Remoção de vírus

Pedrinn disse:
Nossa,sera que depois desse procedimento da uma melhorada ? :(
Clique para expandir...
Vamos ver...

Não é garantido! Como também não é garantido conseguirmos descontaminar o Sality do sistema!

Por isso pedi que fizesse o procedimento com a Internet desconectada. Além do mais, o Kaspersky Removal Tools deixa o computador lento quando está fazendo o scan, como um antivirus mesmo.
 
Segue o log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:51, on 22/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Tibia\Tibia.exe
C:\Arquivos de programas\winsic\sic.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WSSVC] C:\WINDOWS\system\smsc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4383 bytes
 
carolgsn disse:
Olá Mr. Wolf..

Segundo meus irmãos o pc tá lento... Mas só isso....
abraço....
Clique para expandir...
Tente desfragmentar a máquina Carol.

________________________________________


Rhyrioth, siga abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
 
Meu pc foi formatado há pouco tempo, mas o antivírus (Avira) não tava conseguindo atualizar. To há 12 dias sem antivírus atualizado e decidi baixar o kaspersky, acabei por descobrir atividade keylogger aqui e fiquei pensando se não pude ter sido contaminado nesse meio tempo. Queria uma ajuda ;)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:25, on 22/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\imgrdir\moniprot.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\imgrdir\services.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\namesys32.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [services] C:\WINDOWS\system32\imgrdir\services.exe
O4 - HKCU\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\moniprot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C365B74B-935E-4CA6-AEA9-94474F754339}: NameServer = 200.149.55.140,200.165.132.148
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~2\mzvkbd3.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8988 bytes
 
Mr.Wolf disse:
Amigo xcobrax, siga as instruções abaixo:

Baixe as duas ferramentas abaixo e salve-as no desktop, mas não execute-as ainda:

VundoFix
Avenger

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página.


1ª Etapa - Avenger

Desconecte-se da Internet, temporariamente.

OBS: Só rode o Avenger apenas uma vez. Se rodar a segunda, o script não servirá mais pois, os arquivos e entradas foram deletados ao rodar a primeira vez e o avenger.txt será sobrescrito.

- Extraia o arquivo da pasta Avenger.zip no desktop e dê um duplo clique em avenger.exe
- Feche todas as janelas abertas
- Copie este texto abaixo:

Código: 
Files to delete:
C:\WINDOWS\system32\xxyawxwW
C:\WINDOWS\system32\cbXPGYQK.dll
C:\WINDOWS\system32\ipbijc.dll
C:\WINDOWS\system32\xxyawxwW.dll
C:\WINDOWS\system32\aef3fee.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10af6fc4-6fe4-40aa-983f-300f4865c99e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1362FA57-36E1-41AB-9BF0-3F2D5777E58A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330a8aad-4b38-4426-9339-8d2ac02ceba6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPGYQK

Programs to launch on reboot:
C:\PEN\Arquivos\HijackThis.exe

- Abra o Avenger e clique no menu Load Script > Paste from Clipboard
- Veja se a caixa "Scan for rootkits" está marcada
- Clique no botão Execute > Yes > OK
- Seu computador será reiniciado
- Um log será gerado em C:\avenger.txt

Ao acabar de rodar o script e o PC ser reiniciado, o HijackThis irá abrir automaticamente. Clique em Do a system scan only, marque a entrada abaixo no log e clique no botão Fix Checked



Reinicie o PC normalmente. E após isto:


2ª Etapa - VundoFix

- Dê um duplo clique em VundoFix.exe para executar a ferramenta;
- Clique no botão Scan for Vundo e aguarde a verificação;
- Ao término, clique em OK. Caso a infecção seja encontrada, clique no botão Fix Vundo e confirme a remoção dos arquivos;
- Surgirá uma mensagem dizendo que seu computador será desligado, clique em OK e depois ligue-o novamente;
- É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar;
- Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo;
- Quando o VundoFix não encontrar mais nenhum arquivo, um relatório será encontrado em C:\Vundofix.txt.


3ª Etapa

Em sua próxima resposta, cole os logs do Avenger, VundoFix e um novo log do HijackThis amigo xcobrax.
_____________________________
Clique para expandir...

VundoFix V7.0.6
VundoFix V7.0.6

Scan started at 16:49:02 22/05/2009

Listing files found while scanning....

No infected files were found.

Avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\xxyawxwW" not found!
Deletion of file "C:\WINDOWS\system32\xxyawxwW" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\cbXPGYQK.dll" deleted successfully.
File "C:\WINDOWS\system32\ipbijc.dll" deleted successfully.
File "C:\WINDOWS\system32\xxyawxwW.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\aef3fee.dll" not found!
Deletion of file "C:\WINDOWS\system32\aef3fee.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10af6fc4-6fe4-40aa-983f-300f4865c99e}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10af6fc4-6fe4-40aa-983f-300f4865c99e}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1362FA57-36E1-41AB-9BF0-3F2D5777E58A}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1362FA57-36E1-41AB-9BF0-3F2D5777E58A}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330a8aad-4b38-4426-9339-8d2ac02ceba6}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPGYQK" deleted successfully.
Program "C:\PEN\Arquivos\HijackThis.exe" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 17:06:59, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE
C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\PEN\Arquivos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: {6abec20c-a2d8-9339-6244-83b4daa8a033} - {330a8aad-4b38-4426-9339-8d2ac02ceba6} - (no file)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: (no name) - {FBA85336-786B-4273-92BA-44769A1843ED} - C:\WINDOWS\system32\xxyawxwW.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Atalho para REDEIP.lnk = D:\REDEIP.BAT
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://grupooal.no-ip.info/goglobal/ggw-activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncoassociados.local
O17 - HKLM\Software\..\Telephony: DomainName = oncoassociados.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{6378C75F-48A8-4F00-B4A5-1BD413EDEF3D}: NameServer = 192.168.58.5,200.222.0.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncoassociados.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GO-Global Application Publishing Service - GraphOn Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
O23 - Service: GO-Global License Manager (GO-Global Server License Manager) - Macrovision Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\lmgrd.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MySql - Unknown owner - C:/Arquivos de programas/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 
Olá Johnn Y, seja bem vindo ao fórum!

Siga a instrução abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
OBS: Procure, temporariamente, não acessar muito sites e programas que peçam a introdução de dados pessoais como: Senhas e endereços de e-mail, Johnn Y.
 
xcobrax, siga abaixo. Trata-se do Virtumondo, um Trojan.Vundo bem complicado de remover.

Abra o HijackThis e clique em Do a system scan only. Marque estas entradas abaixo e clique em Fix checked:

O2 - BHO: {6abec20c-a2d8-9339-6244-83b4daa8a033} - {330a8aad-4b38-4426-9339-8d2ac02ceba6} - (no file)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: (no name) - {FBA85336-786B-4273-92BA-44769A1843ED} - C:\WINDOWS\system32\xxyawxwW.dll (file missing)
Clique para expandir...

- Baixe o VirtumundoBeGone e salve-o no desktop:

- Desative temporariamente seu antivírus;
- Reinicie o PC em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro no menu);
- Execute a ferramenta, clique em Start e siga as instruções. Aguarde!
- Ao término, o PC será reiniciado;
- Será criado um log no desktop chamado VBG.txt.

Copie e cole o conteúdo deste log em sua próxima resposta, juntamente com um novo log do HijackThis.
 
Mr.Wolf disse:
xcobrax, siga abaixo. Trata-se do Virtumondo, um Trojan.Vundo bem complicado de remover.

Abra o HijackThis e clique em Do a system scan only. Marque estas entradas abaixo e clique em Fix checked:



- Baixe o VirtumundoBeGone e salve-o no desktop:

- Desative temporariamente seu antivírus;
- Reinicie o PC em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro no menu);
- Execute a ferramenta, clique em Start e siga as instruções. Aguarde!
- Ao término, o PC será reiniciado;
- Será criado um log no desktop chamado VBG.txt.

Copie e cole o conteúdo deste log em sua próxima resposta, juntamente com um novo log do HijackThis.
Clique para expandir...

Meu pc não está iniciando em modo seguro, quando seleciono a opção ele rebuta, então passei o VirtumundoBeGone mesmo assim.


[05/22/2009, 17:22:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\caio\Desktop\VirtumundoBeGone.exe" )
[05/22/2009, 17:22:40] - Detected System Information:
[05/22/2009, 17:22:40] - Windows Version: 5.1.2600, Service Pack 3
[05/22/2009, 17:22:40] - Current Username: caio (Admin)
[05/22/2009, 17:22:40] - Windows is in NORMAL mode.
[05/22/2009, 17:22:40] - Searching for Browser Helper Objects:
[05/22/2009, 17:22:40] - BHO 1: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class)
[05/22/2009, 17:22:40] - Finished Searching Browser Helper Objects
[05/22/2009, 17:22:40] - Finishing up...
[05/22/2009, 17:22:40] - Nothing found! Exiting...

Logfile of HijackThis v1.99.1
Scan saved at 17:23:57, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\PEN\Arquivos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Atalho para REDEIP.lnk = D:\REDEIP.BAT
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://grupooal.no-ip.info/goglobal/ggw-activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncoassociados.local
O17 - HKLM\Software\..\Telephony: DomainName = oncoassociados.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{6378C75F-48A8-4F00-B4A5-1BD413EDEF3D}: NameServer = 192.168.58.5,200.222.0.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncoassociados.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GO-Global Application Publishing Service - GraphOn Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
O23 - Service: GO-Global License Manager (GO-Global Server License Manager) - Macrovision Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\lmgrd.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MySql - Unknown owner - C:/Arquivos de programas/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 
Ok, amigo xcobrax. Uma notícia boa: O Virtumondo foi desativado.

Não sei se ainda possui a ferramenta RSIT que lhe passei anteriormente aí xcobrax, mas caso tenha deletado-a, baixe-a aqui novamente:
http://images.malwareremoval.com/random/RSIT.exe

Execute a ferramenta e clique em Continue.

Cole os logs que serão gerados aqui, por gentileza.
 
Mr.Wolf disse:
Tente desfragmentar a máquina Carol.

________________________________________


Rhyrioth, siga abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
Clique para expandir...

Assim que eu conseguir baixar o combofix eu posto a resposta aqui, num sei se é a minha net mas esse link das instruções num ta abrindo)
No mais, bom fim de semana pra ti velho!
 
Muito Obrigado Amigo Mr.Wolf.

se não for tomar seu tempo, eu faço a analisae Antivirus Virtual!

OBRIGADO!
 
Mr.Wolf disse:
Ok, amigo xcobrax. Uma notícia boa: O Virtumondo foi desativado.

Não sei se ainda possui a ferramenta RSIT que lhe passei anteriormente aí xcobrax, mas caso tenha deletado-a, baixe-a aqui novamente:
http://images.malwareremoval.com/random/RSIT.exe

Execute a ferramenta e clique em Continue.

Cole os logs que serão gerados aqui, por gentileza.
Clique para expandir...

:yes:

Logfile of random's system information tool 1.06 (written by random/random)
Run by caio at 2009-05-22 17:32:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (40%) free of 56 GB
Total RAM: 959 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:14, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\PEN\Arquivos\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\caio\Desktop\Ferramentas Remoção\RSIT.exe
C:\Arquivos de programas\trend micro\caio.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Atalho para REDEIP.lnk = D:\REDEIP.BAT
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://grupooal.no-ip.info/goglobal/ggw-activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncoassociados.local
O17 - HKLM\Software\..\Telephony: DomainName = oncoassociados.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{6378C75F-48A8-4F00-B4A5-1BD413EDEF3D}: NameServer = 192.168.58.5,200.222.0.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncoassociados.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GO-Global Application Publishing Service - GraphOn Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe
O23 - Service: GO-Global License Manager (GO-Global Server License Manager) - Macrovision Corporation - C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\lmgrd.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/Arquivos de programas/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8199 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2147118445-725345543-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]
ssh2 Class - C:\Arquivos de programas\Scpad\scpsssh2.dll [2007-12-12 214272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\049da1a2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\WINDOWS\system32\CF17124.exe [2008-04-13 400896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.EXE [2006-06-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ENVIRONMENT]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Arquivos de programas\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-07-11 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]
C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTTray.exe [2006-05-12 581693]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
Post-it® Software Notes Lite.lnk - C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

C:\Documents and Settings\caio\Menu Iniciar\Programas\Inicializar
Atalho para REDEIP.lnk - D:\REDEIP.BAT
Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= []
"{10af6fc4-6fe4-40aa-983f-300f4865c99e}"=C:\WINDOWS\system32\ipbijc.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyawxwW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Arquivos de programas\Grisoft\AVG7\avgemc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Arquivos de programas\SmartFTP Client\SmartFTP.exe"="C:\Arquivos de programas\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\cm.exe"="C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\cm.exe:*:Enabled:GO-Global Cluster Manager"
"C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe"="C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe:*:Enabled:GO-Global Application Publishing Service"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\cm.exe"="C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\cm.exe:*:Enabled:GO-Global Cluster Manager"
"C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe"="C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe:*:Enabled:GO-Global Application Publishing Service"
"C:\Arquivos de programas\UltraVNC\vncviewer.exe"="C:\Arquivos de programas\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\utorrent.exe"="D:\utorrent.exe:*:Enabled:µTorrent"
"D:\utorrent 1.7.7.exe"="D:\utorrent 1.7.7.exe:*:Enabled:µTorrent"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a3fd80-41f7-11dd-8abc-001d7d8b9134}]
shell\AutoRun\command - F:\nideiect.com
shell\explore\command - F:\nideiect.com
shell\open\command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a3fd81-41f7-11dd-8abc-001d7d8b9134}]
shell\AutoRun\command - 1.exe 0o
shell\explore\command - 1.exe 0e
shell\open\command - 1.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38d27026-227f-11dd-8a7f-001d7d8b9134}]
shell\AutoRun\command - F:\nideiect.com
shell\explore\command - F:\nideiect.com
shell\open\command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4de6c7f-13e9-11de-a089-001d7d8b9134}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======File associations======

.js - open - "C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-05-22 16:49:02 ----A---- C:\VundoFix.txt
2009-05-22 16:49:01 ----D---- C:\VundoFix Backups
2009-05-22 16:44:07 ----D---- C:\Avenger
2009-05-22 16:44:07 ----A---- C:\avenger.txt
2009-05-22 11:29:12 ----D---- C:\Documents and Settings\caio\Dados de aplicativos\Opera
2009-05-22 11:29:05 ----D---- C:\Arquivos de programas\Opera
2009-05-22 10:10:18 ----A---- C:\vundo-bho.txt
2009-05-22 09:50:20 ----A---- C:\WINDOWS\system32\fsmuhdju.dll
2009-05-22 09:47:37 ----A---- C:\WINDOWS\system32\rptkkw.dll
2009-05-22 09:47:32 ----A---- C:\WINDOWS\system32\pjlcyabj.dll
2009-05-21 09:43:59 ----SD---- C:\Kombo-Fix
2009-05-21 09:35:47 ----A---- C:\WINDOWS\system32\zrcgwe.dll
2009-05-21 09:35:45 ----A---- C:\WINDOWS\system32\bujmhxoj.dll
2009-05-20 17:28:10 ----D---- C:\Arquivos de programas\trend micro
2009-05-20 17:28:09 ----D---- C:\rsit
2009-05-20 16:08:18 ----D---- C:\LinhaDefensiva
2009-05-20 09:28:14 ----A---- C:\WINDOWS\system32\ipqkxlkj.dll
2009-05-19 09:27:16 ----A---- C:\WINDOWS\system32\hbdyqh.dll
2009-05-19 09:27:14 ----A---- C:\WINDOWS\system32\rrbavgdk.dll
2009-05-18 13:44:19 ----D---- C:\Arquivos de programas\Geap - FSS
2009-05-18 09:28:16 ----A---- C:\WINDOWS\system32\hyidkz.dll
2009-05-18 09:28:14 ----A---- C:\WINDOWS\system32\hnkldatg.dll
2009-05-18 09:27:34 ----A---- C:\WINDOWS\system32\SYS32DLL.exe
2009-05-18 09:27:33 ----D---- C:\WINDOWS\system32\790151
2009-05-18 09:26:52 ----A---- C:\WINDOWS\p2hhr.bat
2009-05-18 09:26:45 ----A---- C:\WINDOWS\win32.exe
2009-05-18 09:26:43 ----AH---- C:\WINDOWS\ld08.exe
2009-05-18 09:25:54 ----A---- C:\WINDOWS\system32\oamoiypf.exe
2009-05-15 14:47:12 ----HD---- C:\Arquivos de programas\Scpad
2009-05-15 09:55:52 ----A---- C:\WINDOWS\system32\tomfdf.dll
2009-05-15 09:55:49 ----A---- C:\WINDOWS\system32\wkrqchrf.dll
2009-05-14 21:55:56 ----A---- C:\WINDOWS\system32\osbxyb.dll
2009-05-14 21:55:49 ----A---- C:\WINDOWS\system32\xdrihxyu.dll
2009-05-14 09:54:10 ----A---- C:\WINDOWS\system32\bartkt.dll
2009-05-14 09:54:08 ----A---- C:\WINDOWS\system32\ljjfxvix.dll
2009-05-13 09:28:51 ----A---- C:\WINDOWS\system32\hiadpp.dll
2009-05-13 09:28:48 ----A---- C:\WINDOWS\system32\fmxuidon.dll
2009-05-12 09:38:36 ----SH---- C:\WINDOWS\system32\ethakowc.ini
2009-05-12 09:36:38 ----A---- C:\WINDOWS\system32\wwphlr.dll
2009-05-12 09:36:34 ----A---- C:\WINDOWS\system32\rjcbkmuh.dll
2009-05-11 09:37:48 ----A---- C:\WINDOWS\system32\uxbkai.dll
2009-05-11 09:37:45 ----A---- C:\WINDOWS\system32\uefxlnmv.dll
2009-05-11 09:36:01 ----SH---- C:\WINDOWS\system32\ysastoht.ini
2009-05-08 13:21:16 ----SH---- C:\WINDOWS\system32\xdlkqiqx.ini
2009-05-08 13:19:01 ----A---- C:\WINDOWS\system32\oclzpk.dll
2009-05-08 13:18:59 ----A---- C:\WINDOWS\system32\wxrobtlc.dll
2009-05-07 09:33:43 ----SH---- C:\WINDOWS\system32\uisldrly.ini
2009-05-07 09:31:31 ----A---- C:\WINDOWS\system32\runifo.dll
2009-05-07 09:31:29 ----A---- C:\WINDOWS\system32\nqgitpmy.dll
2009-05-06 09:27:14 ----A---- C:\WINDOWS\system32\tlelyf.dll
2009-05-06 09:27:09 ----A---- C:\WINDOWS\system32\uvophgtv.dll
2009-05-06 09:27:04 ----SH---- C:\WINDOWS\system32\jpdragcm.ini
2009-05-05 09:33:40 ----A---- C:\WINDOWS\system32\hscbrb.dll
2009-05-05 09:33:33 ----A---- C:\WINDOWS\system32\lxidtpfd.dll
2009-05-05 09:31:39 ----SH---- C:\WINDOWS\system32\kgwokpre.ini
2009-05-04 09:30:11 ----A---- C:\WINDOWS\system32\uhjvhn.dll
2009-05-04 09:30:09 ----A---- C:\WINDOWS\system32\cyseolwo.dll
2009-05-04 09:28:15 ----SH---- C:\WINDOWS\system32\lsnaaljb.ini
2009-04-30 09:43:24 ----SH---- C:\WINDOWS\system32\qjhhohqh.ini
2009-04-30 09:41:27 ----A---- C:\WINDOWS\system32\ehfwoz.dll
2009-04-30 09:41:25 ----A---- C:\WINDOWS\system32\olepyntc.dll
2009-04-29 16:15:36 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2009-04-29 09:38:10 ----A---- C:\WINDOWS\system32\tmklrk.dll
2009-04-29 09:38:07 ----A---- C:\WINDOWS\system32\aqgntetn.dll
2009-04-29 09:35:43 ----SH---- C:\WINDOWS\system32\qonidsop.ini
2009-04-28 09:29:09 ----SH---- C:\WINDOWS\system32\ncevsshd.ini
2009-04-28 09:27:04 ----A---- C:\WINDOWS\system32\pozfpw.dll
2009-04-28 09:27:02 ----A---- C:\WINDOWS\system32\etklsgdn.dll
2009-04-27 09:36:30 ----SH---- C:\WINDOWS\system32\pvcwqjds.ini
2009-04-27 09:34:30 ----A---- C:\WINDOWS\system32\enjukz.dll
2009-04-27 09:34:28 ----A---- C:\WINDOWS\system32\gpcfngqn.dll
2009-04-24 09:46:10 ----A---- C:\WINDOWS\system32\mqzjec.dll
2009-04-24 09:46:08 ----A---- C:\WINDOWS\system32\tydtujkt.dll
2009-04-24 09:44:09 ----SH---- C:\WINDOWS\system32\aylqfdnr.ini

======List of files/folders modified in the last 1 months======

2009-05-22 17:25:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-22 17:23:25 ----D---- C:\WINDOWS\Temp
2009-05-22 17:23:10 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-05-22 17:22:56 ----D---- C:\WINDOWS\system32\ias
2009-05-22 17:19:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-22 16:49:12 ----D---- C:\WINDOWS
2009-05-22 16:46:54 ----HD---- C:\WINDOWS\system32\drivers
2009-05-22 16:44:07 ----D---- C:\WINDOWS\system32
2009-05-22 16:42:50 ----ASH---- C:\WINDOWS\system32\Wwxwayxx.ini
2009-05-22 16:40:37 ----ASH---- C:\WINDOWS\system32\Wwxwayxx.ini2
2009-05-22 14:46:00 ----D---- C:\WINDOWS\Prefetch
2009-05-22 11:29:12 ----SHD---- C:\WINDOWS\Installer
2009-05-22 11:29:05 ----RD---- C:\Arquivos de programas
2009-05-22 09:48:18 ----A---- C:\WINDOWS\system32\0fbe65dc-.txt
2009-05-21 09:43:59 ----D---- C:\QooBox
2009-05-20 15:55:58 ----D---- C:\EditorTiss
2009-05-20 15:08:14 ----A---- C:\WINDOWS\system32\zxrvbt.dll
2009-05-20 15:08:14 ----A---- C:\WINDOWS\system32\zagnih.dll
2009-05-20 15:08:14 ----A---- C:\WINDOWS\system32\yvhkyb.dll
2009-05-20 15:08:14 ----A---- C:\WINDOWS\system32\ygonynrl.dll
2009-05-20 15:08:14 ----A---- C:\WINDOWS\system32\xuvnjy.dll
2009-05-20 15:08:13 ----A---- C:\WINDOWS\system32\xhodomty.dll
2009-05-20 15:08:13 ----A---- C:\WINDOWS\system32\xhjrytcl.dll
2009-05-20 15:08:12 ----A---- C:\WINDOWS\system32\xcbobvwi.dll
2009-05-20 15:08:09 ----A---- C:\WINDOWS\system32\wrsppy.dll
2009-05-20 15:08:07 ----A---- C:\WINDOWS\system32\woeifg.dll
2009-05-20 15:08:05 ----A---- C:\WINDOWS\system32\wmhmcx.dll
2009-05-20 15:08:00 ----A---- C:\WINDOWS\system32\widtqgdg.dll
2009-05-20 15:07:54 ----A---- C:\WINDOWS\system32\vztffh.dll
2009-05-20 15:07:53 ----A---- C:\WINDOWS\system32\vvpqywdh.dll
2009-05-20 15:07:53 ----A---- C:\WINDOWS\system32\vooqhe.dll
2009-05-20 15:07:52 ----A---- C:\WINDOWS\system32\vjhqmu.dll
2009-05-20 15:07:50 ----A---- C:\WINDOWS\system32\vfbyat.dll
2009-05-20 15:07:50 ----A---- C:\WINDOWS\system32\vebguutx.dll
2009-05-20 15:07:43 ----A---- C:\WINDOWS\system32\uljtfg.dll
2009-05-20 15:07:39 ----A---- C:\WINDOWS\system32\tomabcma.dll
2009-05-20 15:07:39 ----A---- C:\WINDOWS\system32\tnvhdajl.dll
2009-05-20 15:07:36 ----A---- C:\WINDOWS\system32\thyjkfas.dll
2009-05-20 15:07:36 ----A---- C:\WINDOWS\system32\tectsl.dll
2009-05-20 15:07:36 ----A---- C:\WINDOWS\system32\tdojktvg.dll
2009-05-20 15:07:35 ----A---- C:\WINDOWS\system32\tbrsiikw.dll
2009-05-20 15:07:35 ----A---- C:\WINDOWS\system32\tbgetxyq.dll
2009-05-20 15:07:33 ----A---- C:\WINDOWS\system32\szmhoh.dll
2009-05-20 15:07:30 ----A---- C:\WINDOWS\system32\sskuskbw.dll
2009-05-20 15:07:18 ----A---- C:\WINDOWS\system32\scotru.dll
2009-05-20 15:07:16 ----A---- C:\WINDOWS\system32\rswitbig.dll
2009-05-20 15:07:15 ----A---- C:\WINDOWS\system32\rsaabt.dll
2009-05-20 15:07:14 ----A---- C:\WINDOWS\system32\rmwctiwm.exe
2009-05-20 15:07:12 ----A---- C:\WINDOWS\system32\rbhizr.dll
2009-05-20 15:07:10 ----A---- C:\WINDOWS\system32\qrtoxtdy.dll
2009-05-20 15:07:10 ----A---- C:\WINDOWS\system32\qqhuse.dll
2009-05-20 15:07:10 ----A---- C:\WINDOWS\system32\qpblhdul.dll
2009-05-20 15:07:10 ----A---- C:\WINDOWS\system32\qoajpvrl.dll
2009-05-20 15:07:09 ----A---- C:\WINDOWS\system32\qmhwbemn.dll
2009-05-20 15:07:02 ----A---- C:\WINDOWS\system32\pjsiqq.dll
2009-05-20 15:07:00 ----A---- C:\WINDOWS\system32\otejve.dll
2009-05-20 15:06:58 ----A---- C:\WINDOWS\system32\ohptxudf.exe
2009-05-20 15:06:38 ----A---- C:\WINDOWS\system32\nsvspqcm.dll
2009-05-20 15:06:38 ----A---- C:\WINDOWS\system32\npvefdhw.dll
2009-05-20 15:06:37 ----A---- C:\WINDOWS\system32\ngboykiq.dll
2009-05-20 15:06:21 ----A---- C:\WINDOWS\system32\mrwpevit.dll
2009-05-20 15:06:20 ----A---- C:\WINDOWS\system32\mrihpm.dll
2009-05-20 15:06:16 ----A---- C:\WINDOWS\system32\mnuthkyh.exe
2009-05-20 15:06:11 ----A---- C:\WINDOWS\system32\lrkycdqy.dll
2009-05-20 15:06:11 ----A---- C:\WINDOWS\system32\lqlqookg.dll
2009-05-20 15:06:07 ----A---- C:\WINDOWS\system32\kqgslg.dll
2009-05-20 15:06:07 ----A---- C:\WINDOWS\system32\koqgdwbg.dll
2009-05-20 15:06:07 ----A---- C:\WINDOWS\system32\kizosd.dll
2009-05-20 15:06:02 ----A---- C:\WINDOWS\system32\jajqih.dll
2009-05-20 15:06:02 ----A---- C:\WINDOWS\system32\izfiei.dll
2009-05-20 15:06:00 ----A---- C:\WINDOWS\system32\inrtbusw.dll
2009-05-20 15:06:00 ----A---- C:\WINDOWS\system32\inmsucol.dll
2009-05-20 15:05:54 ----A---- C:\WINDOWS\system32\ibibcism.dll
2009-05-20 15:05:53 ----A---- C:\WINDOWS\system32\hxrkwshv.exe
2009-05-20 15:05:53 ----A---- C:\WINDOWS\system32\htpiwx.dll
2009-05-20 15:05:53 ----A---- C:\WINDOWS\system32\hqxvtpav.dll
2009-05-20 15:05:52 ----A---- C:\WINDOWS\system32\hmddtw.dll
2009-05-20 15:05:51 ----A---- C:\WINDOWS\system32\hjuwtq.dll
2009-05-20 15:05:51 ----A---- C:\WINDOWS\system32\hjllorha.dll
2009-05-20 15:05:51 ----A---- C:\WINDOWS\system32\hhatrwuf.dll
2009-05-20 15:05:50 ----A---- C:\WINDOWS\system32\gxknlhnw.dll
2009-05-20 15:05:50 ----A---- C:\WINDOWS\system32\gwqiwl.dll
2009-05-20 15:05:49 ----A---- C:\WINDOWS\system32\gqyffvwf.dll
2009-05-20 15:05:49 ----A---- C:\WINDOWS\system32\gpqsdqnj.dll
2009-05-20 15:05:48 ----A---- C:\WINDOWS\system32\ggvmlu.dll
2009-05-20 15:05:47 ----A---- C:\WINDOWS\system32\gbhlwyaw.dll
2009-05-20 15:05:43 ----A---- C:\WINDOWS\system32\faiblcej.dll
2009-05-20 15:05:41 ----A---- C:\WINDOWS\system32\euoutz.dll
2009-05-20 15:05:40 ----A---- C:\WINDOWS\system32\ehfywv.dll
2009-05-20 15:05:40 ----A---- C:\WINDOWS\system32\efovbugi.dll
2009-05-20 15:05:40 ----A---- C:\WINDOWS\system32\ebimqjyr.exe
2009-05-20 15:05:39 ----A---- C:\WINDOWS\system32\dyofuujd.dll
2009-05-20 15:05:38 ----A---- C:\WINDOWS\system32\duforhci.dll
2009-05-20 15:05:31 ----A---- C:\WINDOWS\system32\dpcykngf.dll
2009-05-20 15:05:27 ----A---- C:\WINDOWS\system32\dfsswlro.dll
2009-05-20 15:05:05 ----A---- C:\WINDOWS\system32\camaix.dll
2009-05-20 15:05:02 ----A---- C:\WINDOWS\system32\btplvlvj.dll
2009-05-20 15:04:59 ----A---- C:\WINDOWS\system32\brjkkxnv.dll
2009-05-20 15:04:58 ----A---- C:\WINDOWS\system32\boagmv.dll
2009-05-20 15:04:58 ----A---- C:\WINDOWS\system32\bnfcgjoy.dll
2009-05-20 15:04:58 ----A---- C:\WINDOWS\system32\bjegzl.dll
2009-05-20 15:04:56 ----A---- C:\WINDOWS\system32\atxwar.dll
2009-05-20 15:04:48 ----A---- C:\WINDOWS\system32\acnofc.dll
2009-05-20 11:59:54 ----HD---- C:\WINDOWS\inf
2009-05-20 11:59:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-19 13:19:26 ----SHD---- C:\WINDOWS\CSC
2009-05-15 18:11:09 ----A---- C:\lsass.exe
2009-05-15 14:47:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-11 11:22:01 ----D---- C:\WINDOWS\Debug
2009-04-27 16:21:08 ----D---- C:\Documents and Settings\caio\Dados de aplicativos\Hamachi
2009-04-27 10:34:15 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-24 09:44:00 ----SH---- C:\WINDOWS\system32\iumxdpys.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R3 BTKRNL;Enumerador de barramento Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ggse;ggse; C:\WINDOWS\system32\DRIVERS\ggse.sys [2008-03-26 306176]
R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 ZSMC303;Webcam (Vimicro301 Neptune); C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-12-12 392396]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; C:\WINDOWS\system32\drivers\AVG Anti-Spyware Driver.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S3 btaudio;Dispositivo de áudio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Driver de comunicação virtual Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Driver de acesso à rede local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\DOCUME~1\caio\CONFIG~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-08 25280]
S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-10-29 5888]
S3 RTLWUSB;802.11g USB 2.0 WLAN Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 169472]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2009-01-06 22768]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe [2006-05-12 258103]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird 1.5.1\bin\fbguard.exe [2004-07-14 65536]
R2 GO-Global Application Publishing Service;GO-Global Application Publishing Service; C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\aps.exe [2008-03-26 1527808]
R2 IISADMIN;Serviço de administração do IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-11-27 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 W3SVC;Publicação na World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 WinVNC4;VNC Server Version 4; C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird 1.5.1\bin\fbserver.exe [2004-07-14 1527887]
R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 MySql;MySql; C:/Arquivos de programas/xampp/mysql/bin/mysqld-nt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-29 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GO-Global Server License Manager;GO-Global License Manager; C:\Arquivos de programas\GraphOn\GO-Global Server\Programs\lmgrd.exe [2006-01-06 974848]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
 
Malwarebytes
Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 1945
Windows 5.1.2600 Service Pack 3

22/5/2009 17:47:05
mbam-log-2009-05-22 (17-47-05).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 124437
Tempo decorrido: 21 minute(s), 59 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 2
Ítens do Registro infectados: 3
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
(Nenhum ítem malicioso foi detectado)

Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:19, on 22/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\imgrdir\moniprot.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\namesys32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\moniprot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C365B74B-935E-4CA6-AEA9-94474F754339}: NameServer = 200.149.55.140,200.165.132.148
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8204 bytes

Queria aproveitar e pedir uma ajuda sobre antivírus. Eu não sei qual usar... O kaspersky simplesmente deixa tudo lento aqui.
 
DaYWaLKeR disse:
Muito Obrigado Amigo Mr.Wolf.

se não for tomar seu tempo, eu faço a analisae Antivirus Virtual!

OBRIGADO!
Clique para expandir...
Que isso amigo DaYWaLKeR, de forma alguma tomará meu tempo com isso. Por favor, pode fazer o scan abaixo na Kaspersky, se quiser, e postar o log do relatório final aqui:

Tutorial:
http://www.linhadefensiva.org/forum/index.php?showtopic=74159

Abraço amigo :thumbs_up

__________________________________


xcobrax, delete a ferramenta ComboFix.exe caso ainda esteja aí. Em seguida peço que, por gentileza, anote as instruções abaixo e desconecte-se da Internet, pois em seu log consta um Trojan Downloader que está baixando e criando os Vundos de minuto em minuto, dificultando assim a remoção dos mesmos! :thumbs_up

Siga abaixo xcobrax:

Baixe o OTMoveIt3 e salve no desktop.

Salve ou imprima as instruções abaixo.

● Desconecte-se da Internet e desative seu antivirus temporariamente;
● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;
● Selecione e copie todo este texto aqui abaixo, sem pular nenhuma linha:

Código: 
:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\049da1a2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"=-
"{10af6fc4-6fe4-40aa-983f-300f4865c99e}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"C:\WINDOWS\system32\xxyawxwW"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a3fd80-41f7-11dd-8abc-001d7d8b9134}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a3fd81-41f7-11dd-8abc-001d7d8b9134}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38d27026-227f-11dd-8a7f-001d7d8b9134}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4de6c7f-13e9-11de-a089-001d7d8b9134}]

:Files
C:\WINDOWS\system32\xxyawxwW
C:\VundoFix.txt
C:\VundoFix Backups
C:\Avenger
C:\avenger.txt
C:\vundo-bho.txt
C:\WINDOWS\system32\fsmuhdju.dll
C:\WINDOWS\system32\rptkkw.dll
C:\WINDOWS\system32\pjlcyabj.dll
C:\Kombo-Fix
C:\WINDOWS\system32\zrcgwe.dll
C:\WINDOWS\system32\bujmhxoj.dll
C:\LinhaDefensiva
C:\WINDOWS\system32\ipqkxlkj.dll
C:\WINDOWS\system32\hbdyqh.dll
C:\WINDOWS\system32\rrbavgdk.dll
C:\WINDOWS\system32\hyidkz.dll
C:\WINDOWS\system32\hnkldatg.dll
C:\WINDOWS\system32\SYS32DLL.exe
C:\WINDOWS\system32\790151
C:\WINDOWS\p2hhr.bat
C:\WINDOWS\win32.exe
C:\WINDOWS\ld08.exe
C:\WINDOWS\system32\oamoiypf.exe
C:\WINDOWS\system32\tomfdf.dll
C:\WINDOWS\system32\wkrqchrf.dll
C:\WINDOWS\system32\osbxyb.dll
C:\WINDOWS\system32\xdrihxyu.dll
C:\WINDOWS\system32\bartkt.dll
C:\WINDOWS\system32\ljjfxvix.dll
C:\WINDOWS\system32\hiadpp.dll
C:\WINDOWS\system32\fmxuidon.dll
C:\WINDOWS\system32\ethakowc.ini
C:\WINDOWS\system32\wwphlr.dll
C:\WINDOWS\system32\rjcbkmuh.dll
C:\WINDOWS\system32\uxbkai.dll
C:\WINDOWS\system32\uefxlnmv.dll
C:\WINDOWS\system32\ysastoht.ini
C:\WINDOWS\system32\xdlkqiqx.ini
C:\WINDOWS\system32\oclzpk.dll
C:\WINDOWS\system32\wxrobtlc.dll
C:\WINDOWS\system32\uisldrly.ini
C:\WINDOWS\system32\runifo.dll
C:\WINDOWS\system32\nqgitpmy.dll
C:\WINDOWS\system32\tlelyf.dll
C:\WINDOWS\system32\uvophgtv.dll
C:\WINDOWS\system32\jpdragcm.ini
C:\WINDOWS\system32\hscbrb.dll
C:\WINDOWS\system32\lxidtpfd.dll
C:\WINDOWS\system32\kgwokpre.ini
C:\WINDOWS\system32\uhjvhn.dll
C:\WINDOWS\system32\cyseolwo.dll
C:\WINDOWS\system32\lsnaaljb.ini
C:\WINDOWS\system32\qjhhohqh.ini
C:\WINDOWS\system32\ehfwoz.dll
C:\WINDOWS\system32\olepyntc.dll
C:\WINDOWS\system32\tmklrk.dll
C:\WINDOWS\system32\aqgntetn.dll
C:\WINDOWS\system32\qonidsop.ini
C:\WINDOWS\system32\ncevsshd.ini
C:\WINDOWS\system32\pozfpw.dll
C:\WINDOWS\system32\etklsgdn.dll
C:\WINDOWS\system32\pvcwqjds.ini
C:\WINDOWS\system32\enjukz.dll
C:\WINDOWS\system32\gpcfngqn.dll
C:\WINDOWS\system32\mqzjec.dll
C:\WINDOWS\system32\tydtujkt.dll
C:\WINDOWS\system32\aylqfdnr.ini
:\WINDOWS\system32\Wwxwayxx.ini
C:\WINDOWS\system32\Wwxwayxx.ini2
C:\WINDOWS\system32\0fbe65dc-.txt
C:\QooBox
C:\WINDOWS\system32\zxrvbt.dll
C:\WINDOWS\system32\zagnih.dll
C:\WINDOWS\system32\yvhkyb.dll
C:\WINDOWS\system32\ygonynrl.dll
C:\WINDOWS\system32\xuvnjy.dll
C:\WINDOWS\system32\xhodomty.dll
C:\WINDOWS\system32\xhjrytcl.dll
C:\WINDOWS\system32\xcbobvwi.dll
C:\WINDOWS\system32\wrsppy.dll
C:\WINDOWS\system32\woeifg.dll
C:\WINDOWS\system32\wmhmcx.dll
C:\WINDOWS\system32\widtqgdg.dll
C:\WINDOWS\system32\vztffh.dll
C:\WINDOWS\system32\vvpqywdh.dll
C:\WINDOWS\system32\vooqhe.dll
C:\WINDOWS\system32\vjhqmu.dll
C:\WINDOWS\system32\vfbyat.dll
C:\WINDOWS\system32\vebguutx.dll
C:\WINDOWS\system32\uljtfg.dll
C:\WINDOWS\system32\tomabcma.dll
C:\WINDOWS\system32\tnvhdajl.dll
C:\WINDOWS\system32\thyjkfas.dll
C:\WINDOWS\system32\tectsl.dll
C:\WINDOWS\system32\tdojktvg.dll
C:\WINDOWS\system32\tbrsiikw.dll
C:\WINDOWS\system32\tbgetxyq.dll
C:\WINDOWS\system32\szmhoh.dll
C:\WINDOWS\system32\sskuskbw.dll
C:\WINDOWS\system32\scotru.dll
C:\WINDOWS\system32\rswitbig.dll
C:\WINDOWS\system32\rsaabt.dll
C:\WINDOWS\system32\rmwctiwm.exe
C:\WINDOWS\system32\rbhizr.dll
C:\WINDOWS\system32\qrtoxtdy.dll
C:\WINDOWS\system32\qqhuse.dll
C:\WINDOWS\system32\qpblhdul.dll
C:\WINDOWS\system32\qoajpvrl.dll
C:\WINDOWS\system32\qmhwbemn.dll
C:\WINDOWS\system32\pjsiqq.dll
C:\WINDOWS\system32\otejve.dll
C:\WINDOWS\system32\ohptxudf.exe
C:\WINDOWS\system32\nsvspqcm.dll
C:\WINDOWS\system32\npvefdhw.dll
C:\WINDOWS\system32\ngboykiq.dll
C:\WINDOWS\system32\mrwpevit.dll
C:\WINDOWS\system32\mrihpm.dll
C:\WINDOWS\system32\mnuthkyh.exe
C:\WINDOWS\system32\lrkycdqy.dll
C:\WINDOWS\system32\lqlqookg.dll
C:\WINDOWS\system32\kqgslg.dll
C:\WINDOWS\system32\koqgdwbg.dll
C:\WINDOWS\system32\kizosd.dll
C:\WINDOWS\system32\jajqih.dll
C:\WINDOWS\system32\izfiei.dll
C:\WINDOWS\system32\inrtbusw.dll
C:\WINDOWS\system32\inmsucol.dll
C:\WINDOWS\system32\ibibcism.dll
C:\WINDOWS\system32\hxrkwshv.exe
C:\WINDOWS\system32\htpiwx.dll
C:\WINDOWS\system32\hqxvtpav.dll
C:\WINDOWS\system32\hmddtw.dll
C:\WINDOWS\system32\hjuwtq.dll
C:\WINDOWS\system32\hjllorha.dll
C:\WINDOWS\system32\hhatrwuf.dll
C:\WINDOWS\system32\gxknlhnw.dll
C:\WINDOWS\system32\gwqiwl.dll
C:\WINDOWS\system32\gqyffvwf.dll
C:\WINDOWS\system32\gpqsdqnj.dll
C:\WINDOWS\system32\ggvmlu.dll
C:\WINDOWS\system32\gbhlwyaw.dll
C:\WINDOWS\system32\faiblcej.dll
C:\WINDOWS\system32\euoutz.dll
C:\WINDOWS\system32\ehfywv.dll
C:\WINDOWS\system32\efovbugi.dll
C:\WINDOWS\system32\ebimqjyr.exe
C:\WINDOWS\system32\dyofuujd.dll
C:\WINDOWS\system32\duforhci.dll
C:\WINDOWS\system32\dpcykngf.dll
C:\WINDOWS\system32\dfsswlro.dll
C:\WINDOWS\system32\camaix.dll
C:\WINDOWS\system32\btplvlvj.dll
C:\WINDOWS\system32\brjkkxnv.dll
C:\WINDOWS\system32\boagmv.dll
C:\WINDOWS\system32\bnfcgjoy.dll
C:\WINDOWS\system32\bjegzl.dll
C:\WINDOWS\system32\atxwar.dll
C:\WINDOWS\system32\acnofc.dll
C:\lsass.exe
C:\WINDOWS\system32\iumxdpys.ini

:Services

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

● Cole o que você copiou no programa (no espaço em branco da janela);
● Clique no botão MoveIt;
● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

gere também um novo log do RSIT e cole-o junto com o do OTMoveIt3.
 
Johnn Y, já que não quer o Kaspersky (que é um dos melhores antivirus do mercado), recomendo um destes: NOD32, Avira AntiVir, G-DATA ou Norton 2009. Se olhar pelo lado de leveza e desempenho do computador, NOD32 e Avira são os melhores.

Siga abaixo Johnn Y:

- Faça o download do Avenger e salve-o no desktop;

● Extraia o conteúdo do zip para o desktop;
● Selecione e copie o texto aqui abaixo:

Files to delete:
C:\WINDOWS\system32\imgrdir\namesys32.exe
C:\WINDOWS\system32\imgrdir\moniprot.exe

Folders to delete:
C:\WINDOWS\system32\imgrdir
C:\Arquivos de programas\AskBarDis
Clique para expandir...

● Execute o programa Avenger, dando dois cliques em avenger.exe;
● Clique no menu Load Script > Paste from Clipboard;
● Clique no botão Execute > Yes > OK;
● Seu computador será reiniciado;
● Será gerado um log em C:\avenger.txt

Após o computador ser reiniciado, execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo e clique em Fix checked:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\namesys32.exe
O4 - HKCU\..\Run: [moniprot] C:\WINDOWS\system32\imgrdir\moniprot.exe
Clique para expandir...
Clique em Sim na mensagem.

Poste o log do Avenger, juntamente com um novo log do HijackThis.
 
Avenger
*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\imgrdir\namesys32.exe" not found!
Deletion of file "C:\WINDOWS\system32\imgrdir\namesys32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\imgrdir\moniprot.exe" deleted successfully.
Folder "C:\WINDOWS\system32\imgrdir" deleted successfully.
Folder "C:\Arquivos de programas\AskBarDis" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:37, on 22/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C365B74B-935E-4CA6-AEA9-94474F754339}: NameServer = 200.149.55.140,200.165.132.148
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7982 bytes

Vou baixar o Nod32, usei ele durante muito tempo. O Kaspersky consome mais de 80% da minha ram.
 
Johnn Y, delete a pasta C:\avenger.zip e o arquivo avenger.txt.

Execute o HijackThis e clique em Do a system scan only. Marque estas entradas abaixo e clique no botão Fix checked

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing)
Clique para expandir...
Clique em Sim na mensagem e feche a ferramenta.

No mais, o log está limpo :)

Algum problema ainda?
 
Mr.Wolf disse:
Olá вяυиασ 1988, seja bem vindo ao fórum!

Este problema de blue screen é característico de defeito físico realmente (hardware), já deu uma verificada na placa de vídeo também?

Porém como você disse que já testou as peças, levou em uma assistência técnica e, ainda assim nada foi constatado, podemos suspeitar de vírus sim.

Estes dois arquivos que baixou via torrent, por acaso, tratam-se de cracks, keygens, patchs de jogos ou algo tipo? Por favor, gere e poste um log do HijackThis conforme instruções abaixo no spoiler amigo вяυиασ 1988:

- Baixe o HijackThis e extraia-o para uma pasta própria em C:.
- Execute o HijackThis e clique em Do a system scan and a save logfile.
- Será gerado um log no bloco de notas. Copie e cole-o aqui.
_____________________________
Clique para expandir...

Dae cara vlws pela resposta rapida..... :snap:
Tipo ja olhei a placa de video sim fiz um check-up completo no pc q sei mecher bem com hardware e ainda levei no meu tio q eh tecnico em informatica e ele me disse q problema de hardware.....ele disse q acha q o problema eh virus entao.......o hardware ta em perfeito estado msm.......
E tipo os arquivos q baixei na verdade nao sao cracks nem key gens,patches nada disso nao....
Foram 2 programas compactados em rar ,um programa eh o babylon tradutor e o outro eh um objectdock q veio com temas e akelas firolas de alterar o windows,wallpapers e tal ta ligado?? tem um outro programinha q veio tb q era pra muda o wallpaper sozinho mais instalei e desinstalei....
Isso tem relaçao com virus sera??
Seguinte baixei o hijackthis e quando executei ele deu blue screen dei enter e funfou normal,nao sei se isso fode alguma coisa mais de qualquer modo vou postar o baguio pra vc aqui pq num entendi nada desse negocio....

Vlws aew camarada......;)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32:12, on 23/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\mIRC\mirc.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)Need for Speed Underground 2\speed2.exe
C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\MiniMind\MiniMind.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files (x86)\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: MiniMinder.lnk = C:\Program Files (x86)\MiniMind\MiniMind.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [JWDSearch] JWord ƒvƒ‰ƒOƒCƒ“
O13 - Gopher Prefix:
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EE6B48-5B52-494A-93E2-C97B23939C93}: NameServer = 200.169.116.22 200.169.116.23
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adia lhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8439 bytes
 
Amigo Mr.WOLF

No malware has been detected. The scan area is clean.


Obrigado! até
 
Olá pessoal, boa tarde!


вяυиασ 1988, seu log apresenta cinco entradas indeterminadas que teremos que verificá-las. Siga a instrução do spoiler abaixo вяυиασ 1988 (basta clicar em Mostrar):

Baixe o Autoruns e salve-o no desktop;

- Extraia os arquivos do zip no desktop. Clique com o botão direito no arquivo autorunsc.exe, selecione Executar como Administrador e clique em Agree;
- Logo em seguida, execute o arquivo autoruns.exe e aguarde a verificação inicial;
- Clique no menu Options e marque as seguintes opções: Include Empty Locations, Hide Windows Entries e Verify Code Signatures;
- Tecle F5 e miniminize e clique no menu File > Save. Salve o arquivo com a extensão .txt em seu desktop.

Poste o conteúdo deste log em sua próxima resposta вяυиασ 1988.
_______________________________________


Pedrinn, você desativou a restauração do sistema como lhe passei anteriormente? Siga a instrução no spoiler abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
PS.: Como está o computador Pedrinn? O Kaspersky Removal Tool desinfectou a maioria dos arquivos contaminados pelo Sality.

_______________________________________


Amigo DaYWaLKeR esta mensagem quer dizer que não há nenhum vírus/malware em seu computador. Apenas nos confirma que seu PC está limpo.

Portanto fique bem tranquilo DaYWaLKeR, porque vírus seu computador não tem. :)

Alguma coisa em que eu possa lhe ajudar ainda caro amigo?
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 6 (membros: 0, visitantes: 6)
Voltar
Topo