Remoção de vírus

Da uma olhada aqui apenas por segurança

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:09, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WISPTIS.EXE
D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Arquivos de programas\RivaTuner v2.20\RivaTuner.exe" /S
O4 - HKCU\..\Run: [uTorrent] "D:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229049962171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229049907187
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C3EFAB-7B46-4E0B-BA70-89191AAB6E1C}: NameServer = 201.10.120.3,201.10.1.2
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - D:\Documents and Settings\All Users\Dados de aplicativos\Norton\Norton2009Reset.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6479 bytes
 
Downadup... desistindo :(

Então gallera do Adrena...

--
Primeiramente eu gostaria de agradecer ao Mr.Wolf (e todos os colaboladores) por este excelente tópico. Tenho certeza q seus conselhos já ajudaram muita genta pela net. Parabéns pela dedicação, tchê... tu és um exemplo... :)
--

--Segue o log do HijackThis bem abaixo--

Eu infelizmente acho q tou com esse malware (Conflicker/Kido/Downadup) no meu pc... :cry:
Sintomas:
-AVG c nega a fazer update;
-Windows defender c nega a fazer update (enfim, programas anti-vírus, anti malware dizem ter dificuldades pra c conectar com o servidor);
-Há muito tempo q o windows update n baixa nada (com certeza está indevidamente desativado);
-Quando tento baixar algo do site da microsoft, o Firefox alega "Falha na conexão";
-Quando procuro por "windows update" no google e clico no primeiro link, o browser automaticamente retorna ao google;
-Quando clico em links diversos, sou redirecionado a sites sem nenhuma relação com o link q eu cliquei (muitas vezes sou redirecionado ao google).

O q eu já tentei fazer:
-Fiz download do removedor "f-downadup.exe", q detectou o downadup, disse q resolveu mas o problema persistiu (FAIL);
-Fiz download do removedor "kidokiller.exe" (kapersky), q passou mais de 2 horas escaneando o pc e n achou nada (apesar de ter citado 4 arquivos com erros, 2 na pasta "Arquivos de Programas\Internet Explorer e 2 na pasta "AdP\Movie Maker") (FAIL);
-Baixei o "SUPERAntiSpyware Free Edition", pois em outro caso semelhante um gringo tinha conseguido resolver o problema dele usando esse programa, Q TB detectou o downadup (2 DNS changer), disse q resolveu mas o problema persistiu (FAIL);

N sei mais o q fazer... tou a 8 horas na frente do pc tentando limpar sem sucesso... é realmente uma pena, pq em 3 anos esse é o 2º vírus q pego... sempre sou cuidadoso na net... :cry:

--Log do HijackThis--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:39:41, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\ARQUIV~1\avgrsx.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\avgtray.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
F:\Utilitarios\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww4.banrisul.com.br/bto/link/msie/SecureControl2k.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

--
End of file - 5963 bytes

Até onde eu saiba, o problema possivelmente tá aqui:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

Tentei bloquear os ips mas n consegui, pois sou um power user em c tratando de redes :no:

Ficaria eternamente grato por qualquer ajuda, por favor :(
 
Olá pessoal, desculpem-me a demora na resposta. O tempo aqui está curto...

Bom, não sei se ainda precisam de ajuda com os logs, caso ainda necessitem peço, que por favor, postem um novo log do HijackThis aqui (atualizado), para termos uma idéia da situação atual de seus computadores.
 
Salve!

Eu ainda n consegui resolver meu problema aqui :no:
Baixei Malwarebytes Anti Malware, SUPERAntiSpyware, Spybot, Ad-Aware...
De stand alone baixei f-secure.exe, fsmrt.exe, kidokiller.exe, Anti-downadup-graphics.exe... sem falar do AVG... :cry:
Ao todo eles acharam ~10 malwares entre Win32/Cryptor, Trojan.Generic, Trojan DNS changer e inúmeros tracking cookies... :boring:
Já baixei e instalei o MS08-067... um amigo meu baixou pra mim pq eu AINDA n tenho acesso ao downloads da microsoft (O vírus interrompe a minha conexão com o server da microsoft)

E os outros sintomas... n posso atualizar os AVs (nenhum dos q eu citei acima conseguiram c conectar com o servidor)... os browsers vivem me redirecionando pro google ou pesquisas no google... fora 2 BSDOs enquanto o HijackThis escaneava os meus processos e 3 congelamentos aleatóreos so sistema... (nossa fazia realmente mto tempo q eu n tinha um BSDO)

Bom, segue o log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:18, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\ARQUIV~1\avgrsx.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\avgtray.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Utilitarios\GPU-Z\GPU-Z.0.3.0.exe
F:\Utilitarios\SpeedFan\speedfan.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
F:\Utilitarios\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\avgtray.exe
O4 - HKCU\..\Run: [Fraps] C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww4.banrisul.com.br/bto/link/msie/SecureControl2k.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52433A90-A688-455C-84EB-CA91892EDC0B}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

--
End of file - 5925 bytes

Sinceramente, eu tou quase q dexando o pc assim... há 2 dias eu tento sem sucesso me livrar dessa praga :no:

Obrigado pela ajuda, Mr.Wolf :cry:
 
Opa, pode dar uma olhada aqui apenas por segurança ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:51, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\uTorrent\uTorrent.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Arquivos de programas\RivaTuner v2.20\RivaTuner.exe" /S
O4 - HKCU\..\Run: [uTorrent] "D:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229049962171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229049907187
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C3EFAB-7B46-4E0B-BA70-89191AAB6E1C}: NameServer = 201.10.120.3,201.10.1.2
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - D:\Documents and Settings\All Users\Dados de aplicativos\Norton\Norton2009Reset.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6330 bytes

:thumbs_up
 
ta ae mr wolf, novo log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:08, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cliente\Meus documentos\Arquivos Luiz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O4 - Global Startup: RoxRO.lnk = C:\Arquivos de programas\Gravity\RoxRO\RoxRO.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7296DB95-F4EE-4D38-8465-5D3DCF50D247}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\cliente\CONFIG~1\Temp\AVSETUP_497400d3\basic\avupgsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8971 bytes
 
Olá Mchawk, realmente você tem um enorme problema em seu computador. O que está ocorrendo na verdade é que, o downadup está em payload com outras infecções. Ou seja, quando remove-se uma infecção o downadup recria a mesma imediatamente, sendo assim, dificultando e/ou impossibilitando a remoção das infecções. Infelizmente, esta ainda é uma infecção nova, não há muitas ferramentas disponíveis e/ou desenvolvidas para lidar com este vírus. E as existentes como: F-Downadup Removal Tool entre outras, às vezes, não dão conta do recado!

Primeiramente, se você estiver com o computador ligado em rede, desconecte-o imediatamente, pois toda a rede pode estar contaminada, daí o motivo dos problemas. Pois o downadup é um worm (vírus que espalha em rede).

Sinceramente, eu tou quase q dexando o pc assim... há 2 dias eu tento sem sucesso me livrar dessa praga
Clique para expandir...
Amigo Mchawk, não aconselharia você a deixar a máquina nesta situação não. Até porque, se deixar como está, ficará pior, pois a tendência desta infecção é agravar o problema, e você até mesmo perderá arquivos importantes que estão salvos em seu sistema.

Siga estas instruções abaixo Mchawk:

1ª Etapa

- Com o navegador Internet Explorer, baixe o WinSockFix e salve-o no desktop, mas não execute-o ainda;
OBS: Para baixar a ferramenta, na página, clique no botão Descargar Winsock Fix 1.2. Lembre-se que deve ser com o navegador Internet Explorer!

- Execute o Malwarebytes Anti-Malware e clique na guia Atualização > Verificar Atualizações;
- Após, reinicie seu computador em Modo de Segurança (atenção, é importante que seja em modo seguro) e execute novamente o Malwarebytes. Clique em Verificação, marque Verificação Completa e clique em Verificar. Marque todas as unidades e clique no botão Iniciar Verificação;
- Ainda em Modo de Segurança, execute o WinSockFix dando um duplo clique em WinSockFix.exe;
- Abrirá a janela VB_Winfix 1.2, clique em Fix. Surgirá uma mensagem, clique em Sim;
- Terminando, reinicie normalmente o computador.

2ª Etapa

- Baixe esta ferramenta do link abaixo e salve-a no desktop:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe

- Execute o arquivo e apenas aguarde o término da verificação.

3ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Em sua próxima resposta Mchawk, cole os logs do Malwarebytes e ComboFix.
 
Julinhhu, vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o adware ASK Toolbar.

No mais o log está limpo Julinhhu.


_________________________________________


Ferps, qual é o problema?

Não há nada de anormal no log.
 
E ae amigo , como que anda? Tudo blz? Assim que tiver um tempo da um olho no meu log. Sem pressa.

Logfile of HijackThis v1.99.1
Scan saved at 16:26:31, on 11/02/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VibrateGameDeviceDriver\rfpicon.exe
C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\java.exe
C:\Users\Olivio\Documents\Download\PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Program DJ] "C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
 
Mr.Wolf o avira não para de detectar esse trojan:
The file 'C:\WINDOWS\System32\NetSettings.exe'
contained a virus or unwanted program 'TR/Agent.583680' [trojan]

E toda vez que eu saio de um jogo o pc trava(não sei se tem algo a ver).

Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:57, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EssSpkPhone] essspk1.exe -c
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Netsettings] "C:\WINDOWS\System32\NetSettings.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7151 bytes
 
Então Mr.Wolf...

Gostaria de lhe agradecer por estar me ajudando :)

Eu infelizmente vou ter q deixar pra amanhã a resolução do meu "caso", visto q vou passar a noite fora (clínica do sono, não desmarcável)...
MAS, tentei fazer os procedimentos da etapa 1 e eis q segue:
-Consegui baixar o Winsock Fix 1.2 do IE (sem complementos) como tu me instruiu (o nome do arquivo é WinsockxpFix.exe, procede?);
-O Malwarebytes falhou em atualizar o programa (ação do downadup, não é?) ("A atualização falhou. Verifique se você está conectado a Internet e se em seu firewall o programa tem autorização para acessar a Internet."). A versão do banco de dados do meu programa é a 1654, de 14/1/2009. Ontem eu vi no site deles q a definição já está na série 17xx, mas hj eu tento acessar o malwarebytes.org e os browsers dizem q o endereço n existe (procede?). --Estou aparentemente preso à versão 1654 do programa, eu utilizo ele mesmo assim?--
-Comecei a escanear o pc com o Malwarebytes em modo seguro, mas tive q interromper o processo devido à demora do programa (01:30 pra escanear 40.000 arquivos, quando no modo normal ele levou 01:20 pra escanear todos os meus ~250.000 arquivos. É normal essa lentidão no modo seguro?)

Mais uma vez, muito obrigado pela sua ajuda e pelo seu tempo, Mr.Wolf :thumbs_up
 
bom mr wolf, o que ando percebendo é uma LERDEZA no pc
mais caso não seja virus o que pode ser?
 
hey mr. wolf....ao trazer um pendrive do trabalho, acabei pegando virus/trojan/worm

o avast ficou que nem louco depois de colocar o pen drive

log do avast:
4/2/2009 22:28:18 Alexandre 1964 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\WINDOWS\system32\kavo.exe" file.
4/2/2009 22:24:11 Alexandre 1964 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 22:23:44 Alexandre 1964 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\DOCUME~1\ALEXAN~1\CONFIG~1\Temp\wxy4k.dll" file.
4/2/2009 22:21:29 Alexandre 468 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 22:21:14 Alexandre 468 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\DOCUME~1\ALEXAN~1\CONFIG~1\Temp\wxy4k.dll" file.
4/2/2009 22:13:16 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 22:13:16 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 22:13:16 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 22:11:41 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 22:11:14 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 22:11:12 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 22:11:10 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 22:07:55 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 22:07:27 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 22:07:26 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 22:07:24 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 22:07:19 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 22:06:53 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 22:06:52 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 22:06:51 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 22:06:46 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 22:06:19 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 22:06:17 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 22:06:16 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 22:06:13 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:58:17 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:58:16 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:58:13 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:58:09 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:57:44 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:57:43 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:57:43 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:57:39 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:57:13 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:57:12 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:57:09 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:57:01 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:55:12 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:55:09 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:55:06 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:55:00 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:54:33 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:54:31 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:54:29 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:54:25 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:54:00 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:53:59 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:53:59 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:53:46 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:53:21 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:53:20 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:53:20 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:53:06 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:52:40 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:52:40 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:52:39 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:52:35 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:52:10 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:52:09 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:52:08 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:52:05 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:51:40 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:51:39 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:51:38 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:51:33 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:51:07 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:51:07 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:51:06 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:51:02 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:50:36 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:50:36 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:50:35 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:50:32 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:50:05 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:50:04 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:50:02 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:50:00 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:49:32 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:49:31 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:49:22 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:49:16 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:48:48 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:48:47 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:48:45 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:48:36 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:48:10 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:48:09 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:48:09 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:48:02 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:47:36 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:47:35 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:47:32 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:47:29 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:47:25 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:47:22 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:47:19 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:47:17 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:47:14 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:47:07 SYSTEM 1940 Sign of "Win32:Gamona [Trj]" has been found in "C:\WINDOWS\system32\kavo0.dll" file.
4/2/2009 21:46:58 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:46:56 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:46:54 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:46:48 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:46:20 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "D:\autorun.inf" file.
4/2/2009 21:46:17 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "D:\ox.cmd" file.
4/2/2009 21:46:13 SYSTEM 1940 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
4/2/2009 21:45:49 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "C:\ox.cmd" file.
4/2/2009 21:44:01 SYSTEM 1940 Sign of "Win32:OnLineGames-EWI [Trj]" has been found in "F:\ox.cmd" file.
1/2/2009 13:04:45 SYSTEM 1964 Sign of "Win32:Trojan-gen {Other}" has been found in "H:\8.bat" file.

eu nao consigo mais tirar os arquivos e pastas do oculto....só tirando o atributo pelo cmd

eu nao sei se o avast conseguiu limpar tudo, mas pelo menos parou de apitar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:05, on 11/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Opera\opera.exe
D:\programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98349D3D-6D12-454D-B781-AA872E73A25C}: NameServer = 200.204.0.10,204.204.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

--
End of file - 4301 bytes

alem disso, tem um Worm que ainda é detectado pela Ferramenta do Windows

 
Dá uma olhada aí... to achando que to com Vírus aqui...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:22, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1...portuguese.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF32D210-948A-4A63-BD02-8938A15D4750}: NameServer = 200.225.197.34 200.225.197.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe


TOA ESPERANDO RESPOSTAS!!!
 
Cara to precisando muito de ajuda...
óh num seii bem se éh um vírus mesmo. Mas talvez com as informações que eu vo le dar vc possa me dizer.

Meo pc tinha 1.768 bm de memória. Mas aii toda vez q eu ia rodar um jogo o pc reiniciava. Aii tireii a memória de 1 gb, e o pc parou de reiniciar... Mas... agora fica corropendo todos os arquivos exe e naum instala nenhum antivirus. (ja tentei Avast, AVG, AV, MacAfee, norton.) E nenhum dar pra instalar.
e tem mais... eu sou web master e web design. e naum ta dando pra instalar nenhum programa da linha Cs da Adobe. Nem Cs1 nem 2 e nem 3 nenhum instala... aparece a messagen que o arquivo esta corrompido.
Ja atrazei um monte de pedido por causa disso.

Todo programa que eu tento instalar que tem arquivos no formato CAB ele diz que esta corrompido.

Vou colocar aki o log do HijackThis: (atualizado)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:06, on 12/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\Arquivos de programas\Vtune\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\VIA\RAID\raid_tool.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\RealOneMessageCenter.exe
C:\DOCUME~1\ALEFIN~1\CONFIG~1\Temp\Rar$EX00.656\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\AlefinhoO\xhk.exe \s
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4016185B-B06C-4935-8B06-2F6617F031F0}: NameServer = 200.255.255.65,200.255.255.66,201.45.250.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{4016185B-B06C-4935-8B06-2F6617F031F0}: NameServer = 200.255.255.65,200.255.255.66,201.45.250.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{4016185B-B06C-4935-8B06-2F6617F031F0}: NameServer = 200.255.255.65,200.255.255.66,201.45.250.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 7185 bytes


Por favor... me ajuda.

Ja tenteii de tudo. Mas como vc falou aki no fórum... agente naum pode se bazear no caso dos outros num éh?

Pois agradeço muito.
ValeoO.

ahh e se der... add no msn aii vc me dar umas dicas de vez em quando. blza?

alef_gda@hotmail.com

valeoO
 
Olá pessoal, vou responder à todos nos mesmos posts para não floodar o fórum.


Mr. Alef, siga as instruções do spoiler abaixo (basta clicar no botão Mostrar).

1ª Etapa

- Faça o download do SDFix e salve no desktop;

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;
● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);
● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;
● Tecle Y para que a ferramenta inicie o processo de remoção;
● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;
● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;
● Uma janela com o relatório do SDFix irá aparecer;
● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;


2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Em sua próxima resposta Mr. Alef, cole os logs do SDFix e ComboFix.
____________________________________


E aí meu amigo tosko, como vai?

Seu log está limpo amigo tosko. Está enfrentando algum problema aí?

____________________________________


110, o NetSettings.exe na verdade pode ser tanto legítmo quanto um vírus. Primeiro teremos que saber do que se trata este arquivo 110, saber se ele é legítmo ou não, para depois tomarmos alguma providência. Siga o procedimento dentro do spoiler 110:

Acesse o VirusTotal. Copie este caminho em vermelho abaixo e cole ao lado do botão
arquivolp8.jpg
. Clique em Enviar Arquivo e aguarde.

C:\WINDOWS\System32\NetSettings.exe

Copie o link que estará em frente ao nome Permalink, veja na imagem, e cole-o em sua próxima resposta 110:
virustotalrt7.jpg
____________________________________


Ferps, lentidão na máquina pode ser vários fatores. Faça um scan online na Kaspersky seguindo o tutorial abaixo e poste o relatório final do scan aqui Ferps:

http://www.linhadefensiva.org/forum/index.php?showtopic=74159

OBS: O scan deve ser feito pelo navegador Internet Explorer!

____________________________________


psychobain, siga as instruções dentro do spoiler abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
____________________________________


didifpg, o log está limpo.

O ocorre na máquina?
 
Opa Mchawk, vamos as questões então:

Postado originalmente por Mchawk
viewpost.gif

Eu infelizmente vou ter q deixar pra amanhã a resolução do meu "caso", visto q vou passar a noite fora (clínica do sono, não desmarcável)...
Clique para expandir...
Boa 'noitada' amigo Mchawk. :)

MAS, tentei fazer os procedimentos da etapa 1 e eis q segue:
-Consegui baixar o Winsock Fix 1.2 do IE (sem complementos) como tu me instruiu (o nome do arquivo é WinsockxpFix.exe, procede?);
Clique para expandir...
Correto.

-O Malwarebytes falhou em atualizar o programa (ação do downadup, não é?) ("A atualização falhou. Verifique se você está conectado a Internet e se em seu firewall o programa tem autorização para acessar a Internet.")
Clique para expandir...
Sim, ação do Downadup.

A versão do banco de dados do meu programa é a 1654, de 14/1/2009. Ontem eu vi no site deles q a definição já está na série 17xx --Estou aparentemente preso à versão 1654 do programa, eu utilizo ele mesmo assim?--
Clique para expandir...
Nossa Mchawk, você possui uma database bem antiga do Malwarebytes, presumo que esta infecção já está em seu sistema faz um bom tempo. Visto que, atualizamos o banco de dados do anti-malware diariamente, quer dizer, diria que de cinco em cinco horas, o programa é atualizado. Entretanto, a assinatura atual (visto neste momento) é 1752.

mas hj eu tento acessar o malwarebytes.org e os browsers dizem q o endereço n existe (procede?).
Clique para expandir...
Infelizmente não procede, outra ação do downadup. O site http://www.malwarebytes.org/ está em perfeito funcionamento.

--Estou aparentemente preso à versão 1654 do programa, eu utilizo ele mesmo assim?-
Clique para expandir...
Não amigo Mchawk. Utilizá-lo desatualizado assim não será de grande utilidade.

-Comecei a escanear o pc com o Malwarebytes em modo seguro, mas tive q interromper o processo devido à demora do programa (01:30 pra escanear 40.000 arquivos, quando no modo normal ele levou 01:20 pra escanear todos os meus ~250.000 arquivos. É normal essa lentidão no modo seguro?)
Clique para expandir...
É, no Modo Seguro é mais demorado, não só com o Malwarebytes, mas com qualquer programa. Pois estando em modo seguro, muitos processos não estão ativos, e muitos serviços não estão iniciados. Porém, esta demora contigo está bem duvidosa mesmo.

Faremos o seguinte Mchawk. siga então com os outros procedimentos, faça as instruções da segunda e terceira etapa. Depois disto, voltaremos ao Malwarebytes e WinSockFix.

Poste então o log do ComboFix. :thumbs_up
 
Olá, amigo Mr.Wolf

Então, completei com sucesso a segunda e a terceira etapa q tu me instruiu a fazer...
Infelizmente, o Downadup Remover da Symantec (segunda etapa) não achou nenhuma variação do vírus Win32/Downadup no meu pc (?) :cry:
Mas por outro lado, o ComboFix deletou vários arquivos infectados e gerou um... *Ahem*... rico log.txt para análise.

--Segue o log do ComboFix--

ComboFix 09-02-11.02 - Maria 2009-02-12 8:49:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.2046.1568 [GMT -2:00]
Executando de: c:\documents and settings\Maria\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Mozilla Firefox\components\iamfamous.dll
C:\autorun.inf
c:\docume~1\Maria\CONFIG~1\Temp\tmp1.tmp
c:\docume~1\Maria\CONFIG~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Maria\Menu Iniciar\Programas\coolplay
c:\documents and settings\Maria\Menu Iniciar\Programas\coolplay\Uninstall.lnk
c:\recycler\S-0-1-11-100023070-100011628-100030921-2223.com
c:\windows\system32\drivers\gaopdxekjbfrdc.sys
c:\windows\system32\drivers\gaopdxkjfghndq.sys
c:\windows\system32\drivers\gaopdxlmpktiqm.sys
c:\windows\system32\drivers\gaopdxloynmsow.sys
c:\windows\system32\drivers\gaopdxpptywvdp.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxsmvcnupl.dll
F:\Autorun.inf
f:\recycler\S-0-1-11-100023070-100011628-100030921-2223.com
f:\recycler\S-7-9-51-100014447-100014769-100013599-2638.com

----- BITS: Sites possivelmente infetados -----

hxxp://autovideo.110mb.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-12 to 2009-02-12 ))))))))))))))))))))))))))))
.

2009-02-12 08:17 . 2009-02-12 08:18 <DIR> d-------- C:\32788R22FWJFW
2009-02-11 18:06 . 2009-02-11 18:06 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2009-02-10 18:43 . 2009-02-10 18:43 <DIR> d-------- c:\documents and settings\Maria\Dados de aplicativos\Malwarebytes
2009-02-10 18:43 . 2009-02-10 18:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-02-10 18:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 18:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-10 17:58 . 2009-02-10 17:58 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com
2009-02-10 14:38 . 2009-02-10 14:40 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-09 23:12 . 2009-02-09 23:12 <DIR> d-------- c:\documents and settings\Maria\Dados de aplicativos\SUPERAntiSpyware.com
2009-02-09 23:12 . 2009-02-09 23:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2009-02-09 21:56 . 2009-02-09 21:56 1,131,800 --a------ c:\arquivos de programas\avgapix.dll
2009-02-09 21:56 . 2009-02-09 21:56 687,896 --a------ c:\arquivos de programas\avgcsrvx.exe
2009-02-09 21:56 . 2009-02-09 21:56 592,128 --a------ c:\arquivos de programas\avgnsx.exe
2009-02-09 21:56 . 2009-02-09 21:56 423,192 --a------ c:\arquivos de programas\fixcfg.exe
2009-02-09 21:56 . 2009-02-09 21:56 416,536 --a------ c:\arquivos de programas\avgcclix.dll
2009-02-09 21:56 . 2009-02-09 21:56 379,672 --a------ c:\arquivos de programas\avgclitx.dll
2009-02-09 21:56 . 2009-02-09 21:56 350,488 --a------ c:\arquivos de programas\avgxch32.dll
2009-02-09 21:56 . 2009-02-09 21:55 317,644 --a------ c:\arquivos de programas\sb.dat
2009-02-09 21:56 . 2009-02-09 21:56 270,616 --a------ c:\arquivos de programas\avgamnot.dll
2009-02-09 21:56 . 2009-02-09 21:56 222,488 --a------ c:\arquivos de programas\avg7api.dll
2009-02-09 21:56 . 2009-02-09 21:55 115,900 --a------ c:\arquivos de programas\sc.dat
2009-02-09 21:56 . 2009-02-09 21:55 2,188 --a------ c:\arquivos de programas\sb2.dat
2009-02-09 21:56 . 2009-02-09 21:45 1,044 --a------ c:\arquivos de programas\cf.dat
2009-02-09 21:56 . 2009-02-09 21:45 120 --a------ c:\arquivos de programas\ph.dat
2009-02-09 21:45 . 2009-02-09 21:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-09 21:45 . 2009-02-09 21:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-02-09 21:45 . 2009-02-09 21:56 <DIR> d-------- c:\arquivos de programas\Icons
2009-02-09 21:45 . 2009-02-09 21:56 <DIR> d-------- c:\arquivos de programas\Firefox
2009-02-09 21:45 . 2009-02-09 21:54 <DIR> d-------- c:\arquivos de programas\AVG
2009-02-09 21:45 . 2009-02-09 21:56 3,344,152 --a------ c:\arquivos de programas\avgui.exe
2009-02-09 21:45 . 2009-02-09 21:56 2,363,672 --a------ c:\arquivos de programas\avguires.dll
2009-02-09 21:45 . 2009-02-09 21:56 2,266,392 --a------ c:\arquivos de programas\avguiadv.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,691,416 --a------ c:\arquivos de programas\avgcorex.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,601,304 --a------ c:\arquivos de programas\avgtray.exe
2009-02-09 21:45 . 2009-02-09 21:56 1,419,544 --a------ c:\arquivos de programas\avgupd.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,216,536 --a------ c:\arquivos de programas\avgwd.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,193,240 --a------ c:\arquivos de programas\avgfrw.exe
2009-02-09 21:45 . 2009-02-09 21:56 1,149,720 --a------ c:\arquivos de programas\avgabout.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,078,552 --a------ c:\arquivos de programas\avgssie.dll
2009-02-09 21:45 . 2009-02-09 21:45 1,045,128 --a------ c:\arquivos de programas\dbghelp.dll
2009-02-09 21:45 . 2009-02-09 21:56 1,032,984 --a------ c:\arquivos de programas\avgupd.exe
2009-02-09 21:45 . 2009-02-09 21:45 966,400 --a------ c:\arquivos de programas\avgresf.dll
2009-02-09 21:45 . 2009-02-09 21:56 935,192 --a------ c:\arquivos de programas\avgxpl.dll
2009-02-09 21:45 . 2009-02-09 21:56 935,164 --a------ c:\arquivos de programas\setup.dat
2009-02-09 21:45 . 2009-02-09 21:56 824,600 --a------ c:\arquivos de programas\avgcmgr.exe
2009-02-09 21:45 . 2009-02-09 21:56 819,992 --a------ c:\arquivos de programas\avgcfgx.dll
2009-02-09 21:45 . 2009-02-09 21:56 756,504 --a------ c:\arquivos de programas\avgscanx.exe
2009-02-09 21:45 . 2009-02-09 21:56 744,728 --a------ c:\arquivos de programas\avginet.dll
2009-02-09 21:45 . 2009-02-09 21:56 729,880 --a------ c:\arquivos de programas\avgcfgex.exe
2009-02-09 21:45 . 2009-02-09 21:56 677,144 --a------ c:\arquivos de programas\avgsrmx.dll
2009-02-09 21:45 . 2009-02-09 21:56 578,840 --a------ c:\arquivos de programas\avgiproxy.exe
2009-02-09 21:45 . 2009-02-09 21:56 531,224 --a------ c:\arquivos de programas\avgsched.dll
2009-02-09 21:45 . 2009-02-09 21:56 509,208 --a------ c:\arquivos de programas\avgvvx.dll
2009-02-09 21:45 . 2009-02-09 21:56 484,120 --a------ c:\arquivos de programas\avgrsx.exe
2009-02-09 21:45 . 2009-02-09 21:56 422,400 --a------ c:\arquivos de programas\avgwdwsc.dll
2009-02-09 21:45 . 2009-02-09 21:56 341,272 --a------ c:\arquivos de programas\avgsrmax.exe
2009-02-09 21:45 . 2009-02-09 21:56 341,272 --a------ c:\arquivos de programas\avglogx.dll
2009-02-09 21:45 . 2009-02-09 21:56 333,592 --a------ c:\arquivos de programas\avgscanx.dll
2009-02-09 21:45 . 2009-02-09 21:56 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-09 21:45 . 2009-02-09 21:56 311,064 --a------ c:\arquivos de programas\avglngx.dll
2009-02-09 21:45 . 2009-02-09 21:56 303,384 --a------ c:\arquivos de programas\avgmvflx.dll
2009-02-09 21:45 . 2009-02-09 21:56 298,264 --a------ c:\arquivos de programas\avgwdsvc.exe
2009-02-09 21:45 . 2009-02-09 21:56 264,472 --a------ c:\arquivos de programas\avgoff2k.dll
2009-02-09 21:45 . 2009-02-09 21:56 176,408 --a------ c:\arquivos de programas\avgmail.dll
2009-02-09 21:45 . 2009-02-09 21:56 117,528 --a------ c:\arquivos de programas\avgse.dll
2009-02-09 21:45 . 2009-02-09 21:56 84,399 --a------ c:\arquivos de programas\dfncfg.dat
2009-02-09 21:45 . 2009-02-09 21:56 79,128 --a------ c:\arquivos de programas\avgpp.dll
2009-02-09 21:45 . 2009-02-09 21:56 75,544 --a------ c:\arquivos de programas\avgdumpx.exe
2009-02-09 21:45 . 2009-02-09 21:56 69,400 --a------ c:\arquivos de programas\avgcrlpx.dll
2009-02-09 21:45 . 2009-02-09 21:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-04 18:19 . 2009-02-04 18:19 <DIR> d-------- C:\_UFRGS
2009-01-28 11:03 . 2009-01-28 11:05 <DIR> d-------- c:\arquivos de programas\Microsoft Games for Windows - LIVE

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 10:09 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-02-10 01:11 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-02-09 23:57 904 ----a-w c:\arquivos de programas\updatecomps.cfg
2009-02-09 23:57 559 ----a-w c:\arquivos de programas\update.cfg
2009-02-09 23:56 93,296 ----a-w c:\arquivos de programas\setupus.lns
2009-02-09 23:56 4,889 ----a-w c:\arquivos de programas\avgmwdef_us.mht
2009-02-09 23:56 278,597 ----a-w c:\arquivos de programas\avg8us.lng
2009-02-09 23:56 236,824 ----a-w c:\arquivos de programas\avgbat.bav
2009-02-09 23:56 2,552 ----a-w c:\arquivos de programas\avgatend.stp
2009-02-09 23:56 1,184 ----a-w c:\arquivos de programas\avgatupd.stp
2009-02-09 23:55 24,520 ----a-w c:\arquivos de programas\sc.dat.xcd
2009-02-09 23:55 138,536 ----a-w c:\arquivos de programas\sb.dat.xcd
2009-02-09 23:45 190 ----a-w c:\arquivos de programas\avg.snu
2009-02-09 23:45 17,321 ----a-w c:\arquivos de programas\contacts_us.html
2009-02-09 23:45 168,298 ----a-w c:\arquivos de programas\avgf8us.chm
2009-02-09 23:45 10,310 ----a-w c:\arquivos de programas\license_us.txt
2009-02-09 15:35 --------- d-----w c:\arquivos de programas\eMule
2009-02-02 13:46 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-02 13:46 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-02 02:41 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-04 03:52 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2009-01-04 03:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Fallout3
2009-01-04 03:49 --------- d-----w c:\arquivos de programas\MSBuild
2009-01-04 03:46 --------- d-----w c:\arquivos de programas\Reference Assemblies
2009-01-02 23:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ATI
2009-01-02 23:50 --------- d-----w c:\arquivos de programas\ATI Technologies
2009-01-02 23:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\ATI Technologies
2008-12-15 21:53 --------- d-----w c:\arquivos de programas\MSN Messenger
2008-12-01 16:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-12-01 14:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 14:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 14:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 14:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 14:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 14:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 14:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 14:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 14:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 14:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 14:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 14:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 14:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 13:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 13:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 13:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 13:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 13:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 13:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 13:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 13:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 13:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-11-28 13:18 744,960 ----a-w c:\windows\system32\IR41_32.DLL
2008-11-28 13:18 199,168 ----a-w c:\windows\system32\ir32_32.dll
2008-11-28 13:18 13,312 ----a-w c:\windows\system32\svrapi.dll
2008-10-05 23:58 22,328 ----a-w c:\documents and settings\Maria\Dados de aplicativos\PnkBstrK.sys
2004-03-11 16:27 40,960 -c--a-w c:\arquivos de programas\Uninstall_CDS.exe
2006-10-09 00:07 61 --sha-w c:\windows\cnerolf.dat
2008-10-22 11:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008102220081023\index.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Atalho para a Página de Propriedades do High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-09 21:56 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Maria\Dados de aplicativos\iolo"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Maria^Menu Iniciar^Programas^Inicializar^Active SMART.lnk]
backup=c:\windows\pss\Active SMART.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-02-09 21:56 1601304 c:\arquiv~1\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 14:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2006-12-19 11:02 2842624 c:\arquivos do ricardo\Utilitários\Fraps\Fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 00:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2004-09-22 17:10 1871872 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2006-01-06 14:57 344064 c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 02:07 593920 c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 c:\arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2006-01-16 15:06 114688 c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
--a------ 2008-08-03 12:38 61440 c:\arquivos do ricardo\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\arquivos de programas\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ActiveSMART Service"=2 (0x2)
"nTuneService"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NVSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ImapiService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos do Ricardo\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Arquivos do Ricardo\\Half-Life\\hl.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos do Ricardo\\Soldat\\Soldat.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Arquivos do Ricardo\\Warcraft III\\war3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos do Ricardo\\Battlefield 1942\\BF1942.exe"=
"c:\\Arquivos do Ricardo\\Battlefield 1942\\BF1942_w32ded.exe"=
"c:\\Arquivos do Ricardo\\Colin McRae Rally 2005\\CMR5.EXE"=
"c:\\Arquivos do Ricardo\\Battlefield 2\\BF2.exe"=
"c:\\Arquivos do Ricardo\\Utilitários\\BitLord\\BitLord.exe"=
"c:\\Arquivos do Ricardo\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos do Ricardo\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"f:\\Meus Jogos\\TDU\\TestDriveUnlimited.exe"=
"f:\\Meus Jogos\\TrackMania Nations Forever\\TmForever.exe"=
"f:\\Meus Jogos\\Call of Duty 4 Modern Warfare\\iw3mp.exe"=
"f:\\Meus Jogos\\First Encounter Assault Recon\\fpupdate.exe"=
"f:\\Meus Jogos\\First Encounter Assault Recon\\FEAR.exe"=
"f:\\Meus Jogos\\First Encounter Assault Recon\\FEARMP.exe"=
"f:\\Meus Jogos\\SEGA Rally Revo\\SEGA Rally.exe"=
"f:\\Meus Jogos\\Colin McRae DiRT\\DiRT\\DiRT.exe"=
"f:\\Meus Jogos\\Joint Task Force\\jtf.exe"=
"f:\\Meus Jogos\\Half-Life 2\\SteamApps\\jmchawk\\counter-strike source\\hl2.exe"=
"f:\\Meus Jogos\\Comanche 4\\update.exe"=
"f:\\Meus Jogos\\Grid\\GRID.exe"=
"f:\\Meus Jogos\\Crysis\\Bin32\\Crysis.exe"=
"f:\\Meus Jogos\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\avgupd.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 atitray;atitray;f:\utilitarios\ATI Tray Tools\atitray.sys [2008-09-08 18336]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-09 325128]
R1 SASDIFSV;SASDIFSV;c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 SNSID;SNSID;c:\windows\system32\drivers\SNSID.SYS [2007-07-02 22784]
R1 SNSMS;SNSMS;c:\windows\system32\drivers\SNSMS.SYS [2006-04-01 35464]
R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avgwdsvc.exe [2009-02-09 298264]
R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
R2 Ps2KSecureKeyboard;SecureKbd;c:\windows\system32\drivers\psseckbd.sys [2006-04-01 15048]
R2 SNMgrSvc;SNMgrSvc;c:\windows\system32\SnMgrSvc.exe [2006-04-01 280712]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93184]
R3 vhidmini;Secure Mouse;c:\windows\system32\drivers\vhsecmou.sys [2006-04-01 12464]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-09-28 16512]
S3 C21NDIS;COM21 DP1110 USB Cable Modem;c:\windows\system32\drivers\C21Ndis.sys [2001-03-20 10962]
S3 Fadpu16E;Fadpu16E; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ActiveSMART Service;ActiveSMART Service;f:\utilitarios\Active SMART\ASmartService.exe [2008-07-21 538272]
S4 ioloFileInfoList;iolo FileInfoList Service; [x]
S4 ioloSystemService;iolo System Service; [x]
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-nwiz - nwiz.exe


.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - hxxps://ww4.banrisul.com.br/bto/link/msie/SecureControl2k.cab
FF - ProfilePath - c:\documents and settings\Maria\Dados de aplicativos\Mozilla\Firefox\Profiles\wr8lrxb5.default\
FF - component: c:\arquivos de programas\Firefox\components\avgssff.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npAtmCap.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npSnInstall.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
.
------- Associação de arquivos/ficheiros -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 08:54:18
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1078145449-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,8c,dc,2a,d4,0d,34,48,d5,ff,8b,8d,61,01,8b,f6,e0,83,52,0e,ec,73,c4,
be,fe,03,ba,a0,ee,3e,64,60,9a,2f,9f,c8,20,d6,e9,45,a2,15,68,b1,b5,c1,c8,3a,\
"??"=hex:93,d1,e7,ab,fb,24,8c,1d,c0,c0,35,ea,3b,ed,16,4c

[HKEY_USERS\S-1-5-21-57989841-1078145449-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:4c,0b,bf,89,62,c5,af,c8,34,e3,9e,39,eb,37,74,0c,47,1e,8e,eb,c5,
74,ec,31,b1,e0,3d,54,ff,31,8f,56,c8,1d,20,c0,a4,d8,df,56,bf,2b,2b,7b,a9,65,\
"rkeysecu"=hex:e5,81,d4,14,9a,63,6c,db,db,1f,fa,22,6d,73,1b,a9
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\arquivos do ricardo\Utilitários\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Tempo para conclusão: 2009-02-12 8:56:17
ComboFix-quarantined-files.txt 2009-02-12 10:56:14

Pré-execução: 18 pasta(s) 53,700,743,168 bytes disponíveis
Pós execução: 18 pasta(s) 55,349,870,592 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
402 --- E O F --- 2009-01-27 17:10:21

--

Mais uma vez, muito obrigado pela sua ajuda Mr.Wolf, ela tem sido muitíssimo valiosa! :thumbs_up
 
Mr Wolf!!!!!!
Quanto tempo amigo! E aí, ainda está em Moscou? Como anda aí no seu frio de rachar o queixo?! Muito trabalho né? Me diz uma coisa, o caso do nosso amigo Carlos MEP foi resolvido? Conseguiu remover o maldito vundo?
Olha só, estou com um caso sérissimo de um vírus nessa máquina. Os sintomas são: Não consigo fazer o download das principais ferramentas de remoção ou diagnóstico (hijackthis / combofix /malwarebytes) nada, sempre que vou baixar ele dá erro como se a página não pudesse ser encontrada.
Tentei baixar o hijackthis no meu computador e salvar num pendrive, daí tudo bem, copiei para o computador infectado, mas quando vou executar a ferramenta simplesmente nada acontece. Tentei com o combofix e o malwarebytes mas dá no mesmo. Não consigo instalar nenhuma ferramenta nessa máquina.
Resolvi tentar ligar esse hd em meu computador para fazer um scan com o meu Nod32 e ele acusou mais de 150 itens infectados. Os nomes dos vírus no relatorio foram esses:
Win32/Sality.NAO vírus
Win32/AutoRun.KS worm
Win32/PSW.OnLineGames.NMY calado de tróia

E agora, o que faço?
 
Oi grande rei Mr.Wolf nao sabia que tinha voltado rapaiz, bahh que otimo. Nem amolei muito aqui no topico porque sabia que estava sem tempo. Que bom que esta de volta aqui para nos ajudar.

Mr.Wolf nesses dias em que vc tava ausente nem usei esse micro para nao piorar, mais lhe digo uma coisa ele ja ta 100% funcionando perfeitamente. Abaixo vou colocar o novo log do HijackThis dele se tiver um tempo pode dar uma olhada?

Atenciosamente

Carlos

PS.: que bom que esta de volta Mr.Wolf, obrigado sempre por tudo.

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:22, on 12/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

--
End of file - 7232 bytes
 
Tá terminando!

Então, Mr.Wolf

Após a varredura completa do ComboFix, o meu sistema passou a aceitar atualizações pros AVs e as páginas bloqueadas voltaram a funcionar!
Muitíssimo obrigado, Wolf! :yes:

Então, com a MalwareBytes atualizado (versão do programa 1.34, versão do banco de dados 1753) eu pude "continuar" pra etapa 1...

Mas antes de entrar em modo de segurança e fazer a varredura pelo MB, eu tentei limpar o meu registro usando o Marcos Velascos RegClean 5.5 (a revista INFO recomendou o programa :) ). Entretanto eu não tive sucesso, pois nas duas tentativas de escaneamento o software causou um BSDO de "PAGE_FAULT_IN_NONPAGED_AREA".
Esse "erro" foi solucionado seguindo os passos da 1ª etapa q tu me sugeriu...

Mais de 4 horas e 400.000 arquivos depois (é, sofri... :slap:), eis o log do MalwareBytes:

Malwarebytes' Anti-Malware 1.34
Versão do banco de dados: 1753
Windows 5.1.2600 Service Pack 3

12/2/2009 16:14:17
mbam-log-2009-02-12 (16-14-17).txt

Tipo de Verificação: Completa (C:\|D:\|E:\|F:\|)
Objetos verificados: 414091
Tempo decorrido: 4 hour(s), 15 minute(s), 50 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 2
Pastas infectadas: 0
Arquivos infectados: 3

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
F:\Meus Jogos\Fallout 3\Fallout 2 (I)\Coolplay\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SnEngine.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SnAgOS.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

--

Apesar de saber q os arquivos SnEngine.exe e SnAgOS.exe são parte da segurança do Homebanking Banrisul eu resolvi deletá-los, visto que o MB acusou como Trojan...

--

Um último log do HijackThis só pra ter certeza...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:47, on 12/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\SnMgrSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\ARQUIV~1\avgtray.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Utilitarios\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\avgtray.exe
O4 - HKCU\..\Run: [Fraps] C:\Arquivos do Ricardo\Utilitários\Fraps\Fraps\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww4.banrisul.com.br/bto/link/msie/SecureControl2k.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos do Ricardo\Utilitários\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

--
End of file - 5482 bytes
--

Uma última perguntinha: O ComboFix criou 3 pastas no meu C:\ (32788R22FWJFW, ComboFix e Qoobox). Teria algum problema se eu deletar elas? Também no meu C:\, o windows update criou (a muito tempo) uma pasta cheia de numeros e caracteres (d454130cfc46e7e2230cd19654) com outra subpasta (update), contendo um arquivo (update.exe). Quando eu tento executar o programa, abre uma janela de erro dizendo "Este aplicativo não pôde ser iniciado porque não foi encontrado UPDSPAPI.dll. A reinstalação do aplicativo pode corrigir o problema." Teria algum problema c eu deletasse essa pasta?

Era isso... desculpe tomar tanto de seu tempo :slap:

Já deve tá cansado de ouvir isso de mim maaas...
MUITÍSSIMO OBRIGADO Mr.Wolf! Sinceramente, palavras não descrevem o quão agradecido eu tou! :lol:
Tchê, eu tenho arquivos nos meus HDs q datam desde 1999 e q eu ainda uso! E o mais importante, q NÃO são mais encontrados na net! :eek:
Eu n consigo imaginar o q eu faria c algum deles fosse deletado por um vírus ou afim... :fist:
É, hora de fazer um backup :lol:

Cara, conte com a minha disposição e boa vontade sempre q precisar... :wave:

Acho q por agora é só, vlw mesmo Wolf :yes:

:thumbs_up
 
hijack

ola wolf aaqui estou eu acho q meu pc ta com virus denovo o ie esta muito lento e meu pendrive esta infectado por um mallware desde ja obrigado.
 
e ae mr wolf eu qria saber se o ad aware eh um bom programa pra remover spy wares keyloggers e etc?
eu posso deixa lo instalado no pc com o malware antimalware q nao entram em conflito?
 
Mr.Wolf disse:
psychobain, siga as instruções dentro do spoiler abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
____________________________________
Clique para expandir...

ComboFix 09-02-12.03 - Alexandre 2009-02-12 21:35:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.681 [GMT -3:00]
Executando de: c:\documents and settings\Alexandre\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
* Criado um novo ponto de restauro
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))
.

2009-01-15 23:23 . 2009-01-15 23:23 <DIR> d-------- C:\ELVIS
2009-01-14 07:15 . 2009-02-11 14:08 329 --a------ c:\windows\system32\MRT.INI

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 00:35 --------- d-----w c:\documents and settings\Alexandre\Dados de aplicativos\uTorrent
2009-02-05 03:19 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-01-18 18:00 --------- d-----w c:\documents and settings\Alexandre\Dados de aplicativos\Vso
2009-01-17 21:57 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-01-14 19:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 19:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 22:13 --------- d-----w c:\documents and settings\Alexandre\Dados de aplicativos\foobar2000
2009-01-10 22:11 --------- d-----w c:\arquivos de programas\Exact Audio Copy
2009-01-05 00:53 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-01-03 23:19 --------- d-----w c:\arquivos de programas\InstallShield Installation Information
2009-01-03 17:46 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 17:46 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-03 03:38 22,328 ----a-w c:\documents and settings\Alexandre\Dados de aplicativos\PnkBstrK.sys
2009-01-03 03:37 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-01-03 03:37 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-03 03:31 --------- d-----w c:\arquivos de programas\Activision
2009-01-02 21:42 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-01-02 21:42 --------- d-----w c:\documents and settings\Alexandre\Dados de aplicativos\Malwarebytes
2008-12-31 23:28 --------- d-----w c:\arquivos de programas\GameVicio
2008-12-31 21:33 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ubisoft
2008-12-31 21:14 --------- d-----w c:\arquivos de programas\Ubisoft
2008-12-28 23:43 --------- d-----w c:\arquivos de programas\Opera
2008-12-24 00:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-14 16:06 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy
2008-08-14 21:06 47,360 ----a-w c:\documents and settings\Alexandre\Dados de aplicativos\pcouffin.sys
2008-04-23 22:01 92,064 ----a-w c:\documents and settings\Alexandre\mqdmmdm.sys
2008-04-23 22:01 9,232 ----a-w c:\documents and settings\Alexandre\mqdmmdfl.sys
2008-04-23 22:01 79,328 ----a-w c:\documents and settings\Alexandre\mqdmserd.sys
2008-04-23 22:01 66,656 ----a-w c:\documents and settings\Alexandre\mqdmbus.sys
2008-04-23 22:01 6,208 ----a-w c:\documents and settings\Alexandre\mqdmcmnt.sys
2008-04-23 22:01 5,936 ----a-w c:\documents and settings\Alexandre\mqdmwhnt.sys
2008-04-23 22:01 4,048 ----a-w c:\documents and settings\Alexandre\mqdmcr.sys
2008-04-23 22:01 25,600 ----a-w c:\documents and settings\Alexandre\usbsermptxp.sys
2008-04-23 22:01 22,768 ----a-w c:\documents and settings\Alexandre\usbsermpt.sys
.

------- Sigcheck -------

2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 07:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-01-23 01:42 360064 bfe14c32d1702d4d2a2f39731d22c71f c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-07-10 21:18 360320 3b0c64ef8d0ebb5e43121603ad03545c c:\windows\system32\dllcache\TCPIP.SYS
2008-07-10 21:18 360320 3b0c64ef8d0ebb5e43121603ad03545c c:\windows\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2009-02-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Alexandre^Menu Iniciar^Programas^Inicializar^desktop.ini]
backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^desktop.ini]
backup=c:\windows\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 09:05 486856 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 18:16 454784 c:\arquivos de programas\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 22:54 507904 c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
--a------ 2004-08-30 04:37 286720 c:\windows\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2009-02-09 21:11 270128 c:\arquivos de programas\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-07-12 15:33 1581056 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-04-23 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-04-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-04-23 40832]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
TCP: {98349D3D-6D12-454D-B781-AA872E73A25C} = 200.204.0.10,204.204.0.138
FF - ProfilePath - c:\documents and settings\Alexandre\Dados de aplicativos\Mozilla\Firefox\Profiles\foqbinwl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 21:37:14
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-823518204-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,b4,e9,e6,7a,06,34,31,3c,ba,f2,ef,ea,0e,e2,62,00,9e,d3,eb,8b,e9,27,
34,d7,7f,d8,e2,de,08,63,96,7b,10,1d,51,3f,9a,8e,c0,bf,a1,5e,fb,0a,01,34,f8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-746137067-823518204-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0e,48,04,5a,12,ad,d8,d1,46,38,e0,e3,6e,29,10,7d,6c,a1,e7,c1,fb,
7c,8d,cf,f7,c0,01,ef,77,ba,cc,65,3a,42,e9,56,a4,62,32,b2,84,17,2d,c6,ae,8d,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
Tempo para conclusão: 2009-02-12 21:38:33
ComboFix-quarantined-files.txt 2009-02-13 00:38:22

Pré-execução: 9 pasta(s) 50.695.421.952 bytes disponíveis
Pós execução: 9 pasta(s) 50,691,055,616 bytes disponíveis

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
170 --- E O F --- 2009-02-11 17:08:48
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 5 (membros: 0, visitantes: 5)
Voltar
Topo