Logo Hardware.com.br
wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida

Análise de log do hijack this

#1 Por wagnerdual20... 21/04/2010 - 12:58
Bom dia.
Alguém pode analizar o meu log por favor ?
aí vai :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:03, on 21/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\wagner henrique\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9774 bytes
Grato !!!
bom analise log this analizar v202 hijack logfile dia
wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida
#3 Por wagnerdual20...
21/04/2010 - 23:33
Boa noite.
Como pedido, o log :
.
======= LOGFILE OF AD-REMOVER 2.0.0.0,C | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21/04/10 à 13:40
Contact: [email]AdRemover.contact@gmail.com[/email]
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 23:11:12 le 21/04/2010 | Normal boot | Option: SCAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft® Windows XP™ Service Pack 2 - X86
Computer name: MATOSLTD-465A48
Current user: wagner henrique (Administrator)
.
============== FOUND ELEMENTS ==============
.
.
C:\Arquivos de programas\AskSBar
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Classes\ComObject.DeskbarEnabler
HKLM\Software\Classes\ComObject.DeskbarEnabler.1
HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
.
.
============== ADDITIONNAL SCAN ==============
.
* Mozilla FireFox Version 3.6 (pt-BR) *
.
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\wagner henrique\\Meus documentos\\programas e utilitários
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage: www.google.com.br
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - keyword.URL: hxxp://www.bing.com/search?FORM=IEFM1&q=
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - keyword.URL: hxxp://home.speedbit.com/search.aspx?aff=206&q=
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage,hxxp://home.speedbit.com/?aff=205
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\eron de matos\\Meus documentos\\Minhas imagens\\lau
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.startup.homepage: hxxp://www.google.com.br/
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.startup.homepage: hxxp://search.babylon.com/home
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Search_URL: hxxp://www.google.com/ie
Do404Search: 0x01000000
Enable Browser Extensions: no
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: about:blank
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: about:blank
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: hxxp://home.speedbit.com/tab/?aff=205
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\wagner henrique\Meus documentos\vinil deck\Vinyl\CPL\vpatch.exe
.
========================================
.
C:\DOCUME~1\WAGNER~1\CONFIG~1\Temp: 220 Files, 9 Folders
C:\WINDOWS\temp: 136 Files, 10 Folders
Temporary Internet Files: 38 Files, 11 Folders
.
C:\Ad-Remover\Quarantine: 0 Files
C:\Ad-Remover\Backup: 1 Files
.
C:\Ad-Report-SCAN[1].txt - 499 Byte(s)
C:\Ad-Report-SCAN[2].txt - 6370 Byte(s)
.
End at: 23:28:00, 21/04/2010
.
============== E.O.F - SCAN[2] ==============
wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida
#5 Por wagnerdual20...
22/04/2010 - 21:55
Boa noite.
Wolf eu fiz o que vc falou. Aí estão os dois logs :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:47, on 22/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\wagner henrique\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9358 bytes








.
======= LOGFILE OF AD-REMOVER 2.0.0.0,C | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21/04/10 à 13:40
Contact: [email]AdRemover.contact@gmail.com[/email]
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 21:33:02 le 22/04/2010 | Normal boot | Option: CLEAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft® Windows XP™ Service Pack 2 - X86
Computer name: MATOSLTD-465A48
Current user: wagner henrique (Administrator)
.
============== FIXED ELEMENTS ==============
.
.

(!) -- Deleted temporary files.
.
.
(Orphan) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID missing)
(Orphan) HKLM,Uninstall - InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} - C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} (File missing)
(Orphan) HKLM,Uninstall - Nero - Burning Rom!UninstallKey - C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL (File missing)
(Orphan) HKLM,Uninstall - NeroShowTime!UninstallKey - C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL (File missing)
(Orphan) HKLM,Uninstall - {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 - C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" (File missing)
.
============== ADDITIONNAL SCAN ==============
.
* Mozilla FireFox Version 3.6 (pt-BR) *
.
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\wagner henrique\\Meus documentos\\programas e utilitários
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage: www.google.com.br
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - keyword.URL: hxxp://www.bing.com/search?FORM=IEFM1&q=
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - keyword.URL: hxxp://home.speedbit.com/search.aspx?aff=206&q=
C:\Documents and Settings\wagner henrique\Dados de aplicativos\mozilla\firefox\profiles\k009uucu.default\prefs.js - browser.startup.homepage,hxxp://home.speedbit.com/?aff=205
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\eron de matos\\Meus documentos\\Minhas imagens\\lau
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.startup.homepage: hxxp://www.google.com.br/
C:\Documents and Settings\eron de matos\Dados de aplicativos\Mozilla\Firefox\Profiles\fydz2db7.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.defaultenginename: Search the web Babylon
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.defaulturl: hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.search.selectedEngine: Search the web Babylon
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.startup.homepage: hxxp://search.babylon.com/home
C:\Documents and Settings\larissa cristina\Dados de aplicativos\Mozilla\Firefox\Profiles\dthzptz2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: no
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Documents and Settings\wagner henrique\Meus documentos\vinil deck\Vinyl\CPL\vpatch.exe
.
========================================
.
C:\DOCUME~1\WAGNER~1\CONFIG~1\Temp: 0 Files, 9 Folders
C:\WINDOWS\temp: 3 Files, 10 Folders
Temporary Internet Files: 2 Files, 11 Folders
.
C:\Ad-Remover\Quarantine: 0 Files
C:\Ad-Remover\Backup: 14 Files
.
C:\Ad-Report-CLEAN[1].txt - 9577 Byte(s)
C:\Ad-Report-CLEAN[2].txt - 500 Byte(s)
C:\Ad-Report-CLEAN[3].txt - 6632 Byte(s)
C:\Ad-Report-SCAN[1].txt - 499 Byte(s)
C:\Ad-Report-SCAN[2].txt - 6494 Byte(s)
.
End at: 21:50:04, 22/04/2010
.
============== E.O.F - CLEAN[3] ==============
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#6 Por igoreso
22/04/2010 - 22:25
Olá wagnerdual2010,Imagem
Enquanto o colega wolf09 testá offiline. Vou te ajudar.
Etapa 1
Feche todos os programas e abra novamente o Hijackthis,clique em Do a system scan only, marque a linha abaixo e clique em Fix checked:
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll     

O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL 

O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll     

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll     

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll     

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll     

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll     

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll     

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll (file missing)
Etapa 2
Leia esse tópico e instale o Malwarebytes e faça uma verificação completa, e cole o log na junto na resposta. Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem

Etapa 3
Recomendo que desinstale os programas abaixo:
Iniciar> Painel de Controle> Adicionar / Remover Programas e remova o seguinte (se houver):
Orbit Downloader
Free Download Manager
SpeedBit Video Downloader
Poste um os logs na resposta junto á um novo log HJT.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida
#7 Por wagnerdual20...
23/04/2010 - 19:37
Boa noite.
Fiz tudo que me disseram, Excluí os arquivos e programas sugeridos, fiz a verificação com o hijack e malw atualizados hj. Aí estão os logs :

www.malwarebytes.org

Versão da Base de Dados: 4028

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

23/4/2010 19:19:10
mbam-log-2010-04-23 (19-19-10).txt

Tipo de Verificação: Verificação Completa (A:\|C:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Objetos escaneados: 192817
Tempo decorrido: 1 hora(s), 10 minuto(s), 38 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:46, on 23/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)d
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\wagner henrique\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wagner henrique\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wagner henrique\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7258 bytes

Grato A TODOS que me ajudaram....
wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida
#9 Por wagnerdual20...
23/04/2010 - 20:00
Qual deles vc me recomenda ?? Observei que o AVG tem o link escaner, ferramenta muito útil aki,pois meus irmãos não sabem usar o anti vírus normal pra escanear arquivos. O avast também tem esta opção ? (eu tinha o avast 5 e achei uma porcaria )
Há, e obrigado pela atenção.
PS : já que vcs me ajudaram até aki, será que dava pra dar uma forcinha na sala " windows" ? estou com problemas de particionamento de hd....
Obrigado.
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#12 Por Espírita
23/04/2010 - 20:50
Esperava-se que isso poderia acontecer...

faça o download do wise registry cleaner:
http://www.baixaki.com.br/download/wise-registry-cleaner.htm

Instale o aplicativo., ao executá-lo selecione todas as opções a esquerda e clique em verificar. Encontrando erros selecione todos e clique em corrigir.

faça o download do advanced system care:
http://www.baixaki.com.br/download/advanced-systemcare.htm

* obs: caso desejes pode reinstalar o orbit downloader:
http://www.orbitdownloader.com/download.htm
Instale o aplicativo e efetue uma limpeza e otimização no sistema.
wagnerdual2010
wagnerdual20... Membro Junior Registrado
77 Mensagens 1 Curtida
#14 Por wagnerdual20...
24/04/2010 - 12:19
Obrigado pela colaboração de todos.
Sua ajuda foi bastante útil, e além do mais meu pc está normal de novo.
PS: quanto a instalação do gerenciador de down, eu já tinha reisntalado o orbit quando li o último post.
Ainda não testei o crome pra down depois disso, mas se o problema persistir eu reinstalo o navegador e pronto.
Não uso muito o gerenciador, apenas havia instalado por sugestão de algumas pessoas ( na verdade não notei muita diferença com relação ao gerenciador do navegador, exceto pelo fato de poder-se continuar um descarregamento mesmo depois de desligar a máquina ) e como google parou de fazer down depois que eu o excluí, tive que reinstalá-lo.
O mais engraçado é que esta versão do orbit é mais voltada ao firefox (eu também tinha criado associações com o mozzila e explorer) e o mesmo continuou fazendo os descarregamentos normais de que eu excuí o gerenciador (só por isso consegui baixar os programas sugeridos).
Mais uma vez eu agradeço a atenção de vcs e digo que foram de muita ajuda pra mim.
Sendo assim posso dizer que o caso está resolvido (exceto pelo problema de particionamento que citei anteriormente, mas isso não vem ao caso).
The End
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal