Ir para conteúdo
Entre para seguir isso  
Lycurgus

Meu PC não desliga pelo menu iniciar

Mensagem Recomendada

Ola galera!

Meu PC não desliga pelo menu iniciar, para desativa-lo tenho que trocar de usuário e então faze-lo.

Ja pesquisei sobre isso e ja tentei varios programas de correção, ja tentei desativar todos os programas em uso antes de desliga-lo, mas mesmo assim ele não responde.

Esse é o diagnóstico do Hijack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:49:10, on 14/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\nvsvc32.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Windows\system32\wscntfy.exe

C:\Windows\Explorer.EXE

C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\firefox.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Arquivos de programas\FileSystem\aboutblank.exe

C:\Windows\System32\svchost.exe

C:\Windows\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\FileSystem\winhelp.exe

C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\firefox.exe

C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\plugin-container.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\plugin-container.exe

C:\Windows\system32\rundll32.exe

E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2567694

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [FileRum.exe] C:\Windows\system32\FileRum.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\firefox\explorer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\firefox\explorer.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\firefox\explorer.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\firefox\explorer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--

End of file - 10278 bytes

Obigado, me ajudem por favor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale o COMODO Internet Security..

Reinicie....

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + o Relatorio.txt que encontrará em C:\LinhaDefensiva + um novo Log do HijackThis .

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus..


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom ai segue o pedido:

Log do MBAM

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 5765

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/2/2011 00:17:26

mbam-log-2011-02-15 (00-17-26).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 153449

Tempo decorrido: 2 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 2

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 2

Valores de Registro Infectados: 6

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 1

Arquivos Infectados: 19

Processos de Memória Infectados:

c:\arquivos de programas\filesystem\aboutblank.exe (Trojan.Banker) -> 3944 -> Unloaded process successfully.

c:\arquivos de programas\filesystem\winhelp.exe (Trojan.Banker) -> 2136 -> Unloaded process successfully.

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.Bot) -> Value: HKLM -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.Bot) -> Value: HKCU -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FileRum.exe (Trojan.Banker) -> Value: FileRum.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

c:\arquivos de programas\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.

Arquivos Infectados:

c:\Windows\system32\firefox\explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\arquivos de programas\filesystem\aboutblank.exe (Trojan.Banker) -> Quarantined and deleted successfully.

c:\arquivos de programas\filesystem\filerum.exe (Trojan.Banker) -> Quarantined and deleted successfully.

c:\arquivos de programas\filesystem\winhelp.exe (Trojan.Banker) -> Quarantined and deleted successfully.

c:\Windows\system32\FileRum.exe (Trojan.Banker) -> Quarantined and deleted successfully.

c:\documents and settings\bel e bia\dados de aplicativos\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\dados de aplicativos\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

c:\Windows\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\bel e bia\configurações locais\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\configurações locais\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\bel e bia\configurações locais\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\configurações locais\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\bel e bia\configurações locais\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\configurações locais\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\bel e bia\configurações locais\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\configurações locais\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

c:\documents and settings\bel e bia\configurações locais\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Raphael\configurações locais\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\system32\qwdijxxixojdxf.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Relatorio.txt

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefe....org/bankerfix/

-------------------------------------------------------

Data: 2011-02-15 - 00:07

-------------------------------------------------------

Lista de Definição: 2010-12-25-1 | CORE: 2010-12-28-6

=======================================================

Arquivo infectado detectado: C:\DOCUME~1\Raphael\CONFIG~1\Temp\6.tmp

Arquivo infectado removido com sucesso!

----- Fim -------------------------

um novo Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:24:13, on 15/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\nvsvc32.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wscntfy.exe

C:\Windows\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2567694

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--

End of file - 8289 bytes

Aguardo novas instruções...

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, desculpe pela demora.

este é o relatório do combofix:

ComboFix 11-02-15.01 - Raphael 15/02/2011 21:00:25.1.3 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1656 [GMT -2:00]

Executando de: c:\documents and settings\Raphael\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\AutocompletePro

c:\arquivos de programas\AutocompletePro\AcRemoteUpdate.exe

c:\arquivos de programas\AutocompletePro\AutocompletePro.dll

c:\arquivos de programas\AutocompletePro\InstTracker.exe

c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome.manifest

c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul

c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\options.js

c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\options.xul

c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\utils.js

c:\arquivos de programas\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js

c:\arquivos de programas\AutocompletePro\support@predictad.com\install.rdf

c:\arquivos de programas\AutocompletePro\TaskScheduler.dll

c:\arquivos de programas\AutocompletePro\unins000.dat

c:\arquivos de programas\AutocompletePro\unins000.exe

c:\arquivos de programas\facemoods.com

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.2\facemoods.crx

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.2\facemoods.png

c:\arquivos de programas\FileSystem

c:\arquivos de programas\FileSystem\ntwdblib.dll

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\z.xml

C:\MDXX2010.tmp

c:\Windows\system32\firefox

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))

.

2011-02-15 04:50 . 2010-12-20 20:09 38224 ----a-w- c:\Windows\system32\drivers\mbamswissarmy.sys

2011-02-15 04:50 . 2011-02-15 04:50 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-02-15 04:50 . 2010-12-20 20:08 20952 ----a-w- c:\Windows\system32\drivers\mbam.sys

2011-02-15 04:49 . 2011-02-15 04:50 -------- d-----w- C:\LinhaDefensiva

2011-02-15 04:08 . 2011-02-15 04:08 -------- d-----w- C:\$AVG

2011-02-15 03:48 . 2011-02-15 03:48 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\AVG10

2011-02-15 03:48 . 2011-02-15 03:48 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\Common Files

2011-02-15 03:47 . 2011-02-15 22:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG10

2011-02-15 03:29 . 2011-02-15 05:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

2011-02-15 02:09 . 2011-02-15 02:09 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Malwarebytes

2011-02-15 02:09 . 2011-02-15 02:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-02-12 01:11 . 2011-02-12 01:11 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\GlarySoft

2011-02-12 01:07 . 2011-02-12 01:07 -------- d-----w- c:\arquivos de programas\Glary Utilities

2011-02-11 23:07 . 2011-02-11 23:07 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2011-02-11 21:21 . 2011-02-11 21:21 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\IObit

2011-02-11 21:21 . 2011-02-11 21:21 -------- d-----w- c:\arquivos de programas\IObit

2011-02-10 19:40 . 2011-02-15 04:08 -------- d-----w- C:\Adobe

2011-02-10 01:06 . 2008-04-13 21:20 219648 ----a-w- c:\Windows\system32\uxtheme.uxtender

2011-02-10 01:01 . 2011-02-10 01:01 -------- d-----w- c:\Windows\system32\wbem\Repository

2011-02-10 00:53 . 2008-04-13 21:20 219648 ----a-w- c:\Windows\system32\uxtheme.dll.backup

2011-02-10 00:32 . 2011-02-10 01:00 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Real Desktop

2011-02-10 00:31 . 2011-02-10 01:00 -------- d-----w- c:\arquivos de programas\Real Desktop

2011-02-08 21:26 . 2011-02-08 21:26 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 4.0 Beta 11

2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MessengerDiscovery 2

2011-02-07 14:13 . 2011-02-15 17:31 -------- d-----w- c:\documents and settings\Bel e Bia

2011-02-05 03:40 . 2011-02-05 03:40 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\Nero

2011-02-04 23:59 . 2011-02-04 23:59 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Nero

2011-02-04 21:30 . 2011-02-04 21:30 -------- d-----w- c:\arquivos de programas\Windows Sidebar

2011-02-04 21:21 . 2011-02-04 21:31 -------- d-----w- c:\arquivos de programas\Nero

2011-02-04 21:21 . 2011-02-04 21:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2011-02-04 21:21 . 2011-02-04 21:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2011-02-03 04:18 . 2011-02-03 04:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon

2011-02-03 01:42 . 2011-02-13 22:39 -------- d-----w- C:\Nexon

2011-02-02 23:57 . 2011-02-03 04:28 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\PMB Files

2011-02-02 23:57 . 2011-02-03 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files

2011-02-02 23:56 . 2011-02-02 23:56 -------- d-----w- c:\arquivos de programas\Pando Networks

2011-02-02 22:10 . 2011-02-15 22:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai

2011-02-02 22:08 . 2011-02-02 22:26 -------- d-----w- c:\arquivos de programas\History Channel Games

2011-02-01 01:27 . 2011-02-01 01:27 83765096 ----a-w- c:\arquivos de programas\Arquivos comuns\Windows Live\.cache\wlcD.tmp

2011-01-31 23:54 . 2011-01-31 23:54 -------- d--h--r- c:\documents and settings\All Users\Dados de aplicativos\Atheros

2011-01-31 23:54 . 2010-01-05 11:31 1714176 ----a-r- c:\Windows\system32\drivers\athuw.sys

2011-01-31 23:54 . 2010-01-05 05:31 1714176 ----a-r- c:\Windows\system32\athuw.sys

2011-01-31 23:53 . 2011-01-31 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK

2011-01-29 21:31 . 2011-01-29 21:32 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\ConduitEngine

2011-01-29 21:31 . 2011-01-29 21:31 0 ----a-w- c:\Windows\system32\ConduitEngine.tmp

2011-01-29 21:30 . 2011-01-29 21:30 -------- d-sh--w- c:\documents and settings\Raphael\IECompatCache

2011-01-29 21:22 . 2011-01-29 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-01-29 21:18 . 2007-11-05 09:02 215040 ----a-r- c:\Windows\system32\drivers\RTL8187B.sys

2011-01-29 19:39 . 2011-01-29 19:39 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\The Music Producer

2011-01-29 19:38 . 2011-01-29 19:38 -------- d-----w- c:\arquivos de programas\The Music Producer

2011-01-25 01:16 . 2011-01-25 01:16 -------- d-----w- c:\arquivos de programas\Digiarty

2011-01-23 22:04 . 2004-10-22 04:18 749568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-01-23 22:04 . 2004-10-22 04:17 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-01-23 22:04 . 2004-10-22 04:17 274432 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-01-23 22:04 . 2004-10-22 04:16 180224 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-01-23 22:04 . 2011-01-23 22:04 323716 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-01-23 22:04 . 2011-01-23 22:04 192644 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2011-01-23 20:31 . 2011-01-23 20:31 -------- d-----w- c:\Windows\San Andreas Mod Installer

2011-01-22 18:06 . 2011-01-29 21:31 -------- d-----w- c:\arquivos de programas\ConduitEngine

2011-01-22 18:06 . 2011-01-22 20:04 -------- d-----w- c:\arquivos de programas\Softonic_Brasil

2011-01-22 16:32 . 2011-01-22 16:32 98304 ----a-w- c:\Windows\system32\CmdLineExt.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-10 01:06 . 2004-08-04 03:45 219648 ----a-w- c:\Windows\system32\uxtheme.dll

2011-01-04 01:00 . 2011-01-04 01:00 223128 ----a-w- c:\Windows\system32\drivers\dtscsi.sys

2011-01-04 00:58 . 2011-01-04 00:58 96384 ----a-w- c:\Windows\system32\drivers\sptd5741.sys

2011-01-04 00:58 . 2011-01-04 00:58 664064 ----a-w- c:\Windows\system32\drivers\sptd.sys

2010-11-18 18:15 . 2010-04-18 03:31 86016 ----a-w- c:\Windows\system32\isign32.dll

2010-02-10 14:18 . 2010-05-01 02:41 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\arquivos de programas\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-10-18 10:26 3908192 ----a-w- c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

2009-03-08 16:28 2079256 ----a-w- c:\arquivos de programas\AresTube2\tbAres.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

2010-04-15 15:33 2515552 ----a-w- c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{DBBE01D1-5A24-48DB-AE99-BD025B80B9E7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]

"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-05-10 202256]

"NvMediaCenter"="c:\Windows\system32\NvMcTray.dll" [2009-09-27 86016]

"NvCplDaemon"="c:\Windows\system32\NvCpl.dll" [2009-09-27 13918208]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\currentversion\run-disabled]

"HKLM"=c:\Windows\system32\firefox\explorer.exe

"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

"Alcmtr"=ALCMTR.EXE

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\History Channel Games\\Kuma.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57438:TCP"= 57438:TCP:Pando Media Booster

"57438:UDP"= 57438:UDP:Pando Media Booster

"1072:TCP"= 1072:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\Windows\System32\svchost.exe -k Akamai [4/8/2004 01:45 14336]

R3 AR9271;Wireless Network Adapter Service;c:\Windows\system32\drivers\athuw.sys [31/1/2011 21:54 1714176]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\Windows\system32\drivers\nvhda32.sys [18/4/2010 02:29 57248]

S0 actusb;ACtUsb;c:\Windows\system32\drivers\actusb.sys --> c:\Windows\system32\drivers\actusb.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/4/2010 20:23 136176]

S3 EagleXNt;EagleXNt;\??\c:\Windows\system32\drivers\EagleXNt.sys --> c:\Windows\system32\drivers\EagleXNt.sys [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\Windows\system32\drivers\RTL8187B.sys [29/1/2011 19:18 215040]

S4 sptd;sptd;c:\Windows\system32\drivers\sptd.sys [3/1/2011 22:58 664064]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-02-15 c:\Windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2011-02-12 16:13]

2011-02-15 c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-22 22:22]

2011-02-15 c:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-22 22:22]

2011-02-15 c:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-746137067-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-746137067-725345543-1006.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-746137067-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-746137067-725345543-1006.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-14 c:\Windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-02-11 20:08]

2011-02-15 c:\Windows\Tasks\User_Feed_Synchronization-{305AE983-EC1C-4ADA-9342-01A0B965E565}.job

- c:\Windows\system32\msfeedssync.exe [2009-03-08 06:31]

2011-02-15 c:\Windows\Tasks\WGASetup.job

- c:\Windows\system32\KB905474\wgasetup.exe [2010-04-21 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2567694

uInternet Settings,ProxyOverride = local

IE: Download all by FlashGet3 - c:\documents and settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\documents and settings\Raphael\Dados de aplicativos\Mozilla\Firefox\Profiles\dw4noc1m.default\

.

.

------- Associação de arquivos/ficheiros -------

.

.scr=AutoCADScriptFile

.

- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-AutocompletePro2_is1 - c:\arquivos de programas\AutocompletePro\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-15 21:03

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_dbc0250.dll"

.

Tempo para conclusão: 2011-02-15 21:04:24

ComboFix-quarantined-files.txt 2011-02-15 23:04

Pré-execução: 15 pasta(s) 134.812.688.384 bytes disponíveis

Pós execução: 20 pasta(s) 134.944.845.824 bytes disponíveis

- - End Of File - - AB0665EE03C70FED18A19F1572EAB8A3

e esse é o do hijack atual:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:09:37, on 15/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\nvsvc32.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2567694

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--

End of file - 7816 bytes

PS.: Ainda não habilitei o antivírus... quando posso faze-lo?

Ah! Existem duas contas de usuário no meu PC, preciso repetir o processo nas duas contas?

Obrigado

Editado por Lycurgus

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale os Programas......

Messenger_Plus_Live_Brazil

ConduitEngine

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×