Logo Hardware.com.br
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas

Ajuda com Navegadores fechando sozinhos (Tit.Edit.)

#1 Por sinhow 07/01/2010 - 14:23
POR FAVOR gente. Me ajudem. Não aguento mais, qualquer navegador que eu use (IE, Firefox ou Opera) fica fechando sozinho de 10 em 10 min, dando aquele famoso "este programa encontrou um erro e precisa ser fechado".

No começo era só no Firefox, Eu reinstalei-o e mesmo assim NADA. Quando eu baixei o Opera ficou um tempinho funfando mais depois de um tempo, deu no mesmo. No IE os erros acontecem com menos frequencia, mas mesmo assim... Ainda bem que no Firefox e no Opera dá pra "continuar do ponto em que parei", mas mesmo assim qdo to digitando um post dá esse erro e perco tdo....

Configs:
Intel Pentium D 915
2gb de Mem. DDR2 667Mhz
HD SATA 250gb 7200RPM
Placa gráfica ASUS GeForce 8600GT
Windows XP Pro.

Segue o log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:11, on 7/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\netaps\sysinternals.exe
C:\DOCUME~1\sinho\CONFIG~1\Temp\msseces.exe
C:\windows\netaps\sysinternals.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sinho\Meus documentos\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O1 - Hosts: visanet.com.br
O1 - Hosts: 198.106.42.212# SpyBo t search and Destroy
O1 - Hosts: 198.106.42.212 www.visanet.com.br
O1 - Hosts: 198.106.42.212 www.bancoreal.com.br
O1 - Hosts: 198.106.42.212 real.com.br
O1 - Hosts: 198.106.42.212 www.real.com.br
O1 - Hosts: 198.106.42.212 www.itau.com.br
O1 - Hosts: 198.106.42.212 itau.com.br
O1 - Hosts: 198.106.42.212 www.itaupersonnalite.com.br
O1 - Hosts: 198.106.42.212 itaupersonnalite.com.br
O1 - Hosts: 198.106.42.212 www.itauprivatebank.com.br
O1 - Hosts: 198.106.42.212 itauprivatebank.com.br
O1 - Hosts: 198.106.42.212 www.bb.com.br
O1 - Hosts: 198.106.42.212 bb.com.br
O1 - Hosts: 198.106.42.212 www.bb.gov.br
O1 - Hosts: 198.106.42.212 bb.gov.br
O1 - Hosts: 198.106.42.212 bradesco.com.br
O1 - Hosts: 198.106.42.212 www.bradesco.com.br
O1 - Hosts: 198.106.42.212 www.bradescoprime.com.br
O1 - Hosts: 198.106.42.212 bradescoprime.com.br
O1 - Hosts: 198.106.42.212 bradescojuridico.com.br
O1 - Hosts: 198.106.42.212 www.checktudo.com.br
O1 - Hosts: 198.106.42.212 checktudo.com.br
O1 - Hosts: 198.106.42.212 www.infoseg.gov.br
O1 - Hosts: 198.106.42.212 infoseg.gov.br
O1 - Hosts: 198.106.42.212 www.bradescojuridico.com.br
O1 - Hosts: 198.106.42.212 santander.com.br
O1 - Hosts: 198.106.42.212 www.santander.com.br
O1 - Hosts: 198.106.42.212 banespa.com.br
O1 - Hosts: 198.106.42.212 www.nossacaixa.com.br
O1 - Hosts: 198.106.42.212 nossacaixa.com.br
O1 - Hosts: 198.106.42.212 www.unibanco.com.br
O1 - Hosts: 198.106.42.212 unibanco.com.br
O1 - Hosts: 198.106.42.212 www.banespa.com.br
O1 - Hosts: 198.106.42.212 www.itauprivatebank.com.br
O1 - Hosts: 198.106.42.212 itauprivatebank.com.br
O1 - Hosts: 198.106.42.212 cetelem.com.br
O1 - Hosts: 198.106.42.212 www.cetelem.com.br
O1 - Hosts: 198.106.42.212 citibank.com.br
O1 - Hosts: 198.106.42.212 www.citibank.com.br
O1 - Hosts: 198.106.42.212 www.cartaobndes.gov.br
O1 - Hosts: 198.106.42.212 cartaobndes.gov.br
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Spooler de Impressão] C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\windll.dll update
O4 - HKCU\..\Run: [Serviço de Indexação Windows] C:\windows\netaps\sysinternals.exe
O4 - HKCU\..\Run: [Microsoft Security Essential] "C:\DOCUME~1\sinho\CONFIG~1\Temp\msseces.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\186.18\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download all 4shared files - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6CEE37-638E-4BE5-B52D-0961023F324A}: NameServer = 200.165.132.154 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10215 bytes
erro ie navegadores opera aguento sozinhos fechando firefox ajudem
Responder
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
07/01/2010 - 14:38
smile.png Olá!

veja.png Faça o download do HostsXpert.zip
  • Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)

  • Duplo clique em HostsXpert.exe para executar o programa.

  • Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).

  • Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".

  • Clique no X para sair do programa.
____________________________________


veja.png Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas
#3 Por sinhow
07/01/2010 - 16:53
Acontece que eu já executei o Malwarebytes e havia detectado 26 infecções, removi todas elas, mas eu não salvei o log. Enquanto ao HostXpert já o executei conforme o tutorial.

O novo log do HiJackThis tá assim:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:51, on 7/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Documents and Settings\sinho\Meus documentos\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\186.18\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download all 4shared files - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6CEE37-638E-4BE5-B52D-0961023F324A}: NameServer = 200.165.132.154 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6619 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#4 Por Power Max
07/01/2010 - 21:07
veja.png Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall

Imagem

* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

Imagem

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

Imagem

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas
#5 Por sinhow
07/01/2010 - 23:31
Olha ai o log do ComboFix:
(será que tem algo errado??)

ComboFix 10-01-04.01 - sinho 07/01/2010 22:20:16.2.2 - x86
Executando de: c:\documents and settings\sinho\Desktop\ComboFix.exe
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-08 to 2010-01-08 ))))))))))))))))))))))))))))
.

2010-01-07 20:31 . 2010-01-07 20:31 -------- d-----r- c:\documents and settings\LocalService\Favoritos
2010-01-07 20:31 . 2010-01-07 20:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 19:04 . 2009-07-28 18:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-07 19:04 . 2009-03-30 12:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-07 19:04 . 2009-02-13 14:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-07 19:04 . 2009-02-13 14:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-07 19:04 . 2010-01-07 19:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2010-01-07 19:04 . 2010-01-07 19:04 -------- d-----w- c:\arquivos de programas\Avira
2010-01-04 14:23 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-04 14:11 . 2010-01-04 14:11 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-01-04 14:10 . 2010-01-04 14:10 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-04 13:17 . 2010-01-04 13:19 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\OxelonMC
2010-01-04 13:17 . 2010-01-04 13:17 -------- d-----w- c:\arquivos de programas\OxelonMedia
2010-01-04 02:25 . 2010-01-04 02:25 -------- d-----w- c:\arquivos de programas\Ares
2009-12-24 20:49 . 2009-12-24 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Soulseek
2009-12-23 17:48 . 2009-12-30 19:36 598 ----a-w- C:\fsys.bat
2009-12-19 19:58 . 2010-01-07 17:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-12-15 15:51 . 2009-12-15 15:51 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\Malwarebytes
2009-12-15 15:51 . 2009-12-03 19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 15:51 . 2009-12-15 15:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-12-15 15:51 . 2009-12-15 15:51 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-12-15 15:51 . 2009-12-03 19:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 10:29 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-15 10:29 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2009-12-15 10:29 . 2009-12-15 10:29 -------- d-----w- c:\arquivos de programas\Microsoft ActiveSync
2009-12-15 10:29 . 2009-12-15 10:29 -------- d-----w- c:\arquivos de programas\Windows Mobile Device Handbook
2009-12-13 17:00 . 2009-12-13 17:00 -------- d-----w- c:\windows\system32\Futuremark
2009-12-13 17:00 . 2008-09-17 18:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-13 17:00 . 2009-12-13 17:00 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Futuremark Shared
2009-12-13 16:51 . 2009-12-13 16:51 -------- d-----w- c:\windows\system32\AGEIA
2009-12-13 16:51 . 2009-12-13 16:51 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-12-13 16:51 . 2009-12-13 16:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-12-13 16:51 . 2009-12-13 16:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation
2009-12-13 16:51 . 2009-12-13 16:52 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation
2009-12-13 16:50 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-13 16:50 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-12-13 16:50 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-13 16:50 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-13 16:50 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-13 16:50 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-13 16:50 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-12-13 16:50 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-13 16:50 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-13 16:50 . 2009-12-13 16:50 -------- d-----w- C:\NVIDIA
2009-12-13 14:52 . 2009-12-13 14:52 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2009-12-13 14:52 . 2009-12-13 14:52 -------- d-----w- c:\documents and settings\sinho\SystemRequirementsLab
2009-12-11 20:13 . 2009-12-11 20:13 -------- d-----w- c:\arquivos de programas\KONAMI

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 00:59 . 2009-06-27 23:56 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\uTorrent
2010-01-07 17:28 . 2001-10-28 18:07 80198 ----a-w- c:\windows\system32\perfc016.dat
2010-01-07 17:28 . 2001-10-28 18:07 471376 ----a-w- c:\windows\system32\perfh016.dat
2009-12-13 17:00 . 2009-06-28 12:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-10 03:47 . 2009-06-28 10:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-12-03 10:50 . 2009-12-03 10:49 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\FreeFLVConverter
2009-12-03 10:49 . 2009-12-03 10:49 -------- d-----w- c:\arquivos de programas\Free FLV Converter
2009-12-03 10:31 . 2009-12-03 10:31 -------- d-----w- c:\arquivos de programas\Amaze Flv Downloader
2009-12-02 13:53 . 2009-12-02 13:53 -------- d-----w- c:\arquivos de programas\Microsoft Windows 7 Upgrade Advisor
2009-11-27 09:40 . 2009-11-27 09:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sports Interactive
2009-11-27 09:39 . 2009-11-27 09:39 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\Sports Interactive
2009-11-27 09:37 . 2009-11-27 09:32 -------- d--h--w- c:\arquivos de programas\Zero G Registry
2009-11-27 09:32 . 2009-11-27 09:32 -------- d-----w- c:\arquivos de programas\Sports Interactive
2009-11-26 02:43 . 2009-11-26 02:43 -------- d-----w- c:\arquivos de programas\Microsoft
2009-11-21 02:34 . 2009-06-28 14:44 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-06-10 09:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-06-10 09:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 01:58 . 2009-06-28 10:24 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-11-20 23:32 . 2009-11-20 23:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 23:32 . 2009-11-20 23:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 23:32 . 2009-11-20 23:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 23:32 . 2009-11-20 23:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 23:32 . 2009-11-20 23:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 23:32 . 2009-11-20 23:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-18 15:36 . 2009-11-18 15:36 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\Hewlett-Packard
2009-11-18 15:35 . 2009-11-18 15:30 20449 ----a-w- c:\windows\hpoins01.dat
2009-11-18 15:35 . 2009-06-28 14:20 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-11-18 15:35 . 2009-11-18 15:35 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-11-18 14:27 . 2009-11-18 14:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snct511
2009-11-11 17:50 . 2009-12-03 10:49 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2009-11-11 17:01 . 2009-06-30 14:56 -------- d-----w- c:\documents and settings\sinho\Dados de aplicativos\Ahead
2009-10-29 07:42 . 2004-08-04 03:45 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:01 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:01 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 02:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-04 03:45 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-04 03:45 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 20:10 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-21 23:23 148888 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\PesBoleiroserve\\pes2010.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-28 721904]
R3 cpuz130;cpuz130;c:\docume~1\sinho\CONFIG~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\DRIVERS\snct511.sys [2002-11-26 229376]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

.
Conteúdo da pasta 'Tarefas Agendadas'

2009-12-18 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8258558529.job
- c:\arquivos de programas\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 03:52]

2010-01-08 c:\windows\Tasks\User_Feed_Synchronization-{88ED6F1A-417A-464A-B32A-3C8AFBF4952A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\sinho\Dados de aplicativos\Mozilla\Firefox\Profiles\i5esuppe.default\
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-4shared Update - c:\arquivos de programas\4shared Desktop\checkUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 22:24
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1275210071-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:70,01,bb,e0,c5,73,00,5d,32,d8,ae,fe,67,3c,d5,fd,76,a3,6e,af,cf,
7a,6e,c5,21,9e,05,8f,59,3d,89,0c,58,84,35,9a,1e,f8,c9,fc,d0,dd,0d,cd,76,8b,\
"rkeysecu"=hex:41,38,70,a0,f5,fb,c7,fc,ff,c4,fd,e9,d0,c9,be,71
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-01-07 22:26:39
ComboFix-quarantined-files.txt 2010-01-08 01:26

Pré-execução: 11 pasta(s) 168.786.780.160 bytes disponíveis
Pós execução: 12 pasta(s) 168.752.603.136 bytes disponíveis

- - End Of File - - 7949E8979B0EB1BAC4165F361D635102
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas
#7 Por sinhow
07/01/2010 - 23:45
hmmm... má notícia: firefox acabou de reiniciar...
SERÁ q nesse log do ComboFix deu alguma coisa...??
q m... problema chato da p.
POR FAVOR! ajuda ai...

novo log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:40, on 7/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sinho\Meus documentos\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\186.18\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6CEE37-638E-4BE5-B52D-0961023F324A}: NameServer = 200.165.132.154 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6809 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
08/01/2010 - 09:59
Baixei e instalei o Avira Antivir... fiz o scan e foram detectadas algumas infecções, exclui todas elas...
veja.png Configure o Avira Antivir seguindo as dicas dos tutoriais abaixo:

Tutorial do Avira Antivir 9 free (instalação e configuração)

Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.
_______________________________________________________________

veja.png Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

Ficamos no aguardo de sua resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas
#9 Por sinhow
09/01/2010 - 02:42
log do avira:



Avira AntiVir Personal
Report file date: sexta-feira, 8 de janeiro de 2010 18:34

Scanning for 1512108 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SINHO-EAC71DD88

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 2/12/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 14:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 10:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:07:00
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 19:07:01
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 19:07:01
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 19:07:01
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 19:07:02
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 19:07:02
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 19:07:02
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 19:07:03
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 19:07:03
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 19:07:04
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 19:07:04
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 19:08:05
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 19:08:08
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 19:08:10
VBASE015.VDF : 7.10.1.178 195584 Bytes 7/12/2009 19:08:13
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 19:08:15
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 19:08:18
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 19:08:21
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 19:08:23
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 19:08:25
VBASE021.VDF : 7.10.2.131 201216 Bytes 7/1/2010 19:08:28
VBASE022.VDF : 7.10.2.132 2048 Bytes 7/1/2010 19:08:28
VBASE023.VDF : 7.10.2.133 2048 Bytes 7/1/2010 19:08:29
VBASE024.VDF : 7.10.2.134 2048 Bytes 7/1/2010 19:08:29
VBASE025.VDF : 7.10.2.135 2048 Bytes 7/1/2010 19:08:29
VBASE026.VDF : 7.10.2.136 2048 Bytes 7/1/2010 19:08:29
VBASE027.VDF : 7.10.2.137 2048 Bytes 7/1/2010 19:08:30
VBASE028.VDF : 7.10.2.138 2048 Bytes 7/1/2010 19:08:30
VBASE029.VDF : 7.10.2.139 2048 Bytes 7/1/2010 19:08:30
VBASE030.VDF : 7.10.2.140 2048 Bytes 7/1/2010 19:08:31
VBASE031.VDF : 7.10.2.151 146944 Bytes 8/1/2010 19:05:31
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106867 Bytes 8/11/2009 10:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 7/1/2010 19:09:09
AESCN.DLL : 8.1.3.0 127348 Bytes 7/1/2010 19:09:06
AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 10:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 7/1/2010 19:09:05
AEPACK.DLL : 8.2.0.4 422263 Bytes 7/1/2010 19:08:59
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 10:38:38
AEHEUR.DLL : 8.1.0.194 2228599 Bytes 8/1/2010 19:06:02
AEHELP.DLL : 8.1.9.0 237943 Bytes 7/1/2010 19:08:39
AEGEN.DLL : 8.1.1.83 369014 Bytes 7/1/2010 19:08:37
AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 10:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 7/1/2010 19:08:34
AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 10:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/8/2009 18:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 18:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 18:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 15:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Skipped files.......................: C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe, C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\PesBoleiroserve\pes2010.exe,
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: sexta-feira, 8 de janeiro de 2010 18:34

Starting search for hidden objects.
'33789' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: sexta-feira, 8 de janeiro de 2010 19:12
Used time: 38:44 Minute(s)

The scan has been done completely.

6486 Scanned directories
220918 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
220916 Files not concerned
2402 Archives were scanned
2 Warnings
1 Notes
33789 Objects were scanned with rootkit scan
0 Hidden objects were found



log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:42:04, on 9/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sinho\Meus documentos\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\186.18\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6CEE37-638E-4BE5-B52D-0961023F324A}: NameServer = 200.165.132.154 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7174 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#10 Por Power Max
09/01/2010 - 10:53
veja.png Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
___________________________________

veja.png Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):
http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o texto dentro da Citação (caixa branca) abaixo:

Files to delete:
C:\fsys.bat


*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*O relatório será criado em C:\avenger.txt
___________________________________________

veja.png Siga também as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

Tutorial do Spyware Doctor Starter Edition

Na sua próxima resposta poste este log do Spyware Doctor juntamente com o log que estará em C:\avenger.txt e um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
sinhow
sinhow Novo Membro Registrado
16 Mensagens 0 Curtidas
#11 Por sinhow
10/01/2010 - 14:08
LOG DO AVENGER:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\fsys.bat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


LOG DO HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:57, on 10/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Spyware Doctor\pctsTray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sinho\Meus documentos\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\186.18\english\PhysX_9.09.0428_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B6CEE37-638E-4BE5-B52D-0961023F324A}: NameServer = 200.165.132.154 200.165.132.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Arquivos de programas\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 7819 bytes

O log do Spyware Doctor é mtooo grande e n da pra postar...
o computador parece estar normal(desde ontem)...
OBRIGADOO. PROBLEMA RESOLVIDO!!
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#12 Por Espírita
10/01/2010 - 14:15
Enquanto o Antônio Vieira S... está off!!

Execute o hijackthis e escolha a opção do a system scan only. Selecione os itens:

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

clique em fix checked.

Obs: A Deferência ao tópico é do Antônio Vieira.... ( aguarde! )
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#13 Por Power Max
10/01/2010 - 19:56
smile.png Olá sinhow!

Siga esta dica que o Wolf09 te passou.
________________________________

O log do Spyware Doctor é mtooo grande e n da pra postar...

veja.png Neste caso você pode dividir ele em várias postagens para colocar ele inteiro, ou então você pode hospedar ele em um site como este abaixo:
http://www.badongo.com
Aí no caso de você hospedá-lo poste o link por gentileza para que possamos analizá-lo.

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal