na sua próxima resposta poste estes links com o resultado das análises no site Virus Total juntamente com o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt, um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[drakos 0]

ola boa tarde!

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=cdf45d16b16dac4d90b2a28fb3476d52

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-31 06:03:15

# local_time=2011-03-31 03:03:15 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777191 100 0 48721286 48721286 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=89612

# found=9

# cleaned=9

# scan_time=3254

C:\WINDOWS\system32\autorun.i Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\progamas de gravação\novidades\Traktor Dj Studio 2.5.3 Keygen.exe a variant of Win32/Keygen.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\FAMILIA\Meus documentos\PROGAMAS\mousefix\usbmrs11.exe a variant of Win32/HackTool.Patcher.B application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\eMule\Incoming\turma dp pagode coisas do amor.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\Driver-Soft\DriverGenius\NvDriverTweak.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{5FBA571E-9ABD-4CB8-BE79-AE0247765730}\RP24\A0011781.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{5FBA571E-9ABD-4CB8-BE79-AE0247765730}\RP38\A0016525.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{5FBA571E-9ABD-4CB8-BE79-AE0247765730}\RP38\A0016526.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:57, on 31/3/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [FLMG] C:\WINDOWS\system32\SVCShell.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7246 bytes

 

 

 

obs: não consegui colocar os arquivo no virustotal então como não precisava dele os deletei.

[Power Max 54]

:thumbsup: Mais 9 problemas foram removidos pelo Nod32 Online.

_______________________

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto destacado em vermelho abaixo:

 

Files to delete:

C:\WINDOWS\system32\SVCShell.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

______________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O4 - HKLM\..\Policies\Explorer\Run: [FLMG] C:\WINDOWS\system32\SVCShell.exe

_______________________

 

:seta: Siga também estas dicas:

 

Tutorial do USBFix

 

Tutorial do SUPERAntispyware (instalação e utilização)

________________________

 

:seta: Em sua próxima resposta poste o log do Avenger que estará em C:\avenger.txt, o log do Usbfix que estará em C:\UsbFix.txt, um novo log do Hijackthis e o log do SUPERAntispyware e nos diga como está o PC após estes procedimentos.

 

Ficamos no aguardo.

[drakos 0]

ola boa tarde!

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/01/2011 at 03:01 PM

 

Application Version : 4.50.1002

 

Core Rules Database Version : 6729

Trace Rules Database Version: 4541

 

Scan type : Quick Scan

Total Scan Time : 00:15:50

 

Memory items scanned : 392

Memory threats detected : 0

Registry items scanned : 1837

Registry threats detected : 2

File items scanned : 32375

File threats detected : 37

 

Adware.Zango/SmartShopper

HKU\S-1-5-21-1733290971-2500673549-3168066103-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}

HKCR\CLSID\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}

 

Adware.Tracking Cookie

img.clickjogos.uol.com.br [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\AGM8THLE ]

vhss-d.oddcast.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\AGM8THLE ]

media01.videoplayer.hu [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\AGM8THLE ]

.doubleclick.net [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

adserver.qplaygames.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.content.yieldmanager.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.statcounter.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.yadro.ru [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.clickjogos.uol.com.br [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.clickjogos.uol.com.br [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

clickjogos.uol.com.br [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.apmebf.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.adtech.de [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

adserver.dialhost.com.br [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

.c.gigcount.com [ C:\Documents and Settings\FAMILIA\Dados de aplicativos\Mozilla\Firefox\Profiles\3l63qu3t.default\cookies.sqlite ]

msnbcmedia.msn.com [ C:\Documents and Settings\Convidado\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\63FGTBCX ]

C:\Documents and Settings\Convidado\Cookies\convidado@adserver.hispavista[1].txt

C:\Documents and Settings\Convidado\Cookies\convidado@ads.us.e-planning[2].txt

C:\Documents and Settings\Convidado\Cookies\convidado@apmebf[1].txt

C:\Documents and Settings\Convidado\Cookies\convidado@content.yieldmanager[2].txt

C:\Documents and Settings\Convidado\Cookies\convidado@msnbc.112.2o7[2].txt

 

Trojan.Agent/Gen-Nullo[short]

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\VXXRCYPF.SYS.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IXYSMJW.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PHLZMTZN.DLL.VIR

 

Trojan.Gromozon (RootKit)

C:\AUTORUN.INF\LPT1.USBFIX

 

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\WINDOWS\system32\SVCShell.exe" not found!

Deletion of file "C:\WINDOWS\system32\SVCShell.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

 

 

 

 

 

############################## | UsbFix 7.042 | [supressão]

 

Usuário: FAMILIA (Administrador) # PAI [ ]

Atualizado em 26/03/2011 por TeamXscript

Começou em 14:32:27 | 01/04/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

 

CPU: AMD Athlon 64 X2 Dual Core Processor 4800+

CPU 2: AMD Athlon 64 X2 Dual Core Processor 4800+

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: AVG Anti-Virus Free 9.0 [(!) Disabled | Updated]

RAM -> 2047 Mb

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (57 Mb livre - 38%) [DISK1_VOL1] # FAT32

D:\ -> CD-ROM

E:\ -> CD-ROM

F:\ -> Disco removível # 2 Gb (860 Mb livre - 45%) [KINGSTON] # FAT

 

################## | Ficheiros # pastas infeciosos |

 

 

Supprimido ! C:\WINDOWS\system32\autorun.in

Supprimido ! C:\WINDOWS\installer.exe

Supprimido ! C:\kht

Supprimido ! C:\khw

Supprimido ! C:\khu

Supprimido ! C:\khv

 

################## | Registro |

 

Supprimido ! HKCU\Software\MailBlocker

Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{09e1dff8-48a9-11df-8737-001966f38a29}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{36d594fa-b1c4-11dd-8de4-667744223310}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5452e24a-280a-11df-8709-806d6172696f}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{73125504-e457-11de-a646-001bb9c78c91}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{a88430be-932a-11dd-8d5f-667744223310}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{aa2ba31e-d81a-11dd-8e88-667744223310}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{b2e0b766-50b3-11df-b54f-001966f38a29}

 

################## | Listing |

 

[05/05/1999 - 22:22:00 | N | 222390] C:\IO.SYS

[06/12/2003 - 19:24:26 | N | 6] C:\MSDOS.SYS

[05/05/1999 - 22:22:00 | N | 95698] C:\COMMAND.COM

[04/03/2010 - 04:36:18 | D ] C:\$AVG

[21/09/2008 - 06:16:56 | D ] C:\WINDOWS

[28/10/2001 - 18:06:10 | N | 4952] C:\Bootfont.bin

[04/08/2004 - 01:59:34 | N | 251168] C:\ntldr

[04/08/2004 - 01:38:34 | N | 47564] C:\NTDETECT.COM

[21/09/2008 - 06:21:06 | N | 512] C:\bootsect.dos

[01/01/2002 - 01:17:22 | D ] C:\FOUND.015

[21/09/2008 - 06:22:32 | D ] C:\Documents and Settings

[21/09/2008 - 06:32:44 | D ] C:\Arquivos de programas

[21/09/2008 - 06:33:28 | N | 0] C:\CONFIG.SYS

[21/09/2008 - 06:33:28 | N | 0] C:\AUTOEXEC.BAT

[21/09/2008 - 07:03:20 | SHD ] C:\System Volume Information

[01/04/2011 - 14:22:54 | ASH | 2145386496] C:\pagefile.sys

[31/05/2010 - 10:54:42 | N | 0] C:\BOOTLOG.TXT

[22/10/2010 - 19:58:32 | D ] C:\FOUND.023

[29/03/2011 - 01:42:16 | D ] C:\FOUND.041

[31/12/2009 - 13:48:40 | D ] C:\FOUND.004

[01/01/2010 - 23:48:44 | D ] C:\FOUND.005

[22/06/2010 - 00:07:34 | D ] C:\FOUND.000

[07/01/2010 - 08:53:42 | D ] C:\FOUND.006

[09/01/2010 - 21:22:04 | D ] C:\FOUND.007

[12/01/2010 - 04:59:14 | D ] C:\MSJVM

[03/09/2009 - 00:41:16 | N | 0] C:\BOOTLOG.PRV

[14/01/2010 - 12:58:26 | D ] C:\FOUND.008

[14/01/2010 - 16:46:32 | D ] C:\FOUND.009

[16/01/2010 - 16:05:42 | D ] C:\AVOneExport

[24/01/2010 - 18:13:00 | D ] C:\FOUND.010

[26/01/2010 - 22:57:08 | D ] C:\FOUND.011

[29/01/2010 - 14:26:12 | D ] C:\FOUND.012

[31/01/2010 - 21:46:06 | D ] C:\5162b9dfa86d55032bae

[31/01/2010 - 21:46:32 | D ] C:\50f7f4511de7f733b4

[05/02/2010 - 00:01:16 | D ] C:\FOUND.013

[08/02/2010 - 16:08:26 | D ] C:\FOUND.014

[01/03/2010 - 11:47:36 | D ] C:\FOUND.016

[14/08/2010 - 11:00:58 | D ] C:\FOUND.001

[28/08/2010 - 17:47:30 | D ] C:\FOUND.002

[01/09/2010 - 20:53:04 | D ] C:\FOUND.003

[21/07/2010 - 17:22:58 | D ] C:\LinhaDefensiva

[03/09/2010 - 12:55:38 | D ] C:\FOUND.017

[03/09/2010 - 09:16:46 | N | 321] C:\boot.ini

[31/05/2009 - 09:51:12 | D ] C:\Config.Msi

[11/11/2010 - 19:17:04 | D ] C:\FOUND.024

[15/11/2010 - 13:18:24 | D ] C:\FOUND.025

[19/09/2010 - 17:29:54 | D ] C:\FOUND.018

[24/09/2010 - 18:06:08 | D ] C:\FOUND.019

[24/09/2010 - 21:18:02 | D ] C:\FOUND.020

[08/10/2010 - 15:23:46 | D ] C:\FOUND.021

[20/10/2010 - 18:21:22 | D ] C:\FOUND.022

[16/11/2010 - 20:08:54 | D ] C:\FOUND.026

[17/11/2010 - 14:14:12 | D ] C:\FOUND.027

[22/11/2010 - 17:24:00 | D ] C:\FOUND.028

[26/11/2010 - 17:19:20 | D ] C:\FOUND.029

[12/12/2010 - 10:46:46 | D ] C:\FOUND.030

[13/12/2010 - 21:03:24 | D ] C:\FOUND.031

[17/12/2010 - 18:23:16 | D ] C:\FOUND.032

[01/04/2011 - 14:22:42 | N | 1304] C:\avenger.txt

[24/09/2009 - 01:38:20 | D ] C:\cmdcons

[20/12/2010 - 23:39:46 | D ] C:\FOUND.033

[07/01/2011 - 17:16:12 | D ] C:\FOUND.034

[24/09/2009 - 21:50:10 | SHD ] C:\Recycled

[08/01/2011 - 17:17:52 | D ] C:\FOUND.035

[24/09/2009 - 01:35:40 | D ] C:\Qoobox

[01/04/2011 - 14:22:42 | D ] C:\Avenger

[14/01/2011 - 22:34:58 | D ] C:\FOUND.036

[26/01/2011 - 01:27:54 | D ] C:\FOUND.037

[27/01/2011 - 17:34:44 | D ] C:\FOUND.038

[29/01/2011 - 13:23:00 | D ] C:\FOUND.039

[01/03/2011 - 01:01:02 | D ] C:\FOUND.040

[01/04/2011 - 14:31:08 | D ] C:\UsbFix

[01/04/2011 - 14:31:08 | N | 1096] C:\UsbFix.txt

[29/11/2009 - 10:11:56 | D ] C:\MSP8 Preview Files

[07/08/2009 - 23:59:38 | N | 244] C:\sqmnoopt00.sqm

[07/08/2009 - 23:59:38 | N | 268] C:\sqmdata00.sqm

[09/08/2009 - 00:26:26 | N | 244] C:\sqmnoopt01.sqm

[10/08/2009 - 00:39:38 | N | 244] C:\sqmnoopt02.sqm

[10/08/2009 - 00:39:38 | N | 268] C:\sqmdata02.sqm

[10/08/2009 - 00:42:58 | N | 244] C:\sqmnoopt03.sqm

[10/08/2009 - 00:42:58 | N | 268] C:\sqmdata03.sqm

[06/08/2009 - 18:15:22 | N | 244] C:\sqmnoopt04.sqm

[06/08/2009 - 18:15:22 | N | 268] C:\sqmdata04.sqm

[06/08/2009 - 22:57:56 | N | 244] C:\sqmnoopt05.sqm

[06/08/2009 - 22:57:56 | N | 268] C:\sqmdata05.sqm

[07/08/2009 - 13:05:10 | N | 244] C:\sqmnoopt06.sqm

[07/08/2009 - 13:05:10 | N | 268] C:\sqmdata06.sqm

[22/01/2008 - 09:52:12 | D ] C:\MyWorks

[11/08/2009 - 13:09:40 | N | 244] C:\sqmnoopt07.sqm

[11/08/2009 - 13:09:40 | N | 268] C:\sqmdata07.sqm

[09/08/2009 - 00:26:26 | N | 268] C:\sqmdata01.sqm

[11/08/2009 - 13:16:28 | N | 244] C:\sqmnoopt08.sqm

[11/08/2009 - 13:16:28 | N | 268] C:\sqmdata08.sqm

[11/08/2009 - 22:17:54 | N | 244] C:\sqmnoopt09.sqm

[11/08/2009 - 22:17:54 | N | 268] C:\sqmdata09.sqm

[25/10/2008 - 22:35:20 | D ] C:\DVDVideoSoft

[11/08/2009 - 22:40:48 | N | 244] C:\sqmnoopt10.sqm

[11/08/2009 - 22:40:48 | N | 268] C:\sqmdata10.sqm

[11/08/2009 - 23:25:10 | N | 244] C:\sqmnoopt11.sqm

[11/08/2009 - 23:25:10 | N | 268] C:\sqmdata11.sqm

[12/08/2009 - 00:22:16 | N | 244] C:\sqmnoopt12.sqm

[12/08/2009 - 00:22:16 | N | 268] C:\sqmdata12.sqm

[12/08/2009 - 03:52:36 | N | 244] C:\sqmnoopt13.sqm

[12/08/2009 - 03:52:36 | N | 268] C:\sqmdata13.sqm

[12/08/2009 - 10:28:16 | N | 244] C:\sqmnoopt14.sqm

[12/08/2009 - 10:28:16 | N | 268] C:\sqmdata14.sqm

[31/05/2009 - 14:03:14 | N | 244] C:\sqmnoopt16.sqm

[31/05/2009 - 14:03:14 | N | 268] C:\sqmdata16.sqm

[31/05/2009 - 14:13:24 | N | 244] C:\sqmnoopt17.sqm

[31/05/2009 - 14:13:24 | N | 268] C:\sqmdata17.sqm

[09/06/2009 - 21:01:08 | N | 244] C:\sqmnoopt18.sqm

[09/06/2009 - 21:01:08 | N | 232] C:\sqmdata18.sqm

[06/08/2009 - 05:47:38 | N | 244] C:\sqmnoopt19.sqm

[06/08/2009 - 05:47:38 | N | 268] C:\sqmdata19.sqm

[14/01/2009 - 16:38:06 | D ] C:\Program Files

[31/05/2009 - 13:25:20 | N | 244] C:\sqmnoopt15.sqm

[31/05/2009 - 13:25:20 | N | 268] C:\sqmdata15.sqm

[31/05/2009 - 09:47:50 | D ] C:\SWSetup

[15/06/2009 - 03:53:06 | D ] C:\NVIDIA

[22/06/2009 - 22:58:58 | D ] C:\849398da94424cb81de912f32e

[18/07/2009 - 21:32:38 | D ] C:\Hijack

[19/07/2009 - 15:52:48 | D ] C:\ToolBar SD

 

################## | Vaccin |

 

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_PAI.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:21, on 1/4/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7561 bytes

 

 

 

 

 

 

sim meu pc esta melhor com certeza! observei quem foram criadas varias pasta em c/ com nome found.23, e varios arquivos tb deixo ele la?

desde ja agradeço.

[Power Max 54]

:thumbsup: Vários outros problemas foram removidos.

______________________

 

observei quem foram criadas varias pasta em c/ com nome found.23, e varios arquivos tb deixo ele la?

:seta: Você encontra uma boa explicação para esta questão no tópico abaixo:

http://www.hardware.com.br/comunidade/found-pastas/75254/

_______________________

 

:seta: Para que o Usbfix possa ser aperfeiçoado, favor enviar o arquivo: C:\UsbFix_Upload_Me_PAI.zip para este site abaixo:

http://www.teamxscript.org/Upload.php

A equipe do Usbfix agradece a sua contribuição.

_______________________

 

:seta: Alguns problemas foram detectados pelo SUPERAntispyware. Você removeu todos os problemas que ele encontrou? Caso não tenha removido, remova-os por gentileza.

_____________________

 

:seta: Siga, por gentileza, esta dica:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[drakos 0]

ola boa tarde!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:16, on 2/4/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.220.248.246:80

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: fox.lnk = C:\Documents and Settings\FAMILIA\Desktop\Virus Removal Tool\fox\startup.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: FwcamptoWga - {3209672D-C736-43AC-AC39-A5CCC21946A5} - (no file)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - http://ad.doubleclick.net/adj/br.terra.letras/subs;sz=250x250;dcopt=ist;ord=Num?

 

--

End of file - 7663 bytes

 

 

 

 

 

Verificação automática: funcionamento incorreto (eventos: 1, objetos: 0, hora: Desconhecido)

2/4/2011 13:17:45 Tarefa iniciada Ação padrão selecionada

Verificação automática: concluído 1 minuto atrás (eventos: 2, objetos: 7735, hora: 01:13:31)

2/4/2011 14:57:45 Tarefa iniciada Ação padrão selecionada

2/4/2011 16:11:16 Tarefa concluída Ação padrão selecionada

[Power Max 54]

:) Seus logs estão limpos. Como está o PC?

[drakos 0]

ola bom dia!

 

pc esta com certeza melhor, antonio não tenho palavras pra lhe agradecer, muito obrigado a você e a equipe do master foruns especialmente na parte de remoção de malwares e claro muito especialmete a você... abraço agradecido fique com deus!

[Power Max 54]

ola bom dia!

 

pc esta com certeza melhor, antonio não tenho palavras pra lhe agradecer, muito obrigado a você e a equipe do master foruns especialmente na parte de remoção de malwares e claro muito especialmete a você... abraço agradecido fique com deus!

:) Fico feliz que os problemas foram resolvidos. Só faltam estes últimos procedimentos abaixo para completar:

 

C:\Arquivos de programas\AVG\AVG9

:seta: No seu log consta que você está com o Avg 9 e já existe uma versão mais nova do Avg. Seria muito importante instalar a nova versão dele ou então trocá-lo por um outro antivirus de sua preferência atualizado.

_________________________

 

:seta: Pode desinstalar o Kaspersky Virus Removal Tool, o Norman Malware Cleaner, o Superantispyware e Usbfix. Siga também as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

 

Tutorial do ToolsCleaner

__________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

Ccleaner

 

Auslogics Disk Defrag

 

SpywareBlaster

________________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

 

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

_________________________

 

:seta: Se o seu Windows for original, baixe e instale o Service Pack 3:

http://www.baixaki.com.br/download/windows-xp-service-pack-3.htm

__________________________

 

:thumbsup: Foi um prazer ajudar, conte sempre conosco!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.