[Resolvido] &nbspRemoção de vírus e Malware

rmoralez · Agosto 15, 2011

Bom dia!

Novamente venho com o mesmo vírus e alguns novos Malwares na máquina. Caso algum participante tenho a possibilidade de me ajudar na remoção agredeço muito.

Por enquanto obrigado a todos!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:33:28, on 15/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP UT\bin\hppusg.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\conhost.exe

C:\Controle de Virus\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjM1MjA4MDkyLVFJWDErNC1YMjAxMCsyLUxJQysxMS1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMQ"&"prod=90"&"ver=10.0.1382

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-21-2753892991-3215369525-407128404-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-2753892991-3215369525-407128404-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 7338 bytes

*** log do AVG ***

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\FIEL\Phoenix\PHBackup.exe";"N/D";"12/08/2011, 15:27:26"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\FIEL\Phoenix\folha.exe";"N/D";"12/08/2011, 15:27:29"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\adm\instalar.exe";"N/D";"12/08/2011, 15:27:29"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Adm.exe";"N/D";"12/08/2011, 15:27:30"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\arqCprn.exe";"N/D";"12/08/2011, 15:27:31"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\BAckupP.exe";"N/D";"12/08/2011, 15:27:31"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\contabil\Instalar.exe";"N/D";"12/08/2011, 15:27:31"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\escrita\Instalar.exe";"N/D";"12/08/2011, 15:27:31"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Gescon.exe";"N/D";"12/08/2011, 15:27:32"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Estacao.exe";"N/D";"12/08/2011, 15:27:33"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\folha\Instalar.exe";"N/D";"12/08/2011, 15:27:33"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\JrPgDAS.exe";"N/D";"12/08/2011, 15:27:33"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\gescon\Instalar.exe";"N/D";"12/08/2011, 15:27:33"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\LimpaADM.exe";"N/D";"12/08/2011, 15:27:34"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\irpj\Instalar.exe";"N/D";"12/08/2011, 15:27:34"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Pgwf.exe";"N/D";"12/08/2011, 15:27:35"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\PgwJr.exe";"N/D";"12/08/2011, 15:27:36"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\PHBackup.exe";"N/D";"12/08/2011, 15:27:37"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Start.exe";"N/D";"12/08/2011, 15:27:38"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\Visual.exe";"N/D";"12/08/2011, 15:27:38"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\WinButil.exe";"N/D";"12/08/2011, 15:27:40"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\phoenix\RegAsm.exe";"N/D";"12/08/2011, 15:27:41"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Eltek\Certidões\DCTFSemestralV1.0.EXE";"N/D";"12/08/2011, 15:27:41"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\cht\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:41"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\cs\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:41"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\ger\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:42"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\hu\kb888111xpsp1.exe";"N/D";"12/08/2011, 15:27:42"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\MSHDQFE\Win2K_XP\ru\kb888111xpsp2.exe";"N/D";"12/08/2011, 15:27:42"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\RtlUpd.exe";"N/D";"12/08/2011, 15:27:42"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\AlcWzrd.exe";"N/D";"12/08/2011, 15:27:43"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\MicCal.exe";"N/D";"12/08/2011, 15:27:43"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Audio\Audio\AZALIA\WDM\SoundMan.exe";"N/D";"12/08/2011, 15:27:43"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Chipset\Chipset\VN890\Setup.exe";"N/D";"12/08/2011, 15:27:44"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\s3minset.exe";"N/D";"12/08/2011, 15:27:44"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\S3TrayP.exe";"N/D";"12/08/2011, 15:27:44"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\GilConsult\drivers microboard\Video fdp\Video\VN896_15131509_XP_w12x8_logod\VModes.exe";"N/D";"12/08/2011, 15:27:44"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Raul\irpf2007v2.0.exe";"N/D";"12/08/2011, 15:27:45"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Rbs\balanco.exe";"N/D";"12/08/2011, 15:27:45"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Raul\Notbook Vendido ao Bola\Rbs\PERDCOMPv2.2.EXE";"N/D";"12/08/2011, 15:27:46"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DACON Mensal-Semestral\DACONMS21.exe";"N/D";"12/08/2011, 15:27:46"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DACON Mensal-Semestral\Desinstalar21\Desinstalar21.exe";"N/D";"12/08/2011, 15:27:46"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V10\DIPJ2009V10.exe";"N/D";"12/08/2011, 15:27:46"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V20\DIPJ2009V20.exe";"N/D";"12/08/2011, 15:27:47"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\DIPJ2009V21\DIPJ2009V21.exe";"N/D";"12/08/2011, 15:27:47"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\IRPF2009\IRPF2009.EXE";"N/D";"12/08/2011, 15:27:47"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Simone Rbs\IRPF2009\UNWISE.EXE";"N/D";"12/08/2011, 15:27:47"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\Site RBS\Transfer Pricing\Custeio.exe";"N/D";"12/08/2011, 15:27:48"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\SP Vacinas\Formulario para protesto.exe";"N/D";"12/08/2011, 15:27:48"

"Infecção";"Vírus identificado Win32/Gaelicum.A ";"c:\SharedDocs\VERIFICA\Verifica Equipamento\maquina.exe";"N/D";"12/08/2011, 15:27:51"

"Malware";"PE_TENGA.A";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\SETUP.EXE";"N/D";"22/06/2011, 13:18:09"

"Malware";"Win32.Tenga.a";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\WDM\ALCMTR.EXE";"N/D";"22/06/2011, 13:18:43"

"Malware";"W32/Stanit";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\VIDEO FDP\VIDEO\VN896_15131509_XP_W12X8_LOGOD\SETUP.EXE";"N/D";"22/06/2011, 13:19:17"

"Malware";"PE_TENGA.A";"C:\SHAREDDOCS\RAUL\NOTBOOK VENDIDO AO BOLA\GILCONSULT\DRIVERS MICROBOARD\AUDIO\AUDIO\AZALIA\SETCDFMT.EXE";"N/D";"22/06/2011, 13:17:53"

Abraços,

Power Max · Agosto 16, 2011

:) Olá rmoralez!

:seta: Para evitar que os problemas voltem, desative a restauração do sistema e mantenha ela desativada até que o problema tenha sido resolvido. Para isso, siga as dicas do site abaixo:

http://pt.kioskea.net/faq/7850-windows-7-desativar-reativar-a-restauracao-do-sistema

____________________

:seta: Depois disto siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

rmoralez · Agosto 23, 2011

Olá Antonio,

Primeiramente obrigado pela postagem de ajuda, e peço desculpas pela demora da resposta.

No mesmo dia que postei o problema o AVG deu pau e acabei removendo ele e instalando o Avast (todos free). Depois disto aparentemente os vírus não apareceram, hoje fiz os procedimentos solicitados.

Gerei os logs e um pouco mais tarde para minha surpresa um dos vírus (TENGA) voltou a aparecer, mas o Avast recuperou e solicitou um escaneamento por agendamento, o que fiz e novamente um vírus foi encontrado e removido. Assim vou postar dois logs do HijackThis.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e071b96502f46b468b7840194104852e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-23 02:49:49

# local_time=2011-08-23 11:49:49 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 15733032 15733032 0 0

# compatibility_mode=5893 16776573 100 94 0 65654962 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=180069

# found=0

# cleaned=0

# scan_time=4418

1º log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:56:14, on 23/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP UT\bin\hppusg.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Controle de Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjQ4MzA3MTEwLVFJWDErNC1YMjAxMCsyLUxJQysxMS1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMA"&"prod=90"&"ver=10.0.1392

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe