[Resolvido] &nbspPC lento e travando

[Lucas F. dos Santos 0]

A uns 30 dias meu PC vem travando Principalmente a execução de vídeos e musicas.

Sem contar que demora quase 10 minutos para inicializar us 5 minutos para abrir o navegador.

eu uso o CCleaner regulamente mas não esta resolvendo muito.

Ja fiz uma varredura com o Avast e o Ad-Aware.

Preciso muito da ajuda de vocês.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:24:13, on 15/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=d6d6ca3c000000000000000000000000&tlver=1.4.19.19&affID=17160

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=d6d6ca3c000000000000000000000000&tlver=1.4.19.19&affID=17160

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: (no name) - {ed6a3e8b-4762-482a-a242-b121c0927987} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I

O4 - HKUS\S-1-5-21-4262322605-869973698-12785198-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Lucas')

O4 - HKUS\S-1-5-21-4262322605-869973698-12785198-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Lucas')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 8392 bytes

[Power Max 54]

:) Olá Lucas!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo....19&affID=17160

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

 

R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)

 

R3 - URLSearchHook: (no name) - {ed6a3e8b-4762-482a-a242-b121c0927987} - (no file)

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I

______________________

 

:seta: Há várias toolbars instaladas em seu PC que deixam a navegação mais lenta e com problemas. Acesse o Painel de Controle do Windows > Programas e Recursos > procure pelo programa BabylonToolbar e quando achá-lo clique com o botão direito do mouse sobre ele e escolha a opção Desinstalar > aí é só ir seguindo os passos que o desinstalador dele vai te indicando.

____________________

 

:seta: Siga também estas dicas:

 

Tutorial do Ad-Remover

 

Tutorial do Malwarebytes Anti-Malware

_______________________

 

:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[Lucas F. dos Santos 0]

Segue log

 

Meu PC continua lento para iniciar.

Mas o desempenho depois que inicia melhorou

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:35:25, on 17/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wuauclt.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Intel\Malwarebytes' Anti-Malware\mbamext.dll"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Intel\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-LK22P.exe" /REG /REGSVRMODE

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7058 bytes

 

 

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 5363

 

Windows 6.1.7600 (Safe Mode)

Internet Explorer 9.0.8112.16421

 

17/04/2011 12:07:00

mbam-log-2011-04-17 (12-07-00).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 241805

Time elapsed: 28 minute(s), 39 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 8

Files Infected: 25

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\4 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.

 

Files Infected:

c:\Users\Public\Desktop\mp3 downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.

c:\programdata\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\i40622_7529732986 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\i40622_7656276620 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\i40622_7736961227 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\i40622_7856854861 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\i40624_9342013194 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\i40625_7105454630 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\i40625_7254203935 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\i40625_7254253009 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\3\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\4\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\4\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger\ refog free keylogger en la web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger\refog free keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger\¡comprar ahora!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

c:\programdata\MPK\refog free keylogger\¡obtener un descuento!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

 

 

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 09:58:04 on 17/04/2011, Normal boot

 

Microsoft Windows 7 Ultimate (X86)

Adm@LUCAS-PC (Gigabyte Technology Co., Ltd. VM900M)

 

============== ACTION(S) ==============

 

 

File deleted: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\searchplugins\askcom.xml

Folder deleted: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\conduit

Folder deleted: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\ConduitEngine

Folder deleted: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\extensions\engine@conduit.com

File deleted: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\searchplugins\conduit.xml

Folder deleted: C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\conduit

File deleted: C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\searchplugins\conduit.xml

Folder deleted: C:\Users\Adm\AppData\LocalLow\AskToolbar

Folder deleted: C:\Users\Adm\AppData\LocalLow\ConduitEngine

Folder deleted: C:\Program Files\AutocompletePro

Folder deleted: C:\Users\Adm\AppData\Roaming\OpenCandy

Folder deleted: C:\Users\Adm\AppData\Local\OpenCandy

Folder deleted: C:\ProgramData\PopCap Games

Folder deleted: C:\Users\Adm\AppData\LocalLow\PriceGong

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default\Prefs.js --

Line deleted: user_pref("CT2863004.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1255010/1250683/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2863004", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2863004/CT2863004...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2863004");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{ed6a3e8b-4762-482a-a242-b121c0927987}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_br");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2863004");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ed6a3e8b-4762-482a-a242-b121c0927987}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_br");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2863004");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2863004");

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 13 2011 09:36:17 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 13 2011 09:36:11 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "f11f601a-0dd7-4f12-9b3e-c9c73e0d1ae3");

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2863004");

Line deleted: user_pref("ConduitEngine.FirstServerDate", "03/13/2011 15");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Sun Mar 13 2011 09:36:14 GMT-0300 (Hora oficial do Brasil)...

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Mar 13 2011 09:36:14 GMT-0300 (Hora oficia...

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Mar 13 2011 09:36:14 GMT-0300 (Hora oficial do Bra...

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Mar 13 2011 09:36:12 GMT-0300 (Hora oficial do...

Line deleted: user_pref("ConduitEngine.UserID", "UN23118711766847677");

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Mar 13 2011 09:36:14 GMT-0300 (Hora ...

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2863004&Sea...

Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2863004&SearchSource=13");

-- File closed --

 

 

-- File opened: C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\Prefs.js --

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/content/games/players/saveanali...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/87/229/CT2290987/Brow...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/87/229/CT2290987/Brow...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/87/229/CT2290987/Brow...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/87/229/CT2290987/Gadg...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/87/229/CT2290987/Gadg...

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/MyStuff/09/9e/09e2189...

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=IEFM1&q=...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2405726,CT2290987");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2405726,CT2290987");

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon May 17 2010 20:51:23 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 17 2010 18:51:23 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "{66779e68-16c6-43b4-8c18-821775cc9683}");

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2290987");

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key deleted: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2552374

Key deleted: HKLM\Software\Classes\Toolbar.CT2863004

Key deleted: HKCU\Software\AutocompleteProBHO

Key deleted: HKCU\Software\PopCap

Key deleted: HKCU\Software\AppDataLow\Software\PriceGong

Key deleted: HKLM\Software\aTube Catcher\OpenCandy

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

-- C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\kapms0vz.default --

Extensions\ffxtlbr@babylon.com (Babylon)

Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Toolbar)

Extensions\{ed6a3e8b-4762-482a-a242-b121c0927987} (Softonic_br Community Toolbar)

Prefs.js - browser.search.selectedEngine, Softonic_br Customized Web Search

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8

 

-- C:\Users\Aline_2\AppData\Roaming\Mozilla\FireFox\Profiles\t1nwgdj8.default --

Prefs.js - browser.download.lastDir, J:\\Images

Prefs.js - browser.startup.homepage, www.google.com

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

 

-- C:\Users\Alison\AppData\Roaming\Mozilla\FireFox\Profiles\ax0sbqfi.default --

Prefs.js - browser.download.lastDir, C:\\Users\\Alison\\Pictures

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8

 

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default --

Extensions\piclens@cooliris.com (Cooliris)

Extensions\pt-BR@dellalibera.sf.net (Verificador Ortográfico para Português do Brasil.)

Extensions\{9e877ee8-d8e8-48b0-84dd-06917f470dff} (King Net Toolbar)

Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} (FoxTab)

Extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286} (Online Radio Brazil Toolbar)

Prefs.js - browser.search.defaultenginename, Bing

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

Prefs.js - keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=

 

========================================

 

**** Internet Explorer Version [9.0.8112.16421] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - "McAfee SiteAdvisor Toolbar" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)

HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=stonicbr&s={searchTerms}&f=4)

HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/redirect?client=ie&tb=ATU-SRS&o=102365&src=c...)

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (x)

HKCU_Toolbar\WebBrowser|{12FC3D37-2A42-4FE3-8489-81296878CBA5} (x)

HKCU_Toolbar\WebBrowser|{ED6A3E8B-4762-482A-A242-B121C0927987} (x)

HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Program Files\Orbitdownloader\orbitdm.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

BHO\{2E3C3651-B19C-4DD9-A979-901EC3E930AF} - "ssh2 Class" (C:\Program Files\Scpad\scpsssh2.dll)

BHO\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - "Windows Live Family Safety Browser Helper Class" (C:\Program Files\Windows Live\Family Safety\fssbho.dll)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 292 File(s)

C:\Program Files\Ad-Remover\Backup: 16 File(s)

 

\Ad-Report-CLEAN[1].txt - 17/04/2011 10:00:04 (15203 Byte(s))

 

End at: 10:02:22, 17/04/2011

 

============== E.O.F ==============

[Power Max 54]

:thumbsup: Vários problemas foram removidos do seu PC.

_______________________

 

:seta: 1. Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2. Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Lucas F. dos Santos 0]

Ainda esta lento e o vídeos estão travando.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:15:22, on 17/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKUS\S-1-5-21-4262322605-869973698-12785198-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Lucas')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 6808 bytes

 

 

 

 

 

ComboFix 11-04-16.03 - Adm 17/04/2011 19:34:34.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.960.415 [GMT -3:00]

Executando de: c:\users\Lucas\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\MessengerPlus

c:\messengerplus\enviado.flg

c:\messengerplus\juupdate18.log

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-17 to 2011-04-17 ))))))))))))))))))))))))))))

.

.

2011-04-17 22:47 . 2011-04-17 22:48 -------- d-----w- c:\users\Adm\AppData\Local\temp

2011-04-17 22:47 . 2011-04-17 22:47 -------- d-----w- c:\users\Lucas\AppData\Local\temp

2011-04-17 22:47 . 2011-04-17 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-17 22:47 . 2011-04-17 22:47 -------- d-----w- c:\users\Alison\AppData\Local\temp

2011-04-17 22:47 . 2011-04-17 22:47 -------- d-----w- c:\users\Aline_2\AppData\Local\temp

2011-04-17 21:48 . 2011-04-17 21:49 -------- d-----w- C:\ERUNT

2011-04-17 13:38 . 2011-04-17 13:38 709456 ----a-w- c:\windows\isRS-000.tmp

2011-04-17 12:58 . 2011-04-17 12:58 -------- d-----w- c:\program files\Ad-Remover

2011-04-17 12:50 . 2011-04-17 12:50 -------- d-----w- C:\backups

2011-04-16 06:34 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D18407-CCFE-44DA-A628-EB737CE8A99A}\mpengine.dll

2011-04-15 21:22 . 2011-04-15 21:18 388608 ----a-w- C:\HiJackThis.exe

2011-04-12 18:17 . 2011-04-17 10:47 -------- d-----w- c:\users\Aline_2\AppData\Roaming\Media Player Classic

2011-04-12 18:16 . 2011-04-12 18:16 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-04-08 00:28 . 2011-04-08 00:28 -------- d-----w- c:\program files\FoxTabFlvPlayer

2011-04-06 23:53 . 2011-04-06 23:53 -------- d-----w- c:\users\Lucas\AppData\Local\Unity

2011-04-04 19:05 . 2011-04-04 21:33 -------- d-----w- c:\program files\FreeTime

2011-04-04 18:21 . 2011-04-04 18:49 -------- d-----w- c:\program files\Gabest

2011-03-24 20:00 . 2011-03-24 20:00 -------- d-----w- c:\users\Adm\AppData\Local\QuickStores

2011-03-20 19:42 . 2011-04-01 19:13 -------- d-----w- c:\program files\Soluto

2011-03-20 19:39 . 2011-04-01 19:13 -------- d-----w- c:\programdata\Soluto

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-18 21:07 . 2011-03-18 21:07 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-03-18 21:07 . 2011-03-18 21:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-03-18 21:07 . 2011-03-18 21:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-03-18 21:07 . 2011-03-18 21:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-03-18 21:07 . 2011-03-18 21:07 161792 ----a-w- c:\windows\system32\msls31.dll

2011-03-18 21:07 . 2011-03-18 21:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-03-18 21:07 . 2011-03-18 21:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-03-18 21:07 . 2011-03-18 21:07 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-03-18 21:07 . 2011-03-18 21:07 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-03-18 21:07 . 2011-03-18 21:07 367104 ----a-w- c:\windows\system32\html.iec

2011-03-18 21:07 . 2011-03-18 21:07 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-03-18 21:07 . 2011-03-18 21:07 152064 ----a-w- c:\windows\system32\wextract.exe

2011-03-18 21:07 . 2011-03-18 21:07 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-03-18 21:07 . 2011-03-18 21:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-03-18 21:07 . 2011-03-18 21:07 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-18 21:07 . 2011-03-18 21:07 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-03-18 21:07 . 2011-03-18 21:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-03-18 21:07 . 2011-03-18 21:07 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-03-18 21:07 . 2011-03-18 21:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-03-18 21:07 . 2011-03-18 21:07 11776 ----a-w- c:\windows\system32\mshta.exe

2011-03-18 21:07 . 2011-03-18 21:07 101888 ----a-w- c:\windows\system32\admparse.dll

2011-03-18 21:01 . 2011-03-18 21:01 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-03-18 21:01 . 2011-03-18 21:01 801792 ----a-w- c:\windows\system32\FntCache.dll

2011-03-18 21:01 . 2011-03-18 21:01 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-18 21:01 . 2011-03-18 21:01 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-03-18 21:01 . 2011-03-18 21:01 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-18 21:01 . 2011-03-18 21:01 3181568 ----a-w- c:\windows\system32\mf.dll

2011-03-18 21:01 . 2011-03-18 21:01 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-18 21:01 . 2011-03-18 21:01 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-03-18 21:01 . 2011-03-18 21:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-03-18 21:01 . 2011-03-18 21:01 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-03-18 21:01 . 2011-03-18 21:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-03-18 21:01 . 2011-03-18 21:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-03-18 21:01 . 2011-03-18 21:01 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-03-18 21:01 . 2011-03-18 21:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-03-18 21:01 . 2011-03-18 21:01 107520 ----a-w- c:\windows\system32\cdd.dll

2011-03-18 21:01 . 2011-03-18 21:01 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-02 21:11 . 2010-04-16 07:17 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-06-01 22:49 . 2010-06-01 22:49 774144 ----a-w- c:\program files\RngInterstitial.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-01 202256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 02:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2010-12-21 21:42 2162488 ----a-w- c:\program files\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2010-04-28 10:44 647528 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]

2011-01-31 14:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsu_ui_client.exe]

2010-11-05 12:41 2266416 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu_ui_client.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 13:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 19:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-06-01 23:02 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2011-02-16 88176]

R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]

R3 NitroPCSrv;NitroPC Service; [x]

R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-27 64288]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-27 1352832]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 23:37]

.

2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 00:11]

.

2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 00:11]

.

2010-07-22 c:\windows\Tasks\Install.job

- c:\windows\System32\Macromed\Shockwave 10\nssstub.exe [2010-07-17 14:27]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A} = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kapms0vz.default\

FF - prefs.js: browser.search.selectedEngine - Softonic_br Customized Web Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{12FC3D37-2A42-4FE3-8489-81296878CBA5} - (no file)

WebBrowser-{ED6A3E8B-4762-482A-A242-B121C0927987} - (no file)

SafeBoot-SolutoService

.

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4262322605-869973698-12785198-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D09382B-CA62-8BE0-7628-7D765E699E41}*]

"jagfkpcblmdadgaehckm"=hex:62,61,64,6d,00,00

"iagghggbfeelhilbnj"=hex:6b,61,6c,6d,68,66,6c,6f,70,68,70,70,66,6b,70,61,6d,6d,

69,6d,64,66,00,03

"jagfkpcblmdadgaehcod"=hex:62,61,6b,6d,00,00

"haaabfbpmgjinlpn"=hex:6b,61,6c,6d,68,66,6c,6f,70,68,70,70,66,6b,6b,64,6f,6d,

69,6d,6c,6f,00,03

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'lsass.exe'(532)

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

.

Tempo para conclusão: 2011-04-17 19:53:32

ComboFix-quarantined-files.txt 2011-04-17 22:53

ComboFix2.txt 2010-09-07 23:02

.

Pré-execução: 16.076.505.088 bytes disponíveis

Pós execução: 15.985.647.616 bytes disponíveis

.

- - End Of File - - 266EB19A73DF84FE290A50E41FD2300B

[Power Max 54]

Ainda esta lento e o vídeos estão travando

:seta: Há esta entrada abaixo que é desnecessária e ajuda o PC a ficar mais lento:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

Para corrigir isto, siga esta dica:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________

 

:seta: Também no seu log está constando o Windows Defender, Ad-Aware e o Spybot ativos no sistema. Embora eles sejam bons programas, são pesados e podem também deixar o PC mais lento. Caso queira deixar o PC mais rápido, você pode deixar somente o Windows Defender no automático e os demais deixe o serviço deles com a inicialização manual e só ative-os na hora de fazer o escaneamento com eles.

 

Para isto é só ir no menu: Iniciar > Painel de Controle > Ferramentas admnistrativas > Procure o serviço AAWService, clique em cima com o botão direito do mouse e depois em Propriedades.

 

Pare o serviço e coloque o Tipo de Inicialização como Manual.

 

Repita o mesmo procedimento acima para deixar como Manual o processo SBSDWSCService (ou SDWinSec) que é referente ao Spybot.

 

Aí quando você quiser fazer um escaneamento com estes programas acima é só ir no menu: Iniciar > Painel de Controle > Ferramentas admnistrativas > procure pelos serviços que você tinha desativado e clique em cima com o botão direito do mouse e escolha a opção Iniciar. Depois do escaneamento, volte no menu indicado acima, clique em cima de cada um destes dois serviços acima com o botão direito do mouse e depois em Parar.

____________________

 

:seta: Siga também esta dica:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[Lucas F. dos Santos 0]

Executei o programa Norman Malware Cleaner . Depois de mais ou menos um minuto apareceu uma tela azul eo pc desligou.

quando eu liguei de novo estava mas lento que antes.

[Power Max 54]

Executei o programa Norman Malware Cleaner . Depois de mais ou menos um minuto apareceu uma tela azul eo pc desligou.

quando eu liguei de novo estava mas lento que antes.

O Norman não causa este problema de tela azul, a questão é que o seu PC estava (e pode ainda estar) bem contaminado e estes virus e malwares trazem vários problemas ao PC, incluindo estes erros como o que você citou.

 

Mas você seguiu os outros procedimentos que passei na mensagem anterior? Caso não tenha seguido, siga-os e nos diga como está o PC depois disto.

 

:seta: Há esta entrada abaixo que é desnecessária e ajuda o PC a ficar mais lento:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

Para corrigir isto, siga esta dica:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________

 

:seta: Também no seu log está constando o Windows Defender, Ad-Aware e o Spybot ativos no sistema. Embora eles sejam bons programas, são pesados e podem também deixar o PC mais lento. Caso queira deixar o PC mais rápido, você pode deixar somente o Windows Defender no automático e os demais deixe o serviço deles com a inicialização manual e só ative-os na hora de fazer o escaneamento com eles.

 

Para isto é só ir no menu: Iniciar > Painel de Controle > Ferramentas admnistrativas > Procure o serviço AAWService, clique em cima com o botão direito do mouse e depois em Propriedades.

 

Pare o serviço e coloque o Tipo de Inicialização como Manual.

 

Repita o mesmo procedimento acima para deixar como Manual o processo SBSDWSCService (ou SDWinSec) que é referente ao Spybot.

 

Aí quando você quiser fazer um escaneamento com estes programas acima é só ir no menu: Iniciar > Painel de Controle > Ferramentas admnistrativas > procure pelos serviços que você tinha desativado e clique em cima com o botão direito do mouse e escolha a opção Iniciar. Depois do escaneamento, volte no menu indicado acima, clique em cima de cada um destes dois serviços acima com o botão direito do mouse e depois em Parar.

[Lucas F. dos Santos 0]

sim, eu segui os passos anteriores.

 

Meu PC esta bem mais rápido.

mas as vezes ele fica lento e travando. como se tivesse algum programa carregando.

[Power Max 54]

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[Lucas F. dos Santos 0]

meu PC esta muito melhor, não esta mais travando e esta iniciando muito mais rápido.

So os vídeos quando estou assistindo online que fica lento (tipo em câmera lenta ) e com o som meio robótica rsrs.

Mas acredito que isso não e virós.

segue logs

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:53:28, on 22/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Lucas\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 5984 bytes

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=1fe6af5ae5b8fb489c738c353c89b63e

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-04-21 11:54:38

# local_time=2011-04-21 08:54:38 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 28971634 28971634 0 0

# compatibility_mode=5893 16776573 100 94 0 54978235 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1027

# found=0

# cleaned=0

# scan_time=236

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=1fe6af5ae5b8fb489c738c353c89b63e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-04-22 02:08:52

# local_time=2011-04-21 11:08:52 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 28972054 28972054 0 0

# compatibility_mode=5893 16776573 100 94 0 54978655 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=115888

# found=5

# cleaned=5

# scan_time=7866

C:\Program Files\Ad-Remover\Quarantine\C\Users\Adm\AppData\Roaming\OpenCandy\OpenCandy_35A40593E3334C78ACD94B132C32E4DC\registrybooster25.exe.vir a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Ad-Remover\Quarantine\C\Users\Adm\AppData\Roaming\OpenCandy\OpenCandy_35A40593E3334C78ACD94B132C32E4DC\registrybooster25Wrapped.exe.vir a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\FoxTabFlvPlayer\Uninstall\Uninstall.exe Win32/Toolbar.Facemoods application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Lucas\Downloads\antigas\todas_chaves_nero9.rar probably a variant of Win32/Agent.KHBSUSP trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Videos\SpyKeylogger-install.exe Win32/KeyLogger.SpyKeylogger.132 application (deleted - quarantined) 00000000000000000000000000000000 C

[Power Max 54]

:thumbsup: Mais 5 problemas foram removidos pelo Nod32 Online.

___________________

 

:seta: Siga também esta dica:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Lucas F. dos Santos 0]

Segue novos logs

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:49:38, on 24/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Lucas\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 6383 bytes

 

 

 

 

QuickScan Beta 32-bit v0.9.9.90

-------------------------------

Data da análise: Sun Apr 24 13:24:54 2011

ID da máquina: D6D6CA3C

 

 

 

Não foram encontradas infecções.

--------------------------------

 

 

 

Processos

---------

(verificado) avast! Antivirus 3116 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

(verificado) Firefox 3296 C:\Program Files\Firefox\firefox.exe

(verificado) Firefox 2952 C:\Program Files\Firefox\plugin-container.exe

(verificado) Microsoft Search Client Server 3176 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

(verificado) Microsoft® Windows® Operating System 2572 C:\Windows\System32\wuauclt.exe

(verificado) RealPlayer (32-bit) 3408 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

(verificado) Sistema operacional Microsoft® Windows® 3072 C:\Windows\explorer.exe

(verificado) Sistema Operacional Microsoft® Windows® 472 C:\Windows\System32\dwm.exe

(verificado) Sistema Operacional Microsoft® Windows® 4192 C:\Windows\System32\taskhost.exe

(verificado) Windows Live Toolbar 292 C:\Program Files\Windows Live\Toolbar\wltuser.exe

(verificado) Windows® Internet Explorer 2584 C:\Program Files\Internet Explorer\iexplore.exe

(verificado) Windows® Internet Explorer 4916 C:\Program Files\Internet Explorer\iexplore.exe

(verificado) Windows® Internet Explorer 5804 C:\Program Files\Internet Explorer\iexplore.exe

 

 

Atividade da Rede

-----------------

Processo firefox.exe (3296) conectado à porta 443 (HTTP over SSL) --> 209.85.157.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.157.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.157.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.45.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.45.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.45.132

Processo iexplore.exe (5804) conectado à porta 443 (HTTP over SSL) --> 74.125.45.132

 

 

 

Autoruns e arquivos críticos

----------------------------

(verificado) avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe

(verificado) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

(verificado) RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe

(verificado) scpIBLoad Module C:\Program Files\Scpad\scpLIB.dll

(verificado) Sistema Operacional Microsoft® Windows® c:\windows\system32\userinit.exe

(verificado) Sistema operacional Microsoft® Windows® C:\Windows\SYSTEM32\WerFault.exe

(verificado) Windows® Internet Explorer c:\windows\system32\webcheck.dll

 

 

Plugins do navegador

--------------------

(não assinado) Cooliris for Firefox C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

(não assinado) Cooliris for Firefox C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

(não assinado) LaunchCooliris.exe C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin2.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin3.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin4.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin5.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin6.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Firefox\plugins\npqtplugin7.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(não assinado) QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(não assinado) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

 

(verificado) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

(verificado) Adobe Acrobat C:\Program Files\Firefox\plugins\nppdf32.dll

(verificado) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

(verificado) bdoscandel.exe C:\Windows\bdoscandel.exe

(verificado) bdscanonline C:\Windows\Downloaded Program Files\oscan82.ocx

(verificado) BitDefender QuickScan C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

(verificado) coolirisstub.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

(verificado) Emsisoft Web Malware Scan C:\Windows\Downloaded Program Files\asquared.ocx

(verificado) Family Safety Browser Helper Object Lib c:\program files\windows live\family safety\fssbho.dll

(verificado) FFExternalAlert.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{9e877ee8-d8e8-48b0-84dd-06917f470dff}\components\FFExternalAlert.dll

(verificado) FFExternalAlert.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\FFExternalAlert.dll

(verificado) Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

(verificado) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

(verificado) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll

(verificado) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe

(verificado) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll

(verificado) ipsupd.dll C:\Windows\Downloaded Program Files\ipsupd.dll

(verificado) Java Platform SE 6 U18 C:\Program Files\Java\jre6\bin\jp2ssv.dll

(verificado) McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll

(verificado) McAfee SiteAdvisor C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll

(verificado) Microsoft Search Enhancement Pack C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

(verificado) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

(verificado) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verificado) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verificado) Mozilla Default Plug-in C:\Program Files\Firefox\plugins\npnul32.dll

(verificado) npcoolirisplugin.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

(verificado) NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll

(verificado) PicLensHelper.exe C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

(verificado) Pixomatic C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

(verificado) RadioWMPCore.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{9e877ee8-d8e8-48b0-84dd-06917f470dff}\components\RadioWMPCore.dll

(verificado) RadioWMPCore.dll C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\RadioWMPCore.dll

(verificado) RealArcade Mozilla Plugin C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

(verificado) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

(verificado) RealPlayer Download and Record Plugin C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

(verificado) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

(verificado) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

(verificado) RealPlayer HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

(verificado) scpsssh2 Module C:\Program Files\Scpad\scpsssh2.dll

(verificado) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

(verificado) Sistema Operacional Microsoft® Windows® C:\Windows\System32\mswsock.dll

(verificado) Sistema Operacional Microsoft® Windows® C:\Windows\System32\NapiNSP.dll

(verificado) Sistema Operacional Microsoft® Windows® C:\Windows\System32\pnrpnsp.dll

(verificado) Unity Player C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

(verificado) Windows Live Toolbar C:\Program Files\Windows Live\Toolbar\wltcore.dll

(verificado) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

(verificado) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

 

 

Arquivos desaparecidos

----------------------

Arquivos não encontrados: C:\Users\Adm\AppData\Local\Temp\catchme.sys

--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

 

 

Análise

-------

(não assinado) MD5: 8c7efbb06d10dc915809a4931409f06f C:\Program Files\Firefox\freebl3.dll

(não assinado) MD5: f32e5182eebab7698a6c1dd1eb9b2cfc C:\Program Files\Firefox\nssdbm3.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin2.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin3.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin4.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin5.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin6.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Firefox\plugins\npqtplugin7.dll

(não assinado) MD5: 1733738c15ad02fb4ca9f3ce13f40623 C:\Program Files\Firefox\softokn3.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(não assinado) MD5: 24aa2867cb013e30b10114628e3fb2df C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(não assinado) MD5: 9dddf4ab74dd81ab0e0ee56a114634b0 C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

(não assinado) MD5: 7d3903af48e6c1dc2704eafcb608d031 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

(não assinado) MD5: 16e20cbb6b34ab56591448d419df427d C:\Program Files\Real\RealPlayer\lang\rpbrp_br.dll

(não assinado) MD5: d84594f13240a1056ec552e1f526372d C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

(não assinado) MD5: 130221327f5aee8f51d229aa82e92f22 C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

(não assinado) MD5: c4beb16448bde58e8239acbb698d7180 C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

(não assinado) MD5: d892c77afa8afaba6f474a7da401bd7c C:\Windows\system32\Adobe\Director\np32dsw.dll

 

 

Nenhum arquivo carregado.

 

Fim da Análise - a comunicação levou 3 seg

Tráfego Total - 0.03 MB enviados, 0.19 KB receb

Analisados 1179 arquivos e módulos - 32 segundos

 

==============================================================================

[Power Max 54]

QuickScan Beta 32-bit v0.9.9.90

:!: No log do Bitdefender está constando que você fez só uma verificação rápida com ele (QuickScan) e seria importante fazer uma verificação completa. E para fazer este escaneamento completo é preciso usar o navegador Internet Explorer e ir seguindo aquelas dicas do tutorial que tinha te passado.

[Lucas F. dos Santos 0]

Acho que esse programa não é compatível com IE9

todas as vezes que tento fazer o escaneamento acontece isso.

 

 

[Power Max 54]

Acho que esse programa não é compatível com IE9

:seta: Então deixe de lado este Bitdefender Online e siga esta dica, por gentileza:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Lucas F. dos Santos 0]

Meu PC esta muito melhor.

Não estou tendo mais problemas com ele.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:20:49, on 27/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Lucas\Downloads\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - IBM Corporation - (no file)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 6330 bytes

 

 

Verificação automática: concluído 5 horas atrás (eventos: 4, objetos: 689552, hora: 03:45:53)

25/04/2011 18:36:03 Tarefa iniciada Ação padrão selecionada

25/04/2011 19:01:30 Detectados: Trojan.Win32.Rozena.diy C:\Documents and Settings\Adm\Downloads\Remove WAT 2.2.4_www.superdownload.us.rar/Remove WAT 2.2.4.exe Ação padrão selecionada

25/04/2011 19:07:31 Excluído: Trojan.Win32.Rozena.diy C:\Documents and Settings\Adm\Downloads\Remove WAT 2.2.4_www.superdownload.us.rar Ação padrão selecionada

25/04/2011 22:21:57 Tarefa concluída Ação padrão selecionada

[Power Max 54]

Meu PC esta muito melhor.

Não estou tendo mais problemas com ele.

:thumbsup: Ficamos felizes que os problemas foram resolvidos.

_____________________

 

:seta: Abra o Ad-Remover > clique em Uninstall > Aí é só ir seguindo os passos que ele te mostra para desinstalá-lo.

___________________

 

:seta: Renomeie o ComboFix para Uninstall, execute-o e aguarde a sua remoção.

_____________________

 

:seta: Desinstale o Norman Malware Cleaner e o Kaspersky Virus Removal Tool.

____________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isto vá no menu Iniciar > Painel de Controle > Sistema > Proteção do sistema > Configurar... > Desativar a proteção do sistema > Aplicar > Sim > Sim > depois disto você marca novamente a opção Restaurar configurações do sistema e versões anteriores dos arquivos e clique no botão OK.

____________________

 

:) Foi um prazer ajudar, conte sempre conosco!

[Power Max 54]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.