Gente eu to precisando demais da ajuda de vocês!!!!!!
Seguinte, eu acho que to com vírus no pc, naum entendo muito, mas andei dando umas pesquisadas em vários fóruns, e acho que to com vírus no meu pc, mas não consigo encontrar ele pra deletar.
O meu pc tem andado lento demais, ele não era assim antes, e toda vez que eu ligo ele, aparece uma mensagem, que torna a aparecer com o decorrer do tempo, quando to com ele ligado. É uma mensagem em inglês que diz que o meu pc tá com erro de segurança.
Segue abaixo um log do hijackthis pra ver no que vocês podem me ajudar!!!!!
Desde já agradeço a compreensão!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:31, on 10/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\3vh5kXFL.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Windows Live\Messenger\msvs.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~tmpa.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 5.02\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1224957540500
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49EECCBE-A538-44D2-A572-C5666E739ABA}: NameServer = 200.149.55.140 200.165.132.147
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10148 bytes
Problemático
Started By Yahiko_San, 10/01/2009, 00:01
-
This topic is locked
7 replies to this topic
#2
Leone Fernandes
-
- Usuários
-
- 585 posts
(y)
- Sexo:Masculino
- Localidade:Belo Horizonte - MG
Posted 10/01/2009, 23:02
Dê um fix checked nas seguintes entradas:
1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.
[?] - C:\WINDOWS\system32\3vh5kXFL.exe
[X] - O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
[?] - O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[?] - O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
[?] - O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
[?] - O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
[?] - O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
[?] - O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
[?] - O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
[?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{49EECCBE-A538-44D2-A572-C5666E739ABA}: NameServer = 200.149.55.140 200.165.132.147
COMBOFIX
1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.
#3
Yahiko_San
-
- Usuários
-
- 4 posts
Novato no fórum
- Sexo:Não informado
Posted 11/01/2009, 19:57
Olá amigo!
Segue abaixo os logs pedidos depois de efetuar os processos solicitados!
Log do HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:38, on 11/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\3vh5kXFL.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com
R3 - URLSearchHook: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 5.02\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1224957540500
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8203 bytes
Log do Combofix:
ComboFix 09-01-08.05 - Administrador 2009-01-11 16:30:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.560 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))
.
2009-01-11 16:28 . 2009-01-11 16:29 <DIR> d-------- C:\32788R22FWJFW
2009-01-11 13:29 . 2009-01-11 13:29 <DIR> d-------- c:\arquivos de programas\CCleaner
2009-01-11 12:15 . 2009-01-11 13:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-01-11 01:56 . 2009-01-11 01:56 <DIR> d-------- c:\windows\system32\xircom
2009-01-11 01:56 . 2009-01-11 01:56 <DIR> d-------- c:\arquivos de programas\microsoft frontpage
2009-01-10 17:00 . 2009-01-10 17:00 <DIR> d-------- c:\documents and settings\NetworkService\Dados de aplicativos\AVGTOOLBAR
2009-01-10 14:10 . 2009-01-11 13:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-10 14:06 . 2009-01-11 11:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-10 14:06 . 2009-01-11 15:35 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR
2009-01-10 14:06 . 2009-01-10 14:06 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-10 14:06 . 2009-01-10 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-10 14:05 . 2009-01-10 14:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-01-10 14:05 . 2009-01-10 14:05 <DIR> d-------- c:\arquivos de programas\AVG
2009-01-10 14:05 . 2009-01-10 14:05 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-08 23:00 . 2009-01-08 23:00 <DIR> dr------- c:\documents and settings\NetworkService\Favoritos
2009-01-08 21:59 . 2009-01-09 22:23 73,728 --a------ c:\windows\system32\3vh5kXFL.exe
2009-01-08 21:51 . 2009-01-08 21:51 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework
2009-01-08 21:49 . 2009-01-08 21:49 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive
2009-01-08 21:49 . 2009-01-08 21:52 <DIR> d-------- c:\arquivos de programas\Microsoft
2008-12-31 22:02 . 2008-12-31 22:02 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-31 22:02 . 2008-12-31 22:02 <DIR> d-------- c:\arquivos de programas\NGPixel Studios
2008-12-31 21:54 . 2008-12-31 21:55 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SoundSpectrum
2008-12-31 21:47 . 2008-12-31 21:47 <DIR> d-------- c:\arquivos de programas\SoundSpectrum
2008-12-31 21:47 . 2008-12-31 21:47 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real
2008-12-31 21:20 . 2008-12-31 21:20 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2
2008-12-31 21:19 . 2008-12-31 21:19 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-31 21:19 . 2008-12-31 21:20 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-31 21:19 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-12-31 19:15 . 2008-12-31 19:15 <DIR> d-------- c:\windows\system32\DllCache
2008-12-31 19:15 . 2006-10-04 12:06 1,197,294 --------- c:\windows\system32\DllCache\sysmain.sdb
2008-12-31 19:15 . 2006-10-04 12:06 764,868 --------- c:\windows\system32\DllCache\apph_sp.sdb
2008-12-31 19:15 . 2006-10-04 12:06 217,118 --------- c:\windows\system32\DllCache\apphelp.sdb
2008-12-31 19:05 . 2008-12-31 19:05 <DIR> d-a------ c:\windows\system32\oobe
2008-12-27 23:20 . 2008-12-27 23:20 2,887,680 --a------ c:\windows\system32\VagalumePluginWMP.dll
2008-12-25 20:07 . 2008-12-31 20:03 5,120 --ahs---- c:\windows\system32\Thumbs.db
2008-12-25 12:22 . 2008-12-25 12:22 <DIR> d-------- c:\arquivos de programas\OTS_Software
2008-12-25 12:22 . 2008-12-25 12:22 <DIR> d-------- c:\arquivos de programas\Conduit
2008-12-25 03:13 . 2008-12-30 23:13 34 --a------ c:\windows\rsui2.bin
2008-12-25 03:12 . 2008-12-25 03:12 <DIR> d-------- c:\arquivos de programas\NVIDIA Corporation
2008-12-25 03:12 . 2003-04-30 13:25 671,744 -ra------ c:\windows\system32\DolbyHph.dll
2008-12-25 03:12 . 2003-04-30 13:24 24,576 -ra------ c:\windows\system32\msxml3a.dll
2008-12-25 02:57 . 2008-12-25 02:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA
2008-12-24 14:39 . 2009-01-09 23:41 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-24 14:39 . 2008-12-24 14:39 1,409 --a------ c:\windows\QTFont.for
2008-12-23 22:27 . 2009-01-10 20:34 53 --a------ c:\windows\GunzLauncher.INI
2008-12-23 21:49 . 2008-12-23 21:49 <DIR> d-------- c:\arquivos de programas\LevelUpGames
2008-12-23 20:24 . 2008-12-23 20:27 806,370 --a------ c:\windows\system32\01dczxjf
2008-12-23 10:57 . 2008-12-23 11:14 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2008-12-23 10:50 . 2008-12-23 11:23 <DIR> d-------- c:\arquivos de programas\silent hill 4
2008-12-23 00:10 . 2008-12-23 00:34 <DIR> d-------- c:\windows\system32\Adobe
2008-12-19 11:44 . 2008-12-19 11:44 16,952 --a------ c:\documents and settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:19 --------- d-----w c:\arquivos de programas\Google
2009-01-11 02:55 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\FrostWire
2009-01-11 00:00 --------- d-----w c:\arquivos de programas\Windows Live Safety Center
2009-01-10 03:12 768 --sha-w C:\tl6jovma.sys
2009-01-08 23:52 --------- d-----w c:\arquivos de programas\Windows Live
2009-01-07 02:29 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2009-01-05 14:26 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\dvdcss
2008-12-31 15:50 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express
2008-12-25 22:08 --------- d-----w c:\arquivos de programas\FrostWire
2008-12-25 22:08 --------- d-----w c:\arquivos de programas\Frets on Fire
2008-12-25 05:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-12-23 20:19 --------- d-----w c:\arquivos de programas\ESET
2008-12-11 20:43 1,384,479 ----a-w c:\windows\system32\msvbvm60.dll
2008-12-10 22:34 --------- d-----w c:\arquivos de programas\Activision
2008-12-10 22:33 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2008-12-07 03:39 --------- d-----w c:\arquivos de programas\Project64 1.6
2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 17:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Auslogics
2008-12-04 17:41 --------- d-----w c:\arquivos de programas\Auslogics
2008-12-03 00:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-23 00:51 --------- d-----w c:\arquivos de programas\uTorrent
2008-11-19 01:25 --------- d-----w c:\arquivos de programas\Max Payne
2008-11-17 23:37 --------- d-----w c:\arquivos de programas\DVD and CD Designer
2008-11-17 23:24 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-17 23:24 249,856 ------w c:\windows\Setup1.exe
2008-11-15 02:26 --------- d-----w c:\arquivos de programas\Doom 3
2008-11-13 11:41 --------- d-----w c:\arquivos de programas\MegaJogos
2008-11-11 01:30 --------- d-----w c:\arquivos de programas\MP3 Player Utilities 4.00
2008-11-11 01:12 --------- d-----w c:\arquivos de programas\MP3 Player Utilities 5.02
2008-10-28 23:47 161,352 ----a-w c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-11_ 1.04.29,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-01-11 17:33:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_568.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
2008-02-14 14:54 1555480 --a------ c:\arquivos de programas\OTS_Software\tbOTS_.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E41B29E5-88B5-40B1-903E-080E0F2C4B65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-13 7630848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-13 86016]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-10 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-03-13 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 111184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-10 97928]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-05 20560]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-10 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-10 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-10 76040]
R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f2a034-b173-11dd-9ac1-000feab2dcb7}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7b66cc-a6ee-11dd-9a84-000feab2dcb7}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-11 c:\windows\Tasks\At1.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At10.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At11.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At12.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At13.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At14.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At15.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At16.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At17.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At18.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At19.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At2.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At20.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At21.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At22.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At23.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At24.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At25.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At26.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At27.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At28.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At29.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At3.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At30.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At31.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At32.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At33.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At34.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At35.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At36.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At37.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At38.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At39.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At4.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At40.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At41.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At42.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At43.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At44.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At45.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At46.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At47.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At48.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At49.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At5.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At50.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At51.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At52.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At53.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At54.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At55.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At56.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At57.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At58.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At59.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At6.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At60.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At61.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At62.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At63.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At64.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At65.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At66.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At67.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At68.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At69.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At7.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At70.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At71.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At72.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At8.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At9.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 12:15]
.
.
------- Scan Suplementar -------
.
mStart Page = hxxp://br.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: AMV convert tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 5.02\AMVConverter\grab.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qr0qved1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\arquivos de programas\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 16:32:14
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\avgrsstx.dll
.
Tempo para conclusão: 2009-01-11 16:33:48
ComboFix-quarantined-files.txt 2009-01-11 18:33:40
ComboFix2.txt 2009-01-11 03:05:46
Pré-execução: 15 pasta(s) 107.796.705.280 bytes disponíveis
Pós execução: 15 pasta(s) 107,819,155,456 bytes disponíveis
371
Bem, depois disso tudo, o problema que eu tinha antes que dava o erro de segurança sumiu, mas eu não consigo desfragmentar o disco. Quando uso o desfragmentador o pc simplesmente trava todo.
Mas no resto tá tudo ok!!!!
Segue abaixo os logs pedidos depois de efetuar os processos solicitados!
Log do HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:38, on 11/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\3vh5kXFL.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com
R3 - URLSearchHook: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Arquivos de programas\OTS_Software\tbOTS_.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 5.02\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1224957540500
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8203 bytes
Log do Combofix:
ComboFix 09-01-08.05 - Administrador 2009-01-11 16:30:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.560 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))
.
2009-01-11 16:28 . 2009-01-11 16:29 <DIR> d-------- C:\32788R22FWJFW
2009-01-11 13:29 . 2009-01-11 13:29 <DIR> d-------- c:\arquivos de programas\CCleaner
2009-01-11 12:15 . 2009-01-11 13:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-01-11 01:56 . 2009-01-11 01:56 <DIR> d-------- c:\windows\system32\xircom
2009-01-11 01:56 . 2009-01-11 01:56 <DIR> d-------- c:\arquivos de programas\microsoft frontpage
2009-01-10 17:00 . 2009-01-10 17:00 <DIR> d-------- c:\documents and settings\NetworkService\Dados de aplicativos\AVGTOOLBAR
2009-01-10 14:10 . 2009-01-11 13:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-10 14:06 . 2009-01-11 11:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-10 14:06 . 2009-01-11 15:35 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR
2009-01-10 14:06 . 2009-01-10 14:06 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-10 14:06 . 2009-01-10 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-10 14:05 . 2009-01-10 14:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-01-10 14:05 . 2009-01-10 14:05 <DIR> d-------- c:\arquivos de programas\AVG
2009-01-10 14:05 . 2009-01-10 14:05 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-08 23:00 . 2009-01-08 23:00 <DIR> dr------- c:\documents and settings\NetworkService\Favoritos
2009-01-08 21:59 . 2009-01-09 22:23 73,728 --a------ c:\windows\system32\3vh5kXFL.exe
2009-01-08 21:51 . 2009-01-08 21:51 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework
2009-01-08 21:49 . 2009-01-08 21:49 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive
2009-01-08 21:49 . 2009-01-08 21:52 <DIR> d-------- c:\arquivos de programas\Microsoft
2008-12-31 22:02 . 2008-12-31 22:02 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-31 22:02 . 2008-12-31 22:02 <DIR> d-------- c:\arquivos de programas\NGPixel Studios
2008-12-31 21:54 . 2008-12-31 21:55 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SoundSpectrum
2008-12-31 21:47 . 2008-12-31 21:47 <DIR> d-------- c:\arquivos de programas\SoundSpectrum
2008-12-31 21:47 . 2008-12-31 21:47 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real
2008-12-31 21:20 . 2008-12-31 21:20 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2
2008-12-31 21:19 . 2008-12-31 21:19 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-31 21:19 . 2008-12-31 21:20 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-31 21:19 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-12-31 19:15 . 2008-12-31 19:15 <DIR> d-------- c:\windows\system32\DllCache
2008-12-31 19:15 . 2006-10-04 12:06 1,197,294 --------- c:\windows\system32\DllCache\sysmain.sdb
2008-12-31 19:15 . 2006-10-04 12:06 764,868 --------- c:\windows\system32\DllCache\apph_sp.sdb
2008-12-31 19:15 . 2006-10-04 12:06 217,118 --------- c:\windows\system32\DllCache\apphelp.sdb
2008-12-31 19:05 . 2008-12-31 19:05 <DIR> d-a------ c:\windows\system32\oobe
2008-12-27 23:20 . 2008-12-27 23:20 2,887,680 --a------ c:\windows\system32\VagalumePluginWMP.dll
2008-12-25 20:07 . 2008-12-31 20:03 5,120 --ahs---- c:\windows\system32\Thumbs.db
2008-12-25 12:22 . 2008-12-25 12:22 <DIR> d-------- c:\arquivos de programas\OTS_Software
2008-12-25 12:22 . 2008-12-25 12:22 <DIR> d-------- c:\arquivos de programas\Conduit
2008-12-25 03:13 . 2008-12-30 23:13 34 --a------ c:\windows\rsui2.bin
2008-12-25 03:12 . 2008-12-25 03:12 <DIR> d-------- c:\arquivos de programas\NVIDIA Corporation
2008-12-25 03:12 . 2003-04-30 13:25 671,744 -ra------ c:\windows\system32\DolbyHph.dll
2008-12-25 03:12 . 2003-04-30 13:24 24,576 -ra------ c:\windows\system32\msxml3a.dll
2008-12-25 02:57 . 2008-12-25 02:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA
2008-12-24 14:39 . 2009-01-09 23:41 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-24 14:39 . 2008-12-24 14:39 1,409 --a------ c:\windows\QTFont.for
2008-12-23 22:27 . 2009-01-10 20:34 53 --a------ c:\windows\GunzLauncher.INI
2008-12-23 21:49 . 2008-12-23 21:49 <DIR> d-------- c:\arquivos de programas\LevelUpGames
2008-12-23 20:24 . 2008-12-23 20:27 806,370 --a------ c:\windows\system32\01dczxjf
2008-12-23 10:57 . 2008-12-23 11:14 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2008-12-23 10:50 . 2008-12-23 11:23 <DIR> d-------- c:\arquivos de programas\silent hill 4
2008-12-23 00:10 . 2008-12-23 00:34 <DIR> d-------- c:\windows\system32\Adobe
2008-12-19 11:44 . 2008-12-19 11:44 16,952 --a------ c:\documents and settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:19 --------- d-----w c:\arquivos de programas\Google
2009-01-11 02:55 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\FrostWire
2009-01-11 00:00 --------- d-----w c:\arquivos de programas\Windows Live Safety Center
2009-01-10 03:12 768 --sha-w C:\tl6jovma.sys
2009-01-08 23:52 --------- d-----w c:\arquivos de programas\Windows Live
2009-01-07 02:29 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2009-01-05 14:26 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\dvdcss
2008-12-31 15:50 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express
2008-12-25 22:08 --------- d-----w c:\arquivos de programas\FrostWire
2008-12-25 22:08 --------- d-----w c:\arquivos de programas\Frets on Fire
2008-12-25 05:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-12-23 20:19 --------- d-----w c:\arquivos de programas\ESET
2008-12-11 20:43 1,384,479 ----a-w c:\windows\system32\msvbvm60.dll
2008-12-10 22:34 --------- d-----w c:\arquivos de programas\Activision
2008-12-10 22:33 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2008-12-07 03:39 --------- d-----w c:\arquivos de programas\Project64 1.6
2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 17:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Auslogics
2008-12-04 17:41 --------- d-----w c:\arquivos de programas\Auslogics
2008-12-03 00:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-23 00:51 --------- d-----w c:\arquivos de programas\uTorrent
2008-11-19 01:25 --------- d-----w c:\arquivos de programas\Max Payne
2008-11-17 23:37 --------- d-----w c:\arquivos de programas\DVD and CD Designer
2008-11-17 23:24 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-17 23:24 249,856 ------w c:\windows\Setup1.exe
2008-11-15 02:26 --------- d-----w c:\arquivos de programas\Doom 3
2008-11-13 11:41 --------- d-----w c:\arquivos de programas\MegaJogos
2008-11-11 01:30 --------- d-----w c:\arquivos de programas\MP3 Player Utilities 4.00
2008-11-11 01:12 --------- d-----w c:\arquivos de programas\MP3 Player Utilities 5.02
2008-10-28 23:47 161,352 ----a-w c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-11_ 1.04.29,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-01-11 14:20:15 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-01-11 17:33:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_568.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
2008-02-14 14:54 1555480 --a------ c:\arquivos de programas\OTS_Software\tbOTS_.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e41b29e5-88b5-40b1-903e-080e0f2c4b65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E41B29E5-88B5-40B1-903E-080E0F2C4B65}"= "c:\arquivos de programas\OTS_Software\tbOTS_.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{e41b29e5-88b5-40b1-903e-080e0f2c4b65}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-13 7630848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-13 86016]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-10 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-03-13 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 111184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-10 97928]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-05 20560]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-10 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-10 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-10 76040]
R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f2a034-b173-11dd-9ac1-000feab2dcb7}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7b66cc-a6ee-11dd-9a84-000feab2dcb7}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-11 c:\windows\Tasks\At1.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At10.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At11.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At12.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At13.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At14.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At15.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At16.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At17.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At18.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At19.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At2.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At20.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At21.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At22.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At23.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At24.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At25.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At26.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At27.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At28.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At29.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At3.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At30.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At31.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At32.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At33.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At34.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At35.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At36.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At37.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At38.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At39.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At4.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At40.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At41.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At42.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At43.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At44.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-09 c:\windows\Tasks\At45.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At46.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At47.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At48.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At49.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At5.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At50.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At51.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At52.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At53.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At54.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At55.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At56.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At57.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At58.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At59.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At6.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At60.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At61.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At62.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At63.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At64.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At65.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At66.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At67.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At68.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At69.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At7.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-10 c:\windows\Tasks\At70.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At71.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\At72.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At8.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-08 c:\windows\Tasks\At9.job
- c:\windows\system32\3vh5kXFL.exe [2009-01-09 22:23]
2009-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 12:15]
.
.
------- Scan Suplementar -------
.
mStart Page = hxxp://br.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: AMV convert tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 5.02\AMVConverter\grab.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qr0qved1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\arquivos de programas\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 16:32:14
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\avgrsstx.dll
.
Tempo para conclusão: 2009-01-11 16:33:48
ComboFix-quarantined-files.txt 2009-01-11 18:33:40
ComboFix2.txt 2009-01-11 03:05:46
Pré-execução: 15 pasta(s) 107.796.705.280 bytes disponíveis
Pós execução: 15 pasta(s) 107,819,155,456 bytes disponíveis
371
Bem, depois disso tudo, o problema que eu tinha antes que dava o erro de segurança sumiu, mas eu não consigo desfragmentar o disco. Quando uso o desfragmentador o pc simplesmente trava todo.
Mas no resto tá tudo ok!!!!
#4
Leone Fernandes
-
- Usuários
-
- 585 posts
(y)
- Sexo:Masculino
- Localidade:Belo Horizonte - MG
Posted 11/01/2009, 21:23
Baixe o Killbox.
Abra o Killbox. Marque a opção "Delete on Reboot".
Na caixa de texto, digite:
Reinicie o computador normalmente e tente fazer a desfragmentação.
Diga se deu certo ou não.
Abraços.
Abra o Killbox. Marque a opção "Delete on Reboot".
Na caixa de texto, digite:
Clique no X e responda Não à pergunta.C:\WINDOWS\system32\3vh5kXFL.exe
Reinicie o computador normalmente e tente fazer a desfragmentação.
Diga se deu certo ou não.
Abraços.
Edição feita por: Northon, 11/01/2009, 21:23.
#5
Yahiko_San
-
- Usuários
-
- 4 posts
Novato no fórum
- Sexo:Não informado
Posted 12/01/2009, 19:20
Baixe o Killbox.
Abra o Killbox. Marque a opção "Delete on Reboot".
Na caixa de texto, digite:Clique no X e responda Não à pergunta.C:\WINDOWS\system32\3vh5kXFL.exe
Reinicie o computador normalmente e tente fazer a desfragmentação.
Diga se deu certo ou não.
Abraços.
Oi Northon!
Continua a mesma coisa. Trava na hora de fazer a desfragmentação!!!!
Não deu certo! Infelizmente!!!!!
#6
Leone Fernandes
-
- Usuários
-
- 585 posts
(y)
- Sexo:Masculino
- Localidade:Belo Horizonte - MG
Posted 12/01/2009, 19:33
Deve ser a temperatura do computador, já tento mudar ele para um lugar onde circula mais ar?
#7
Yahiko_San
-
- Usuários
-
- 4 posts
Novato no fórum
- Sexo:Não informado
Posted 12/01/2009, 22:24
Deve ser a temperatura do computador, já tento mudar ele para um lugar onde circula mais ar?
Ainda não!!!!
Agora eu to deligando já, mas amanhã então, assim que eu ligar o pc, eu tento passar o desfragmentador, já que o pc vai estar fesquinho, recém ligado!!!!!
Amanhã te dou retorno.
Gostaria de agradecer desde já a ajuda que vc tem prestado.
Abração Northon!!
#8
Leone Fernandes
-
- Usuários
-
- 585 posts
(y)
- Sexo:Masculino
- Localidade:Belo Horizonte - MG
Posted 23/01/2009, 16:33
Tópico Fechado!
Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..
Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..
0 user(s) are reading this topic
0 membro(s), 0 visitante(s) e 0 membros anônimo(s)
