Remoção de vírus

R@mon · 21/03/2010

Olá

Aqui está o Log que me pediu pra Te passar. Antes de criar o Log apareceu essa Mensagem é assim mesmol??

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Program Files\BrOffice.org 2.2\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

R@mon · 21/03/2010

Olá

Aqui está o Log que me pediu pra Te passar. Antes de criar o Log apareceu essa Mensagem é assim mesmol??

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Program Files\BrOffice.org 2.2\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Mr.Wolf · 21/03/2010

Log incompleto.

Por favor, poste-o na íntegra.

R@mon · 21/03/2010

Mais só Apareceu-me isso no Bloco De Notas :|

Está errado??

Mr.Wolf · 21/03/2010

Veja se desabilitando o UAC dá certo.

R@mon · 21/03/2010

Desativei o Uac e acho que agora está Tudo Certo ^^

É isso mesmo??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:12, on 21/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\PhotoScape\PhotoScape.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\BrOffice.org 2.2\program\soffice.exe
C:\Program Files\BrOffice.org 2.2\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
D:\Jogos Ramon\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Program Files\BrOffice.org 2.2\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8661 bytes

Mais aquela Mensagem de Erro apareceu denovo.

Obrigado Colega

Mr.Wolf · 21/03/2010

• Baixe o FixPolicies e salve no desktop.

• Execute o FixPolicies.exe como administrador e clique em Install.

• Entre dentro da pasta FixPolicies e execute o arquivo Fix_Policies.cmd. Abrirá uma tela preta do DOS que será fechada rapidamente, apenas aguarde.

Veja se consegue executar o registro e o gerenciador.

R@mon · 21/03/2010

Olá

Fiz isso e Eles continuam Desativados

Mr.Wolf · 21/03/2010

Faça o download do RRT.

Execute o RRT.exe e clique no botão Enable All.

Veja se voltam ao normal.

R@mon · 21/03/2010

Pensei que tinha dado mais não Deu também. A Mensagem de que o Administrador Desativou sumiu agora. Mais Eles ainda não Abrem.

Posso Reativar o Uac denovo??

Muito Obrigado pela sua Ajuda Mr. Wolf

Mr.Wolf · 21/03/2010

R@mon disse:
Posso Reativar o Uac denovo??

Se não sobrestar as atividades das ferramentas, sim.

Vá em Iniciar > Executar (ou Start > Run, se seu Windows for Inglês). Digite os quatro comandos abaixo (a partir de REG) na caixa, um de cada vez, e dê um OK.

Código:

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskmgr /t REG_DWORD /d 0 /f

Código:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskmgr /t REG_DWORD /d 0 /f

Código:

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Código:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Veja então.

R@mon · 21/03/2010

Deu Certo

Eles voltaram a Funcionar.

\../

Muito Obrigado ^^

Mr.Wolf · 21/03/2010

Acesse o registro e caminhe nas seguintes chaves:

Código:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\[B][COLOR="Blue"]Protocol_Catalog9[/COLOR][/B] <- [B]Clique sobre esta chave[/B]

Ao lado direito do painel, observe e anote (ou tire um print screen) apenas o nome dos valores que aparecem. Descarte os dados e tipos dos valores.

R@mon · 21/03/2010

Anotei os Nomes exatamente como Voce falou e tem isso lá

(Padrão)
Next_Catalog_Entry_ID
Num_Catalog_Entries
Serial_Acess_Num
SDRR_UH_ID
Conection_LAN_ID
NET_Deluxe_IDIP
Catalog_Conection_Type
LDSS_Conect_YHU

Eu tirei Print mais não estou conseguindo Postar a Imagem aqui.

Mr.Wolf · 21/03/2010

R@mon disse:
SDRR_UH_ID
LDSS_Conect_YHU

Aqui está o problema com sua conexão. Dois backdoors. Provavelmente, outras chaves do registro referentes à sua conexão foram afetadas também.

Considere fortemente a utilização de um firewall. Sugiro até que instale um imediatamente.

Siga abaixo:

- Faça o download do MBAM e salve-o no desktop;

● Instale o programa e selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta.

R@mon · 21/03/2010

Nossa vou Instalar já, posso Instalar agora mesmo né? Eu tava querendo Instalar uma Firewall mesmo mais não sabia qual Instalava. Qual Voce me aconselha?? Se for Pago melhor ainda

. Eu ia Pegar o Kapersky Internet Security. Essa é Bom??

Já que eu Posto o Log do Malwarebytes.

R@mon · 21/03/2010

LOG MALWAREBYTES

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3895
Windows 6.0.6001 Service Pack 2

21/03/2010 18:59:35
mbam-log-2010-03-21 (18-59-35).txt

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|)
Objetos verificados: 160259
Tempo decorrido: 56 minute(s), 40 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 8
Valores do Registro infectados: 2
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 5

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETSERVICE (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netservice (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{64fchu6i-9mnj-k1we-bbaa-5tvbjnklj87uj} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{64fchu6i-9mnj-k1we-bbaa-5tvbjnklj87uj} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\hnet (Backdoor.DDoS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\SDRR_UH_ID (Backdoor.DDoS) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Program Files\ffvfw\ff_wmv9.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Ramon Fortim\AppData\Roaming\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\jnskf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wstf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ActMon.ini (Spyware.ActMon) -> Quarantined and deleted successfully.

Voltei naquela Chave do Registro e o Nome LDSS_Conect_YHU continua lá. O outro Sumiu.

R@mon · 21/03/2010

Até o momento minha Conexão caiu mais

Obrigado mesmo

AHHHH acabou de cair denovo :x

Que saco

Tello · 22/03/2010

Salve Mr. Wolf! Há um bom tempo que não apareço. Tudo bom ?

Seguinte cara, a titulo de curiosidade fui passar o BankerFix aki, e ele encontrou um msnmsg.exe e removeu, blza.

Daí fui passar o Malwarebytes, só alegria... apareceram mais de 10 vírus cara...

vou postar o log do Malwabytes, e em segui o do hijack após a exclusão dos virus pelo Malwabytes (já removi tudo da 40ena):

Malwarebytes:

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3898

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/3/2010 09:47:29

mbam-log-2010-03-22 (09-47-29).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 272941

Tempo decorrido: 31 minute(s), 33 second(s)

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 1

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 7

Processos da Memória infectados:

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\22qkk9i5__s- (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e308e2b9-1963-0776-67cb-14e049a2e655} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e308e2b9-1963-0776-67cb-14e049a2e655} (Adware.AdRotator) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Documents and Settings\Informática\Configurações locais\Temp\nsy267.tmp\downloads\31170220.ex_ (Adware.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Informática\Configurações locais\Temporary Internet Files\Content.IE5\UTJI53NR\setup[1].exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Informática\Meus documentos\Everton\pen\SOUND_FORGE_7\KEYGEN.EXE (Trojan.Downloader) -> Not selected for removal.

C:\WINDOWS\system32\22QkK9i5__S-.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\H8-navOI91-_.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:59:58, on 22/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Documents and Settings\Informática\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus TX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE /FU "C:\WINDOWS\TEMP\E_S5E.tmp" /EF "HKCU"

O4 - HKLM\..\Policies\Explorer\Run: [XPRTRFVB] C:\WINDOWS\system32\msnmsg.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunApp.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O22 - SharedTaskScheduler: LkviridiKey - {EE297EDF-DB07-44B4-9C93-D05BC4C0AF1D} - C:\WINDOWS\system32\lkviridi.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 10344 bytes

DETALHE: qndo inicio o micro, dá um erro relacionado ao csrcs.exe ...

GRATO desde já amigo!

ATIprogamer · 22/03/2010

E a respeito do meu log !?? oO

Mr.Wolf · 22/03/2010

R@mon, abra o MBAM e clique em Quarentena. Selecione o arquivo abaixo e clique no botão Restaurar:

C:\Program Files\ffvfw\ff_wmv9.dll

O arquivo é legítimo.

Baixe o Registry Search e extraia-o no desktop.

Execute como administrador o arquivo regsearch.exe.
No campo em branco, escreva LDSS_Conect_YHU e clique em OK. Pode demorar um pouco!
Ao término, o Bloco de Notas abrirá com o resultado.

Cole-o aqui.

_______________________________________________

Opa Tello, tudo bom e você?

O msnmsg.exe ainda está em sua máquina. Este trojan banker é um pouco mais perigoso que os demais porque ele age de maneira instantânea. Recomendo que procure um PC limpo e troque as senhas que foram digitadas nesse computador.

O csrcs.exe é um trojanzinho antigo que geralmente é instalado pelo Worm.Autorun. Se o recurso autorun encontra-se ativado em seu sistema, aconselho desativá-lo.

Tenho um leve pressentimento de que seu Explorer.exe esteja contaminado Tello. Se realmente estiver, não adianta removermos as outras infecções, pois com o uso de um processo contaminado (principalmente o Explorer.exe, que é crucial ao Windows), o sistema reinfectará em poucos minutos.

Siga abaixo:

1ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

2ª Etapa

Faça o download do X-RayPc e salve no desktop.

Extraia o arquivo do zip no desktop e execute-o.
No canto superior direito, marque os itens: Details Section e Expert Columns.
Clique em Online Analyser e depois em Save Log.

Salve o X-RayPc.log no desktop e poste-o em sua próxima resposta, junstamente com o do ComboFix.

OBS: O log dele é um pouco semelhante ao do HijackThis. Mas contém outras informações necessárias que eu preciso saber.

_______________________________________________

ATIprogamer, pelo que vi em seu log, ele está limpo. Iria te pedir que postasse um log mais recente. Mas, creio que será desnecessário, visto que, se fosse realmente um malware que estivesse provocando este problema em seu computador, já constaria no log anterior.

Já averigou se em modo seguro o problema ocorre?

R@mon · 22/03/2010

Olá

Fiz como Voce pediu Mr. Wolf. Restaurei o Arquivo da Quarentena e fiz o Log do Registry Seach.

O Resultado é esse

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 22/03/2010 19:09:35 for strings:
; 'ldss_conect_yhu'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Enum\LDSS_Conect_YHU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters]
"LDSS_Conect_YHU"="C:\\WINDOWS\\system32\\Hidem\\lawf.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9]
"LDSS_Conect_YHU"="C:\\WINDOWS\\system32\\Hidem\\paopm.exe"

[HKEY_CURRENT_USER\RemoteAcess]
"LDSS_Conect_YHU"="C:\\WINDOWS\\HaCkTo000.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager]
"LDSS_Conect_YHU"="C:\\WINDOWS\\HaCkTo001.exe"

; End Of The Log...

Só uma Duvida. Instalei a Firewall Online Armor pq vi muita Gente falando que Ele é bom. Ele é bom mesmo?? Elel está apítando sem parar aqui. E isso está prejudicando minha Conexão com a Internet. É normal??

Tello · 23/03/2010

Tudop bem por aqui tbm!

Olha só Mr., o ComboFix não reiniciou o PC automaticamente como vc disse q aconteceria. No máximo q ele fez foi parar o explorer.exe e comçar de novo... mas o log foi gerado normalmente mesmo sem reiniciar a máquina. Segue os logs.

ComboFix:

ComboFix 10-03-22.03 - Informática 23/03/2010 8:45.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1919.1370 [GMT -3:00]

Executando de: c:\documents and settings\Informática\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Informática\Meus documentos\Minhas músicas\Hard & JumpStyle\_desktop.ini

c:\windows\system32\csrcs.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-23 to 2010-03-23 ))))))))))))))))))))))))))))

.

2010-03-22 14:09 . 2010-03-22 14:14 -------- d-----w- c:\arquivos de programas\CCleaner

2010-03-22 11:57 . 2010-03-22 14:07 -------- d-----w- C:\LinhaDefensiva

2010-03-19 13:57 . 2010-03-19 13:57 -------- d-----w- c:\arquivos de programas\Microsoft Research

2010-03-18 16:56 . 2010-03-18 16:56 -------- d-----w- C:\BrowserPlusPlugins

2010-03-15 11:11 . 2010-03-15 11:11 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-03-15 11:11 . 2010-03-15 11:11 333192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-03-15 11:11 . 2010-03-15 11:11 28424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-03-15 11:11 . 2010-03-15 11:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-11 17:30 . 2008-06-18 11:14 46080 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPSON Stylus TX200 Series\Language\0416.E_DIX0RA.DLL

2010-03-11 16:34 . 2008-06-19 09:00 51200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPSON Stylus TX200 Series\Language\0416.E_S9E0F7.DLL

2010-03-11 16:34 . 2008-06-20 11:06 216576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPSON Stylus TX200 Series\Language\0416.E_DI0EEA.DLL

2010-03-11 11:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 11:54 . 2010-03-10 11:54 -------- d-----w- C:\Dev-Cpp

2010-03-03 11:16 . 2010-03-03 11:16 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-03-03 11:16 . 2007-12-17 04:00 143872 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE

2010-02-25 11:59 . 2010-02-25 11:59 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-25 11:58 . 2010-02-25 11:58 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-25 11:57 . 2010-02-25 11:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-24 12:47 . 2010-02-24 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2010-02-22 09:57 . 2010-02-22 09:57 -------- d-----w- c:\windows\system32\wbem\Repository

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-22 12:49 . 2010-01-05 15:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-03-15 11:11 . 2010-01-05 15:24 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-15 11:11 . 2010-01-05 15:24 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-15 11:10 . 2010-01-05 15:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 21:00 . 2009-09-04 15:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-03-09 18:41 . 2009-12-13 12:48 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-03-03 11:15 . 2009-11-26 19:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EPSON

2010-03-03 11:15 . 2010-02-12 13:58 -------- d-----w- c:\arquivos de programas\EPSON

2010-02-25 11:58 . 2009-08-24 12:34 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-22 10:00 . 2004-08-04 12:00 83844 ----a-w- c:\windows\system32\perfc016.dat

2010-02-22 10:00 . 2004-08-04 12:00 480134 ----a-w- c:\windows\system32\perfh016.dat

2010-02-22 09:57 . 2009-08-24 13:48 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-12 14:04 . 2010-02-12 14:04 -------- d-----w- c:\arquivos de programas\Epson Software

2010-02-12 14:04 . 2009-08-21 21:07 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-10 13:29 . 2010-02-10 12:05 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2010-02-10 13:29 . 2010-02-10 12:05 110592 ----a-w- c:\windows\system32\OpenAL32.dll

2010-02-10 13:29 . 2010-02-10 13:29 -------- d-----w- c:\arquivos de programas\Trials 2 Second Edition

2010-02-10 12:05 . 2010-02-10 12:05 -------- d-----w- c:\arquivos de programas\OpenAL

2010-02-03 14:31 . 2009-09-08 15:43 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-03 14:30 . 2009-11-25 12:49 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-02 18:32 . 2010-02-02 18:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\JetFlash220

2010-01-26 13:06 . 2009-08-21 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-07 18:07 . 2009-09-08 15:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07 . 2009-09-08 15:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 18:23 . 2010-01-06 18:23 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-13 12:48 . 2009-12-13 12:48 8 --sh--r- c:\windows\system32\86D92C4CF5.sys

2006-01-31 16:49 . 2006-01-31 16:49 32768 --sha-r- c:\windows\system32\cdfffnt.dll

2006-01-31 16:50 . 2006-01-31 16:50 372736 --sha-r- c:\windows\system32\lkviridi.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{EE297EDF-DB07-44B4-9C93-D05BC4C0AF1D}"= "c:\windows\system32\lkviridi.dll" [2006-01-31 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-15 11:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 17:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 03:57 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-10-23 22:51 233472 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-06-25 14:24 49152 ----a-w- c:\arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-09 01:17 52256 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

2003-08-19 13:43 57344 ----a-w- c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-03-15 00:01 71216 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Counter-Strike\\hl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

"21146:TCP"= 21146:TCP:BitComet 21146 TCP

"21146:UDP"= 21146:UDP:BitComet 21146 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2010 12:24 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2010 12:24 242696]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [15/3/2010 08:11 308064]

S3 ALSysIO;ALSysIO; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{83B5A6A6-3D57-47E2-8E2D-A40CE596D74E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\arquivos de programas\PartyGaming\PartyCasino\RunApp.exe

FF - ProfilePath - c:\documents and settings\Informática\Dados de aplicativos\Mozilla\Firefox\Profiles\lcdx77ja.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{d174870f-310a-062a-5bfc-1d92a3bda22d}\components\P2__5_-3-BR2d.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\documents and settings\Informática\Dados de aplicativos\Mozilla\Firefox\Profiles\lcdx77ja.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\Informática\Dados de aplicativos\Mozilla\Firefox\Profiles\lcdx77ja.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft Research\HD View\nphdview.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npdsplay.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npwmsdrm.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\browserplusplugins\63df280283188ad0968275f0a8965830\npybrowserplus_2.6.0.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Explorer_Run-XPRTRFVB - c:\windows\system32\msnmsg.exe

MSConfigStartUp-uTorrent - c:\arquivos de programas\uTorrent\uTorrent.exe

AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\arquivos de programas\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-03-23 08:56

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2010-03-23 08:58:12

ComboFix-quarantined-files.txt 2010-03-23 11:58

Pré-execução: 16 pasta(s) 58.794.123.264 bytes disponíveis

Pós execução: 20 pasta(s) 63.673.589.760 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - F2273D77FF266DB13ED351B6FEB5EE62

X-RayPc:

Logfile of X-RayPc Build 39029 (Installed 1269335471)

Scan saved at 23/3/2010 09:13:59

Registry Settings:

IE Start Page (User) : about:blank

IE Start Page (Global) : http://go.microsoft.com/fwlink/?LinkId=69157

IE Blank Page : C:\WINDOWS\system32\blank.htm

IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157

IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE Search Page (Global) : http://go.microsoft.com/fwlink/?LinkId=54896

IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157

HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (111104 c52deb6d8cd4b096bf1a9ec001f36507)

C:\WINDOWS\system32\lsass.exe (13312 9607142710d3b64ab7fcce4be4e30d37)

C:\WINDOWS\system32\nvsvc32.exe (168004 383aa018830eb16965181c39cb0f3b73)

C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe (1086744 5021e9d92b21b198a6ac3be17a77f5fa)

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe (508184 1198dd519d352c4e6e71ed04d90b0710)

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe (710424 317cf665b44028ee36576bd276cc27d6)

C:\WINDOWS\system32\LEXBCES.EXE (303104 027d03d9d8ab95194a115a999e960ac0)

C:\WINDOWS\system32\spoolsv.exe (57856 af1d9ae15c11163f576df6ed6194b53c)

C:\WINDOWS\system32\LEXPPS.EXE (174592 8d836e60877ed79c409712b9be2dfc3b)

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (144672 4b5ae15e5c73eb4dc8dbec2788230d41)

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (308064 2ec36c3f9f64fb0b55ba3c43c11293b1)

C:\Arquivos de programas\Bonjour\mDNSResponder.exe (238888 3f56903e124e820aeece6d471583c6c1)

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE (143872 ec6a73cd8413f68655e5e0b99c415a21)

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE (113664 8fe6ab59cab8f2c038fea9522a5eeba7)

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (20543 b81f8778f5bb485f3b75114f0c99a49f)

C:\Arquivos de programas\Java\jre6\bin\jqs.exe (153376 39133291cb607bdd87cfc565a4a1e7a5)

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (335872 7cf1b716372b89568ae4c0fe769f5869)

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (65605 a6d83894395d9a18f3ce65edaf614271)

C:\WINDOWS\system32\HPZipm12.exe (69632 d31f88c5f19eefa366a415d6bc5f2abc)

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (20543 b81f8778f5bb485f3b75114f0c99a49f)

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe (272024 06a49b7bdc36cfbf97dd90804f833369)

C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (135233 f8bb9796539f8457e0d51818b7360aff)

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe (617752 83796e05eaab1188f2b27476393b83b6)

C:\WINDOWS\RTHDCPL.EXE (16380416 321cd85c4b67ca5ac01546ec336fb61b)

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (49152 926a397334fe426a6c7657096fe681db)

C:\Arquivos de programas\Java\jre6\bin\jusched.exe (149280 3a0647bded81dbe0bcbb51d70b22c9e0)

C:\Arquivos de programas\iTunes\iTunesHelper.exe (141600 68a553bdfa855c4f1074696682fcdeb6)

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (81920 d2aeadfd998706b4216315b2bd3fa79e)

C:\ARQUIV~1\AVG\AVG9\avgtray.exe (2059544 6b797f114f7554510a0cf05ab2dc1fef)

C:\WINDOWS\system32\ctfmon.exe (15360 4e486adfe3a0b9ed0eb0639902e9f64f)

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE (188928 38c8cc2e0ee92d6d40beb1f5b268380c)

C:\Arquivos de programas\iPod\bin\iPodService.exe (545568 7a3611564fce7c8be50b03f58cb3eb7d)

C:\WINDOWS\explorer.exe (1035776 064ec7ff5f58b928c3e119402977fa6d)

C:\Arquivos de programas\Mozilla Firefox\firefox.exe (910296 9a1d58a8d5da06ee6592673cf695db95)

C:\Documents and Settings\Informática\Desktop\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 6d2018aee93285f2a8bef55d722187a3)

Service: Apple Mobile Device C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (144672 4b5ae15e5c73eb4dc8dbec2788230d41)

Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: avg9wd C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (308064 2ec36c3f9f64fb0b55ba3c43c11293b1)

Service: Bonjour Service C:\Arquivos de programas\Bonjour\mDNSResponder.exe (238888 3f56903e124e820aeece6d471583c6c1)

Service: Browser C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch

Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: EPSON_EB_RPCV4_01 C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE (143872 ec6a73cd8413f68655e5e0b99c415a21)

Service: EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE (113664 8fe6ab59cab8f2c038fea9522a5eeba7)

Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: Eventlog C:\WINDOWS\system32\services.exe (111104 c52deb6d8cd4b096bf1a9ec001f36507)

Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: ForcewareWebInterface C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (20543 b81f8778f5bb485f3b75114f0c99a49f)

Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: iPod Service C:\Arquivos de programas\iPod\bin\iPodService.exe (545568 7a3611564fce7c8be50b03f58cb3eb7d)

Service: JavaQuickStarterService C:\Arquivos de programas\Java\jre6\bin\jqs.exe (153376 39133291cb607bdd87cfc565a4a1e7a5)

Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: LexBceS C:\WINDOWS\system32\LEXBCES.EXE (303104 027d03d9d8ab95194a115a999e960ac0)

Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: MDM C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (335872 7cf1b716372b89568ae4c0fe769f5869)

Service: Netman C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: Nla C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: nSvcIp C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (135233 f8bb9796539f8457e0d51818b7360aff)

Service: nSvcLog C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (65605 a6d83894395d9a18f3ce65edaf614271)

Service: NVSvc C:\WINDOWS\system32\nvsvc32.exe (168004 383aa018830eb16965181c39cb0f3b73)

Service: PlugPlay C:\WINDOWS\system32\services.exe (111104 c52deb6d8cd4b096bf1a9ec001f36507)

Service: Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe (69632 d31f88c5f19eefa366a415d6bc5f2abc)

Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 9607142710d3b64ab7fcce4be4e30d37)

Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 9607142710d3b64ab7fcce4be4e30d37)

Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: RichVideo C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe (272024 06a49b7bdc36cfbf97dd90804f833369)

Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss

Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 9607142710d3b64ab7fcce4be4e30d37)

Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: SENS C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 af1d9ae15c11163f576df6ed6194b53c)

Service: srservice C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: stisvc C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch

Service: Themes C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 ed2d69cd4b0ebe37efe11d4dc4abc68f)

O2 - BHO: (Adobe PDF Link Helper) - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (75200 dc1e56092cc57fb4605b088d3dccbf7a)

O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (1598744 0f7768ef34e96416934b81260483506d)

O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} -

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (408448 b7899c3e21b299d7a3c0da96cae340bd)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (41760 c9ede29f223a27873e187d9fb6045ea6)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (73728 dee8f03d1eace0c8f914a2c76568ea32)

O4 - HKLM\..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (16380416 321cd85c4b67ca5ac01546ec336fb61b)

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (188416 b25f66fdaa5a0389500c8a9e0433e5a5)

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (49152 926a397334fe426a6c7657096fe681db)

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe (1657376 4d1aeb26dcf91e3b800d93ea89db6a83)

O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (13877248 10e57fc61ec46fff49e8860a2a97f3db)

O4 - HKLM\..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll (86016 987467b9ffd1e2d0f6a3e530454994dc)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (149280 3a0647bded81dbe0bcbb51d70b22c9e0)

O4 - HKLM\..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\QTTask.exe (417792 55d7a219ad8d0db8980528944152a6fd)

O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe (141600 68a553bdfa855c4f1074696682fcdeb6)

O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe (221184 a379b75a6ffe4dfd3184f35f0141ce91)

O4 - HKLM\..\Run: [ISUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (81920 d2aeadfd998706b4216315b2bd3fa79e)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (35760 466ce40eaa865752f4930a472563e4e1)

O4 - HKLM\..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (948672 73bb442a717b9bb0097c243374c14a3e)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8491008 38f0ac81d2d8ecb43ae004fe435842ae)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8491008 38f0ac81d2d8ecb43ae004fe435842ae)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (236544 cc8915db4e33e8fb29ca0d2dbf75306e)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (122368 ff266d3e7a5022a955d8be52e0c018fe)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [WPDShServiceObj] C:\WINDOWS\system32\WPDShServiceObj.dll (133632 045e228f71c31901084b64be59093499)

O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in 1.6.0_17)- http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll (100128 048369c957bce15e4628fdeb65820be8)

O16 - DPF: {cafeefac-0016-0000-0017-abcdeffedcba} (Java Plug-in 1.6.0_17)- http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll (100128 048369c957bce15e4628fdeb65820be8)

O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.6.0_17)- http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab - C:\Arquivos de programas\Java\jre6\bin\npjpi160_17.dll (136992 3d58770680f268a23a8ce1f14b49aa2f)

O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

020 - HKLM\..\Notify: [avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll (12464 ee8fa2fa1e7d8f3a23ae76ddea5b4a67)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (605184 e15e70be8ab77090664861fe4bddb6bf)

020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (64512 7cd21680f74b6d2f170db4288a563b94)

020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (102400 7f1c91f1e0062070513a94b23bf2d84b)

020 - HKLM\..\Notify: [dimsntfy] C:\WINDOWS\System32\dimsntfy.dll (19456 8b448e3030507aa38a5ca92b38aa85f6)

020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (93184 362bb702157e62c425c3f19a1ea86b9a)

020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (93184 362bb702157e62c425c3f19a1ea86b9a)

020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 6affbcbb64792a08dee639e021384223)

020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 362bb702157e62c425c3f19a1ea86b9a)

020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 362bb702157e62c425c3f19a1ea86b9a)

020 - HKLM\..\Notify: [WgaLogon] C:\WINDOWS\system32\WgaLogon.dll (265096 e05db5e54cf2d1725ef2ef0e4b8ad3e1)

020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 362bb702157e62c425c3f19a1ea86b9a)

Uma pergunta, o que seria esse tal de "Bonjour mDNSResponder.exe ????

Obrigado!!
Abraço.

EDIT: Mr. Wolf, com relação ao msnmsg.exe - antes de eu vir aqui pedir sua ajuda, eu passei o BankerFix, como já dito, e ele achou esse msnmsg.exe e o moveu para uma pasta de quarentena em C:\LinhaDefensiva\QUA ... e renomeou-o para msnmsg.exe.vir ... devo excluir a pasta C:\LinhaDefensiva toda??? Vlw

esigolo · 23/03/2010

A principio pensei que era um serviço da apple mas não é na net tão avisando que é virus segue o tuto pra remover
. Go to Start > Run > type the command below and hit OK. Vá para Iniciar> Executar> digite o comando abaixo e clique em OK.

“%PROGRAMFILES%\Bonjour\mDNSResponder.exe” -remove "% PROGRAMFILES% \ Bonjour \ mDNSResponder.exe"-remover

2. Navigate to C:\Program Files\Bonjour Navegue para C: \ Arquivos de programas \ Bonjour
3. MdnsNSP.dll mudar o nome do arquivo em que a pasta mdnsNSP.old
4. Restart your computer Reinicie o seu computador
5. Excluir a Arquivos de programas \ Bonjour pasta

O primeiro comando irá parar e remover Bonjour Service a partir do seu computador. Para confirmar, vá para Iniciar> Executar, digite services.msc. Olhe para a Bonjour Service nome. Se não estiver lá, você tenha removido com êxito-a.

ATIprogamer · 23/03/2010

Bom aparentemente esse problema não ocorre no modo seguro,mas o mais incrivel é que o mouse novo que eu acabei de comprar não funciona mais de jeito nenhum!Pelo menos o ponteiro dele não...E o antigo funciona mais continua travando!Tem chance de ser algum super virus ou coisa do tipo!?

Remoção de vírus

Member

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Member

Member

HSG

Active Member

Malware Removal

Member

HSG

know-it-all Member

Active Member

Users who are viewing this thread