Remoção de vírus

Augusto_Zimmer · 16/11/2008

caro amigo mr.wolf, tae o log do hijack this de novo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:15, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\DSLink180U\Adsl\dslstat.exe
C:\Program Files\DSLink180U\Adsl\dslagent.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\Awc.exe
C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\DSLink180U\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\DSLink180U\Adsl\dslagent.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: DSLink 180U Dial-Up PPP Connection.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\vmware\vmware workstation\vsocklib.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9370907F-5A62-4807-877A-21F0867D212E}: NameServer = 201.10.1.2 201.10.120.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7963 bytes

Marcus FX · 16/11/2008

Meu amigo MR.Wolf o problema aqui é que quando instalo o Need For Speed Carbon e vou craquea-lo sempre aparece um vírus, o que deve ser isso ?

110 · 16/11/2008

Marcus FX disse:
Meu amigo MR.Wolf o problema aqui é que quando instalo o Need For Speed Carbon e vou craquea-lo sempre aparece um vírus, o que deve ser isso ?

Qual o teu anti virus? aqui eu uso o avira e maioria dos cracks ele acha um virus
maioria das vezes é alarme falso.

Mr.Wolf · 16/11/2008

Victor Paiva, seu log está limpo.

Há algum problema na máquina ainda?

_____________________________________________

hotsauce2007, vá em Iniciar > Executar, digite: services.msc e tecle Enter. Veja se na lista de serviços do Windows consta o item Comodo Internet Security Helper Service. Ou outro item que se refira ao Comodo. Se sim, dê um duplo clique e clique no botão Parar. Reinicie o PC e veja se o problema ainda ocorre.

______________________________________________

Opa Cauan.

Que eu saiba não existe configuração para o TeaTimer não. O que ele faz é ajudar a proteger seu sistema em tempo real. Protege seu registro do Windows contra alterações feitas por malwares. O programa que possui melhor proteção em tempo real é o Spybot (TeaTimer). Perceba quando for instalar algo na máquina, ele ficará o alertando das alterações.

E outra dúvida que tenho a tempos quando atualizado meu spy ele seleciona " BN Fileforum (Global) " é nesse que faço as atualizações corretas ? Aqui aparece bandeirinhas dos Estados Unidos, Alemanha, Europa.

Um Abraço e bom domingo !

É assim mesmo Cauan. Está correto.

Um abraço

Mr.Wolf · 16/11/2008

Augusto_Zimmer, o log está limpo.

Algum problema no computador?

_______________________________________________

Postado originalmente por Marcus FX

Meu amigo MR.Wolf o problema aqui é que quando instalo o Need For Speed Carbon e vou craquea-lo sempre aparece um vírus, o que deve ser isso ?

Marcus FX, a maioria dos antivirus detectam cracks como vírus. O que pode ser um falso-positivo, ou não!

Qual é o nome do vírus que seu antivirus está detectando o crack?

Augusto_Zimmer · 16/11/2008

Mr.Wolf disse:
Augusto_Zimmer, o log está limpo.

Algum problema no computador?

só queria confirmar mesmo que não tinha virus, o banrisul não tava entrando, deve ser algum problema deles. :]

qual o melhor antivirus grátis mr. wolf?

Mr.Wolf · 16/11/2008

Sem dúvidas, o melhor antivirus gratuito é o Avira Antivir meu amigo Agusto_Zimmer.

Cauan · 16/11/2008

Entendi, mas configuração pro próprio spyboy não tem ?

Augusto_Zimmer · 16/11/2008

Mr.Wolf disse:
Sem dúvidas, o melhor antivirus gratuito é o Avira Antivir meu amigo Agusto_Zimmer.

tem versão pt mr. wolf? valeu

Mr.Wolf · 16/11/2008

Cauan disse:
Entendi, mas configuração pro próprio spyboy não tem ?

Não tem Cauan, quer dizer, que eu saiba não amigo. O Spybot, na hora da instalação, configura com seu sistema automaticamente. Por incrível que pareça, quando não é instalado o TeaTimer precisa-se fazer uma configuração do scan do anti-spyware. Quando o TeaTimer é instalado, as configurações são automaticamente configuradas para seu computador.

Agora você pode configurar se quiser, por exemplo: agendar o scan em tal hora, colocar os arquivos que você não quer que o Spybot scaneie na lista de ignorados, ignorar cookies, estas coisas. Ou seja, uma configuração própria.

Se quiser pode dar uma olhada no link abaixo Cauan.
http://www2.eerp.usp.br/si/seguranca/manuais/spybot.htm

:thumbs_up

Mr.Wolf · 16/11/2008

Augusto_Zimmer disse:
tem versão pt mr. wolf? valeu

Não Augusto. O Avira é somente Inglês, Alemão, mesmo.

Infelizmente não existe versão em Português deste antivirus.

Cauan · 16/11/2008

Ah beleza entendi agora.

Outra coisa sempre que passo o spybot ele sempre acha os mesmos cookies nunca vi nada de spy mesmo.

Obrigado !

Myjy · 16/11/2008

Mr Wolf, analisa o meu log fazendo favor, já tentei de tudo para resolver o problema dele não desligar mais, ficar no shut Down e não desligar....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:20, on 16/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp325.exe
C:\Windows\vsnp325.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PlayTV MPEG 8000GT\PVRemote.exe
C:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\honestech\honestech TVR 2.5\honestechTV.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PVRemote.lnk = C:\Program Files\PlayTV MPEG 8000GT\PVRemote.exe
O4 - Global Startup: TVR Scheduler.lnk = C:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

Mr.Wolf · 16/11/2008

Myjy

Seu log está limpo.

Mr Wolf, analisa o meu log fazendo favor, já tentei de tudo para resolver o problema dele não desligar mais, ficar no shut Down e não desligar....

Isso é problema de hardware. Pode ser superaquecimento Myjy. Já verificou isso?

Scolari · 16/11/2008

Amigo wolf rodei o programa com as instruções que me mandaste.

Segue log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service admm7ffw .
========== FILES ==========
File/Folder D:\WINDOWS\system32\hgGxUlKB.dll not found.
File/Folder D:\WINDOWS\system32\pxqhyygq.dll not found.
File/Folder D:\WINDOWS\system32\hgGxUlKB not found.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\eqnamryi.dll
D:\WINDOWS\system32\eqnamryi.dll NOT unregistered.
D:\WINDOWS\system32\eqnamryi.dll moved successfully.
D:\WINDOWS\system32\pfmpjmys.ini moved successfully.
File/Folder D:\Qoobox not found.
D:\WINDOWS\system32\hlifxkfj.ini moved successfully.
File/Folder D:\WINDOWS\system32\eavhjg.dll not found.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\tugastbm.dll
D:\WINDOWS\system32\tugastbm.dll NOT unregistered.
D:\WINDOWS\system32\tugastbm.dll moved successfully.
D:\WINDOWS\system32\otxplgxa.ini moved successfully.
D:\WINDOWS\system32\vhwhfpwh.ini moved successfully.
D:\WINDOWS\system32\qgyyhqxp.ini moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\mkzfnx.dll
D:\WINDOWS\system32\mkzfnx.dll NOT unregistered.
D:\WINDOWS\system32\mkzfnx.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\hsulrine.dll
D:\WINDOWS\system32\hsulrine.dll NOT unregistered.
D:\WINDOWS\system32\hsulrine.dll moved successfully.
D:\WINDOWS\system32\eacmgivp.ini moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\vdlcvq.dll
D:\WINDOWS\system32\vdlcvq.dll NOT unregistered.
D:\WINDOWS\system32\vdlcvq.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\ufmactwm.dll
D:\WINDOWS\system32\ufmactwm.dll NOT unregistered.
D:\WINDOWS\system32\ufmactwm.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\pwkghp.dll
D:\WINDOWS\system32\pwkghp.dll NOT unregistered.
D:\WINDOWS\system32\pwkghp.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\novxlbmd.dll
D:\WINDOWS\system32\novxlbmd.dll NOT unregistered.
D:\WINDOWS\system32\novxlbmd.dll moved successfully.
D:\WINDOWS\system32\umqjvpxw.ini moved successfully.
D:\WINDOWS\system32\agfpulrb.ini moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\tixotl.dll
D:\WINDOWS\system32\tixotl.dll NOT unregistered.
D:\WINDOWS\system32\tixotl.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\ifcsgyfx.dll
D:\WINDOWS\system32\ifcsgyfx.dll NOT unregistered.
D:\WINDOWS\system32\ifcsgyfx.dll moved successfully.
D:\WINDOWS\system32\cowjcymq.ini moved successfully.
D:\WINDOWS\system32\0b7fa549-.txt moved successfully.
D:\WINDOWS\system32\BKlUxGgh.ini2 moved successfully.
D:\WINDOWS\system32\BKlUxGgh.ini moved successfully.
File/Folder D:\WINDOWS\system32\drivers\admm7ffw.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11162008_205235

Mais uma vez muito obrigado pela ajuda.
Grande abraço

Scolari · 16/11/2008

Ah Wolf eu li o log e vi que tinha algumas tasks pro Reboot mas como ele não pediu pra dar Reboot rodei as mesmas instruções novamente e dessa vez ele pediu Reboot.

Segue o segundo log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service admm7ffw .
========== FILES ==========
File/Folder D:\WINDOWS\system32\hgGxUlKB.dll not found.
File/Folder D:\WINDOWS\system32\pxqhyygq.dll not found.
File/Folder D:\WINDOWS\system32\hgGxUlKB not found.
File/Folder D:\WINDOWS\system32\eqnamryi.dll not found.
File/Folder D:\WINDOWS\system32\pfmpjmys.ini not found.
File/Folder D:\Qoobox not found.
File/Folder D:\WINDOWS\system32\hlifxkfj.ini not found.
File/Folder D:\WINDOWS\system32\eavhjg.dll not found.
File/Folder D:\WINDOWS\system32\tugastbm.dll not found.
File/Folder D:\WINDOWS\system32\otxplgxa.ini not found.
File/Folder D:\WINDOWS\system32\vhwhfpwh.ini not found.
File/Folder D:\WINDOWS\system32\qgyyhqxp.ini not found.
File/Folder D:\WINDOWS\system32\mkzfnx.dll not found.
File/Folder D:\WINDOWS\system32\hsulrine.dll not found.
File/Folder D:\WINDOWS\system32\eacmgivp.ini not found.
File/Folder D:\WINDOWS\system32\vdlcvq.dll not found.
File/Folder D:\WINDOWS\system32\ufmactwm.dll not found.
File/Folder D:\WINDOWS\system32\pwkghp.dll not found.
File/Folder D:\WINDOWS\system32\novxlbmd.dll not found.
File/Folder D:\WINDOWS\system32\umqjvpxw.ini not found.
File/Folder D:\WINDOWS\system32\agfpulrb.ini not found.
File/Folder D:\WINDOWS\system32\tixotl.dll not found.
File/Folder D:\WINDOWS\system32\ifcsgyfx.dll not found.
File/Folder D:\WINDOWS\system32\cowjcymq.ini not found.
File/Folder D:\WINDOWS\system32\0b7fa549-.txt not found.
File/Folder D:\WINDOWS\system32\BKlUxGgh.ini2 not found.
File/Folder D:\WINDOWS\system32\BKlUxGgh.ini not found.
File/Folder D:\WINDOWS\system32\drivers\admm7ffw.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11162008_205750

Files moved on Reboot...
File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Valeu!

Mr.Wolf · 16/11/2008

Scolari, delete a pasta C:\_OTMoveIt, por favor. Estas ferramentas devem ser rodadas apenas uma vez amigo Scolari. Pois se rodadas duas vezes, podem possivelmente "restaurar" as infecções removidas no script. Pois mesmo que o pc não tenha reiniciado na primeira vez, as infecções foram removidas com sucesso.

Siga as instruções abaixo dentro do spoiler Scolari.

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● No meio da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Em sua próxima resposta, cole os logs do Malwarebytes e do RSIT por favor amigo Scolari.

Como está a máquina Scolari?

Dr. J · 16/11/2008

Não entendo nada de antivirus, entao pesso a vcs.

NOD32 (que esta desatualizado a 32 dias) esta acusando um tanto de arquivo .exe de ter um virus chamado dundun.a.

aki vai o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:53, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABIT\uGuru\uGuru.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Documents and Settings\Gabriel\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\Gabriel\Application Data\Twain\Twain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gabriel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Gabriel\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Gabriel\Application Data\gadcom\gadcom.exe" 61A847B5BBF72816379B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Gabriel\Application Data\Twain\Twain.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c90ceee48dc1d8) (gupdate1c90ceee48dc1d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6970 bytes

Mr.Wolf · 16/11/2008

Dr. Strangelove

O NOD32 é um antivirus pago, provavelmente expirou a licença dele em seu sistema, caso não tenha comprado o programa - esteja usando a versão trial. O dundun é um File Infector. Infecta quase todos os .exe do Windows. Porém, de praxe, ele traz alguns backdoors para atrapalhar ainda mais sua remoção.

Siga corretamente os procedimentos abaixo dentro do spoiler (basta clicar no botão "Mostrar") Dr. Strangelove.

Sugiro que salve ou imprima estas instruções abaixo.

- Faça o download do SDFix e salve no desktop;

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.

Myjy · 16/11/2008

Hum, valeu Mr. Wolf, e quanto ao superaquecimento...hum..pode ser tb...vou monitorar melhor aqui....

Mr.Wolf · 16/11/2008

Myjy disse:
Hum, valeu Mr. Wolf, e quanto ao superaquecimento...hum..pode ser tb...vou monitorar melhor aqui....

Myjy, verifique a temperatura do processador. Estes problemas quando o computador desliga sozinho, geralmente são problemas na parte de hardware. Pode ser vírus também, mas quando é vírus, na maioria das vezes, o computador reinicia sozinho apenas. Entretanto, seu log do HijackThis está limpíssimo Myjy. Não há nenhum vírus na máquina.

Se quiser você pode abrir um tópico na área de Hardware aqui do fórum e relatar seu problema lá. Diga que não é vírus, os amigos lá poderão lhe ajudar melhor.

http://www.adrenaline.com.br/forum/forumdisplay.php?f=8

Se ainda assim, sua máquina continuar apresentando problemas, pode voltar aqui e faremos então uma verificação mais à fundo.

:thumbs_up

Dr. J · 16/11/2008

Mr.Wolf disse:
Dr. Strangelove

O NOD32 é um antivirus pago, provavelmente expirou a licença dele em seu sistema, caso não tenha comprado o programa - esteja usando a versão trial. O dundun é um File Infector. Infecta quase todos os .exe do Windows. Porém, de praxe, ele traz alguns backdoors para atrapalhar ainda mais sua remoção.

Siga corretamente os procedimentos abaixo dentro do spoiler (basta clicar no botão "Mostrar") Dr. Strangelove.

Sugiro que salve ou imprima estas instruções abaixo.

- Faça o download do SDFix e salve no desktop;

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.

Muito obrigado pela ajuda, mais apos baixar o programa ele nao instala de maneira alguma, mesmo desativando o antivirus. Parece que o arquivo e' imediatamente corrompido, ou owinrar foi corrormpido. Tah feia a coisa, pelo que pude perceber o problema espalhou para o meu notebook tmb, ambos estao fazendo logoff do windows, do nada, quase nenhum programa fuinciona, e jah aconteceu do mouse ficar louco e grudado no canto da tela, tudo em ambos os pcs.

Caso eu formate, seria seguro salvar os meus arquivos de media ou .rar, em dvds, ou esses arquivos tmb estariam infectados?

estaria o meu outro HD a salvo?

Scolari · 16/11/2008

Wolf seguem todos os logs conforme solicitado.
A máquina melhorou bastante durante esse processo de desinfecção. Os popouts já eram.

Malwaresbytes

Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

2008-11-16 21:41:40
mbam-log-2008-11-16 (21-41-40).txt

Scan type: Full Scan (D:\|)
Objects scanned: 70989
Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004466.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9212D3AF-A3C9-4721-B6D6-D602607397B7}\RP9\A0004474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

RSIT

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-16 21:45:30
Microsoft Windows XP Professionnel Service Pack 3
System drive D: has 11 GB (52%) free of 20 GB
Total RAM: 1918 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45, on 2008-11-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\VistaDrive\VistaDrive.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Documents and Settings\Administrateur\Bureau\RSIT.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folha.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esimo.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Edition Classic Plus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3C0591A7-E7B4-4F55-B400-E2465FDC2F9E} - D:\WINDOWS\system32\hgGxUlKB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://edinhoscolari.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: eavhjg.dll
O20 - Winlogon Notify: GbPluginBb - D:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8150 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0591A7-E7B4-4F55-B400-E2465FDC2F9E}]
D:\WINDOWS\system32\hgGxUlKB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"=D:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 280779]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CTHelper"=D:\WINDOWS\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"=D:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-24 18944]
"UpdReg"=D:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"Apoint"=D:\Program Files\Apoint2K\Apoint.exe [2008-06-01 196608]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\005c6137]
D:\WINDOWS\system32\pxqhyygq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eavhjg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=D:\Program Files\GbPlugin\gbieh.dll [2008-04-15 378696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
D:\WINDOWS\system32\hgGxUlKB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\gaminy\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Nexon\Combat Arms\NMService.exe"="D:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Nexon\Combat Arms\CombatArms.exe"="D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Nexon\Combat Arms\Engine.exe"="D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 2 months======

2008-11-16 21:45:30 ----D---- D:\rsit
2008-11-16 21:09:51 ----D---- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-11-16 21:09:45 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 21:09:45 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 19:21:05 ----D---- D:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-14 14:04:49 ----A---- D:\WINDOWS\system32\MRT.INI
2008-11-14 14:03:26 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-11-14 14:03:22 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-11-14 14:03:19 ----A---- D:\WINDOWS\imsins.BAK
2008-11-14 14:03:14 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs\PC Tools
2008-11-13 22:41:13 ----D---- D:\Program Files\Spyware Doctor
2008-11-13 22:41:13 ----D---- D:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-11-13 20:59:53 ----A---- D:\WINDOWS\system32\CF22555.exe
2008-11-13 20:55:38 ----A---- D:\WINDOWS\system32\CF21732.exe
2008-11-13 20:54:42 ----A---- D:\WINDOWS\system32\CF21549.exe
2008-11-13 20:28:08 ----D---- D:\WINDOWS\ERUNT
2008-11-13 20:25:39 ----A---- D:\WINDOWS\ntbtlog.txt
2008-11-13 00:32:13 ----A---- D:\WINDOWS\system32\CF11398.exe
2008-11-13 00:31:33 ----A---- D:\WINDOWS\system32\CF11261.exe
2008-11-13 00:14:48 ----D---- D:\WINDOWS\ERDNT
2008-11-13 00:14:43 ----A---- D:\WINDOWS\system32\CF7969.exe
2008-11-13 00:06:06 ----D---- D:\Program Files\Trend Micro
2008-11-07 13:06:19 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-05 22:28:36 ----D---- D:\Documents and Settings\All Users\Application Data\ESET
2008-10-23 23:32:25 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2008-10-15 20:00:02 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2008-10-15 19:59:59 ----HDC---- D:\WINDOWS\$NtUninstallKB956391$
2008-10-15 19:59:56 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2008-10-15 19:59:40 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2008-10-15 19:59:34 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2008-10-15 19:58:27 ----HDC---- D:\WINDOWS\$NtUninstallKB953155$
2008-10-09 13:32:28 ----A---- D:\WINDOWS\system32\avsda.dll
2008-10-09 13:32:27 ----D---- D:\Program Files\Avira
2008-10-03 12:16:14 ----RHD---- D:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-10-03 12:16:13 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2008-09-30 16:43:34 ----A---- D:\WINDOWS\system32\msxml4.dll
2008-09-30 12:42:10 ----D---- D:\Documents and Settings\All Users\Application Data\ATI
2008-09-30 12:27:46 ----N---- D:\WINDOWS\system32\ati2sgag.exe
2008-09-30 12:26:51 ----D---- D:\ATI
2008-09-29 14:40:50 ----D---- D:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2008-09-29 14:33:39 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2008-09-29 14:33:38 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\XAudio2_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\xactengine3_0.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2008-09-29 14:33:37 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\d3dx10_37.dll
2008-09-29 14:33:36 ----A---- D:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-29 14:33:18 ----D---- D:\WINDOWS\system32\DirectX
2008-09-29 14:33:12 ----D---- D:\WINDOWS\Logs
2008-09-28 22:03:46 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 2 months======

2008-11-16 21:45:42 ----D---- D:\Program Files\Mozilla Firefox
2008-11-16 21:45:33 ----D---- D:\WINDOWS\Temp
2008-11-16 21:45:32 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 21:45:18 ----D---- D:\WINDOWS\system32\drivers
2008-11-16 21:45:16 ----D---- D:\WINDOWS\system32\inetsrv
2008-11-16 21:43:14 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-11-16 21:42:31 ----D---- D:\WINDOWS\system32\Restore
2008-11-16 21:09:51 ----D---- D:\WINDOWS\Prefetch
2008-11-16 21:09:45 ----RD---- D:\Program Files
2008-11-16 20:52:36 ----D---- D:\WINDOWS\system32
2008-11-16 20:50:23 ----D---- D:\WINDOWS
2008-11-16 20:50:08 ----SHD---- D:\System Volume Information
2008-11-16 16:26:58 ----D---- D:\WINDOWS\system32\config
2008-11-16 11:32:07 ----D---- D:\WINDOWS\system32\CatRoot2
2008-11-14 14:05:31 ----SHD---- D:\WINDOWS\Installer
2008-11-14 14:05:30 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-14 14:04:06 ----D---- D:\WINDOWS\Debug
2008-11-14 14:03:28 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-11-14 14:03:28 ----HD---- D:\WINDOWS\inf
2008-11-14 14:03:26 ----HD---- D:\WINDOWS\$hf_mig$
2008-11-14 14:03:09 ----D---- D:\WINDOWS\WinSxS
2008-11-14 13:59:07 ----D---- D:\Program Files\Fichiers communs
2008-11-13 22:42:47 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 22:33:20 ----D---- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-11-13 21:12:08 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-13 21:03:22 ----D---- D:\WINDOWS\Minidump
2008-11-13 20:18:44 ----A---- D:\WINDOWS\NeroDigital.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\win.ini
2008-11-08 21:11:10 ----A---- D:\WINDOWS\system.ini
2008-11-08 21:11:00 ----D---- D:\WINDOWS\pss
2008-11-05 20:58:51 ----D---- D:\WINDOWS\system32\Logfiles
2008-11-04 21:50:15 ----D---- D:\WINDOWS\Help
2008-11-03 22:10:25 ----A---- D:\WINDOWS\system32\MRT.exe
2008-10-16 20:35:48 ----SD---- D:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- D:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- D:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- D:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- D:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- D:\WINDOWS\system32\wups.dll
2008-10-16 14:08:06 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- D:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- D:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- D:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 19:59:52 ----D---- D:\Program Files\Internet Explorer
2008-10-15 14:35:43 ----A---- D:\WINDOWS\system32\netapi32.dll
2008-10-13 19:29:01 ----D---- D:\Program Files\DAEMON Tools
2008-10-03 14:22:30 ----A---- D:\WINDOWS\system32\ieframe.dll
2008-10-03 12:11:55 ----HD---- D:\Program Files\InstallShield Installation Information
2008-10-02 22:02:53 ----RSD---- D:\WINDOWS\assembly
2008-09-30 12:30:39 ----D---- D:\Program Files\ATI Technologies
2008-09-30 12:28:03 ----D---- D:\WINDOWS\system32\ReinstallBackups
2008-09-28 21:55:53 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-13 75072]
R1 IKSysFlt;System Filter Driver; D:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; D:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 pctfw2;pctfw2; \??\D:\WINDOWS\system32\drivers\pctfw2.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; D:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-24 502272]
R3 ctaud2k;Creative Audio Driver (WDM); D:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-24 499584]
R3 ctprxy2k;Creative Proxy Driver; D:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-24 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-24 143872]
R3 emupia;E-mu Plug-in Architecture Driver; D:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-24 78336]
R3 ha20x2k;Creative 20X HAL Driver; D:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 ossrv;Creative OS Services Driver; D:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-24 116224]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 apati2ww;apati2ww; D:\WINDOWS\system32\drivers\apati2ww.sys []
S3 ApfiltrService;Alps Pointing-device Filter Driver; D:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-06-01 101833]
S3 ctdvda2k;Creative DVD-Audio Device Driver; D:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EagleNT;EagleNT; \??\D:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\D:\WINDOWS\gdrv.sys []
S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-23 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-23 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Sr;Pilote de filtre de restauration système; D:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 IISADMIN;Administration IIS; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 PDAgent;PDAgent; D:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-05-24 415248]
R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 W3SVC;Publication World Wide Web; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 PDEngine;PDEngine; D:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-05-24 734736]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-15 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-15 68952]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Mr.Wolf · 16/11/2008

Dr. Strangelove disse:
Muito obrigado pela ajuda, mais apos baixar o programa ele nao instala de maneira alguma, mesmo desativando o antivirus. Parece que o arquivo e' imediatamente corrompido, ou owinrar foi corrormpido. Tah feia a coisa, pelo que pude perceber o problema espalhou para o meu notebook tmb, ambos estao fazendo logoff do windows, do nada, quase nenhum programa fuinciona, e jah aconteceu do mouse ficar louco e grudado no canto da tela, tudo em ambos os pcs.

Caso eu formate, seria seguro salvar os meus arquivos de media ou .rar, em dvds, ou esses arquivos tmb estariam infectados?

estaria o meu outro HD a salvo?

Os arquivos provavelmente foram infectados sim Dr. Strangelove. Pois o dundun é um file infector, como disse anteriormente, ele infecta bastante .exe do Windows. Se fizer um backup dos arquivos, possivelmente a infecção irá junto sim.

Quanto à o outro HD estar salvo, creio que sim. Pois até hoje não vi muitos casos em que o vírus passava para a outra partição da máquina. Porém, não teria certeza disso, pois trata-se de um file infector.

O problema é que a ferramenta que removia o dundun - Win32 dundun Remover - foi retirada do ar, pois ao invés de retirar o vírus da máquina, infectava-o mais ainda.

Vamos ver se a ferramenta abaixo roda aí Dr. Strangelove.

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

OBS: Creio que o dundun corromperá também o ComboFix, mas veja se tem a sorte de conseguir rodá-lo aí.

Scolari · 16/11/2008

info.txt logfile of random's system information tool 1.04 2008-11-16 21:45:58

======Uninstall list======

-->"D:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:BRZ
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416 /remove
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416
-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
7-Zip 4.57-->"D:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5357
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 1.02-->D:\Program Files\BitComet\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Combat Arms-->"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Correctif pour Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Counter-Strike-->"D:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Software AutoUpdate-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416 /remove
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Informações do Sistema Creative-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416 /remove
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.8.0-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.17.5-->"D:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0261)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II - Retrofit Mod version 1.0-->"C:\Gamez\Medieval2\mods\retrofit\unins000.exe"
Medieval II Total War : Kingdoms : Americas-->D:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia-->D:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades-->D:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic-->D:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->D:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"D:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"D:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Micro 8.3.2.1-->"D:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Novo Dicionário Aurélio-->MsiExec.exe /X{498B4BF1-AD73-4AA8-99EB-18D400E42482}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u D:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
REALTEK GbE & FE Ethernet PCI NIC Driver-->D:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0416 -removeonly
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Seven Kingdoms AA Update-->D:\WINDOWS\IsUninst.exe -fc:\gamez\7K\Uninst.isu
Seven Kingdoms-->D:\WINDOWS\IsUninst.exe -fc:\gamez\7K\Uninst.isu
Sound Blaster X-Fi-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x416 /remove
SPORE™-->"D:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spyware Doctor 6.0-->D:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions-->D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vista Drive Indicator!-->rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\Vdrive.inf,uninstall
Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49, on 2008-11-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\VistaDrive\VistaDrive.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folha.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esimo.c.la/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Edition Classic Plus
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3C0591A7-E7B4-4F55-B400-E2465FDC2F9E} - D:\WINDOWS\system32\hgGxUlKB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://edinhoscolari.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: eavhjg.dll
O20 - Winlogon Notify: GbPluginBb - D:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8280 bytes

Obrigado de novo amigo!

Remoção de vírus

Hungry Member

All Rights Reserved.

Ou não

Malware Removal

Malware Removal

Hungry Member

Malware Removal

know-it-all Member

Hungry Member

Malware Removal

Malware Removal

know-it-all Member

know-it-all Member

Malware Removal

Hungry Member

Hungry Member

Malware Removal

know-it-all Member

Malware Removal

know-it-all Member

Malware Removal

know-it-all Member

Hungry Member

Malware Removal

Hungry Member

Users who are viewing this thread