Notebook Lento suspeita de vírus!

Question

Boa noite a todos, Meu notebook est&aacute; muito lento e algumas vezes travando tudo o comodo firewal fica vez ou outra mostrando uma mensagem de v&iacute;rus e pedindo para reiniciar para desinvectar, j&aacute; passei o avaste e o avira e eles nada encontraram. Por Favor Algu&eacute;m pode me ajudar?!
Obrigado!

Answer

baixe o malwarebytes, execute espere ele atualizar e fa&ccedil;a uma verifica&ccedil;&atilde;o completa.

Answer

Blz
j&aacute; estou fazendo isto

Answer

UP!
O malwerebytes indentificou 33 arquivos invectados no system 32
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Vers&atilde;o da Base de Dados:  4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2011 01:43:44
mbam-log-2011-12-10 (01-43-44).txt

Tipo de Verifica&ccedil;&atilde;o:  Verifica&ccedil;&atilde;o Completa  (C:\|D:\|E:\|)
Objetos escaneados:  317837
Tempo decorrido: 2 hora(s), 22 minuto(s), 20 segundo(s)

Processos de Mem&oacute;ria Infectados:  0
M&oacute;dulos de Mem&oacute;ria Infectados:  0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados:  0
Pastas Infectadas:  1
Arquivos Infectados: 30

Processos de Mem&oacute;ria Infectados: 
(N&atilde;o foram detectados &iacute;tens maliciosos)

M&oacute;dulos de Mem&oacute;ria Infectados: 
(N&atilde;o foram detectados &iacute;tens maliciosos)

Chaves de Registro Infectadas:
(N&atilde;o foram detectados &iacute;tens maliciosos)

Valores de Registro Infectados:
(N&atilde;o foram detectados &iacute;tens maliciosos)

Itens de Dados no Registro Infectados: 
(N&atilde;o foram detectados &iacute;tens maliciosos)

Pastas Infectadas: 
C:\WINDOWS\system32\System32 (Trojan.Agent) -> No action taken.

Arquivos Infectados:
C:\WINDOWS\system32\System32\3DAudio.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\avrt.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\cis-2.4.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MACXMLProto.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MaDRM.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MaJGUILib.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MAMACExtract.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MASetupCleaner.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MaXMLProto.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\mfplat.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MK_Lyric.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MSCLib.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MSFLib.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MSLUR71.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\msvcp60.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MTTELECHIP.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\MTXSYNCICON.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzaf1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzapp.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzapp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzdecode.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzeffect.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzmp4sp.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzmpgsp.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzoggsp.ax (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\muzwmts.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\System32\psapi.dll (Trojan.Agent) -> No action taken.
[COLOR=Blue]O que eu fa&ccedil;o agora excluir sim ou n&atilde;o? e depois?
[/COLOR]

Answer

exclui todos!

depois baixe o hijackthis (aqui) execute espere ele gerar um log copie o texto do log e cole aqui

Answer

ok
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:21:43, on 10/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\cacaoweb\cacaoweb.exe
C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minituner.org/q/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa R&aacute;pido\IEBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conex&atilde;o do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe -h
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON_UD_START] C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe -UDCONNECT
O4 - HKLM\..\Run: [facemoods] C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast] C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [cacaoweb] C:\Arquivos de programas\cacaoweb\cacaoweb.exe -noplayer
O4 - HKCU\..\Run: [KiesPDLR] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [NBJ] C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Arquivos de programas\Samsung\Kies\KiesHelper.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=www.google.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD791807-F1DC-42ED-94B6-22D6B086EC4A}: NameServer = 192.168.1.254 8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:     C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Pr&eacute;-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Servi&ccedil;o do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: GetPDF Printing (Service1) - Unknown owner - C:\Arquivos de programas\GetPDF\GetPDFPrinting.exe

--
End of file - 12717 bytes

Answer

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2776682

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minituner.org/q/%s

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\bh\fac emoods.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

[COLOR=Indigo][COLOR=Navy]marque no hijackthis esses itens acima e clique em fix, reinicie o PC.Depois de reiniciar fa&ccedil;a novo log do hijacktis (cometi a falta de n&atilde;o lhe pedir para reiniciar o pc depois do escaneamento do mallwarebytes)
costuma usar algum limpador de registro tipo o ccleaner (aqui) ? pode usar depois do novo log...[/COLOR][/COLOR]

Answer

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:48:29, on 10/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\cacaoweb\cacaoweb.exe
C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa R&aacute;pido\IEBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conex&atilde;o do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe -h
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON_UD_START] C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe -UDCONNECT
O4 - HKLM\..\Run: [facemoods] C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast] C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [cacaoweb] C:\Arquivos de programas\cacaoweb\cacaoweb.exe -noplayer
O4 - HKCU\..\Run: [KiesPDLR] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [NBJ] C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Arquivos de programas\Samsung\Kies\KiesHelper.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=www.google.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:     C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Pr&eacute;-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Servi&ccedil;o do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: GetPDF Printing (Service1) - Unknown owner - C:\Arquivos de programas\GetPDF\GetPDFPrinting.exe

--
End of file - 11022 bytes

Answer

pode marcar e clicar em fix...

C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemo odssrv.exe

C:\Arquivos de programas\cacaoweb\cacaoweb.exe

R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
	
O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll

O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\prxtbBrot.dll
 
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemo odsTlbr.dll

O4 - HKLM\..\Run: [facemoods] C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.11\facemo odssrv.exe /md I

O4 - HKCU\..\Run: [KiesPDLR] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\Kie sPDLR.exe

v&aacute; em executar e digite - msconfig- na aba inicializa&ccedil;&atilde;o de programas, desmarque tudo deixando s&oacute; o antivirus...
houve alguma melhora no desempenho?

edit...
procure tamb&eacute;m no painel de controle (desinstalar programa) algum desses programas acima e desinstale.

Answer

Caytondesouza, Valeu as dicas!
o note est&aacute; bem melhor funcionando sem grandes problemas.
Muito Obrigado mesmo, Boas Festas!!!

Answer

que bom que est&aacute; melhor!
se desejar post novo do hijackthis...s&oacute; para ver se d&aacute; pra fazer mais alguma coisa...

por&eacute;m essa dica vc pode fazer que vai dar uma melhorada 
[COLOR=Navy]baixe e instale o ccleaner.
execute e localize a aba -ferramentas/programas iniciados com o/ coloque  como n&atilde;o as entradas que estiverem l&aacute; deixando sim somente o antivirus.
v&aacute; at&eacute; a aba limpeza e clique em -executar limpeza.
v&aacute; at&eacute; a aba reistro e clique em procurar erros/corrigir erros  selecionados/quando perguntar em fazer copia das altera&ccedil;&otilde;es dos  registros pode marcar que n&atilde;o/ e por fim corrigir os erros selecionados.[/COLOR]

Ferramentas

Mover Tópico