Ir para conteúdo
Entre para seguir isso  
oceanodrs

Solicito análise de log... Avast desliga o notebook

Mensagem Recomendada

Já fiz todos os procedimentos solicitados no Tópico Oficial...

O note por vezes fica lento ou não da boot no winXP. E sempre que realizar uma varredura completa com o Avast, o note se reinicia sozinho.

Segue o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:59:58, on 1/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Gilberto\Dados de aplicativos\Claro\ouc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFGuage.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFTimerD.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

O1 - Hosts: 204.3.155.224 www.bradesco.com.br

O1 - Hosts: 204.3.155.224 www.bradesco.b.br

O1 - Hosts: 204.3.155.224 bradesco.com.br

O1 - Hosts: 204.3.155.224 www.bradescoprivatebank.com.br

O1 - Hosts: 204.3.155.224 www.santander.b.br

O1 - Hosts: 204.3.155.224 www.santander.com.br

O1 - Hosts: 204.3.155.224 santander.com.br

O1 - Hosts: 204.3.155.224 www.sicredi.com.br

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Arquivos de programas\ContactKeeper\ContactKeeper.exe" /Reminder

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Arquivos de programas\Claro\UpdateDog\ouc.exe"

O4 - Startup: Samsung Auto Backup Guage.lnk = ?

O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?

O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 8848 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

Download HostsXpert

Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em "Restore Microsoft's Hosts File" e em OK.

Finalize o Programa.

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, fiz o procedimentos... seguem os logs:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.01.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Gilberto :: GILBERTO-8CB297 [administrador]

1/12/2012 21:05:46

mbam-log-2012-12-01 (21-05-46).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 204060

Tempo decorrido: 4 minuto(s), 42 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:12:26, on 1/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Gilberto\Dados de aplicativos\Claro\ouc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFGuage.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFTimerD.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Arquivos de programas\ContactKeeper\ContactKeeper.exe" /Reminder

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Arquivos de programas\Claro\UpdateDog\ouc.exe"

O4 - Startup: Samsung Auto Backup Guage.lnk = ?

O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?

O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 8045 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, seguem os logs:

ComboFix 12-12-01.02 - Gilberto 01/12/2012 22:09:00.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2399 [GMT -2:00]

Executando de: c:\documents and settings\Gilberto\Desktop\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! antivírus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Gilberto\Dados de aplicativos\cacaoweb

c:\documents and settings\Gilberto\Dados de aplicativos\cacaoweb\adstorage.db

c:\documents and settings\Gilberto\Dados de aplicativos\cacaoweb\storage.db

c:\documents and settings\Gilberto\Dados de aplicativos\inst.exe

c:\documents and settings\Gilberto\Dados de aplicativos\vso_ts_preview.xml

c:\windows\IsUn0416.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))

.

.

2012-12-01 22:59 . 2012-12-01 22:59 -------- d-----w- C:\backups

2012-12-01 14:52 . 2012-12-01 14:52 388608 ----a-w- C:\HijackThis.exe

2012-11-22 17:12 . 2012-11-22 17:12 -------- d-----w- c:\documents and settings\Gilberto\Dados de aplicativos\Claro

2012-11-22 17:07 . 2011-09-09 13:50 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2012-11-22 17:07 . 2011-09-09 13:50 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2012-11-22 17:07 . 2011-09-09 13:50 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2012-11-22 17:07 . 2011-09-09 13:50 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2012-11-22 17:07 . 2011-08-16 18:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-11-22 17:07 . 2010-09-26 20:09 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2012-11-22 17:07 . 2010-08-06 09:42 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys

2012-11-22 17:07 . 2005-05-13 18:27 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys

2012-11-22 17:07 . 2010-07-27 11:52 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2012-11-22 17:07 . 2010-03-20 14:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2012-11-22 17:06 . 2012-11-22 17:11 -------- d-----w- c:\arquivos de programas\Claro

2012-11-22 17:05 . 2012-11-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DatacardService

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-07-27 00:54 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-07-27 00:54 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2011-07-27 00:54 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-07-27 00:54 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-07-27 00:54 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2011-07-27 00:54 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2011-07-27 00:54 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-07-27 00:54 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2011-07-27 00:47 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-07-27 00:46 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-22 19:56 . 2004-08-04 03:38 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-08-04 03:45 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 21:54 . 2011-08-07 18:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-26 20:38 . 2003-03-18 23:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-09-26 20:38 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"ContactKeeper Birthday reminder"="c:\arquivos de programas\ContactKeeper\ContactKeeper.exe" [2009-10-20 876544]

"HW_OPENEYE_OUC_Claro"="c:\arquivos de programas\Claro\UpdateDog\ouc.exe" [2009-07-27 110592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PMBVolumeWatcher"="c:\arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"TkBellExe"="c:\arquivos de programas\real\realplayer\update\realsched.exe" [2012-09-26 296096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]

.

c:\documents and settings\Gilberto\Menu Iniciar\Programas\Inicializar\

Samsung Auto Backup Guage.lnk - c:\arquivos de programas\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-5-29 888832]

Samsung Auto Backup Real-Time Daemon.lnk - c:\arquivos de programas\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-5-29 77824]

Samsung Auto Backup Scheduler.lnk - c:\arquivos de programas\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-5-29 102400]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acelerador POP.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Acelerador POP.lnk

backup=c:\windows\pss\Acelerador POP.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

backup=c:\windows\pss\Utility Tray.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-20 10:20 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-09-13 14:12 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 17:57 1289000 ----a-w- c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-09 01:17 52256 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 19:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-03-15 00:01 71216 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-12-10 08:23 18063872 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

2009-02-13 10:56 53248 ----a-w- c:\windows\system32\SiSPower.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2008-06-11 21:16 1454080 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27/3/2012 19:41 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/7/2011 22:54 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/7/2011 22:54 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/7/2011 22:54 21256]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 04:18 360224]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [22/11/2012 15:07 73984]

S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe [14/3/2011 13:27 271712]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [22/11/2012 15:07 102784]

S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [22/11/2012 15:07 11136]

S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [22/11/2012 15:07 89856]

S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [22/11/2012 15:07 66688]

S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [22/11/2012 15:07 26624]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/8/2010 15:42 47360]

S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [25/1/2010 22:41 51872]

S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [25/1/2010 22:41 105216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-01 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 22:50]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-07-24 23:44]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-07-24 23:44]

.

2012-12-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1957994488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-07-27 17:27]

.

2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1957994488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-07-27 17:27]

.

2012-12-01 c:\windows\Tasks\User_Feed_Synchronization-{0B883E80-3FCB-483C-8832-8611A6635666}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

TCP: DhcpNameServer = 10.1.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

MSConfigStartUp-GrooveMonitor - c:\docume~1\Gilberto\CONFIG~1\Temp\GrooveMonitor.exe

MSConfigStartUp-POPDiscador - c:\arquivos de programas\POPDiscador\POPDiscador.exe

MSConfigStartUp-SlipStream - c:\arquivos de programas\Acelerador POP\slipcore.exe

MSConfigStartUp-USBMNGR - c:\csrss.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-01 22:14

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Tempo para conclusão: 2012-12-01 22:16:42

ComboFix-quarantined-files.txt 2012-12-02 00:16

.

Pré-execução: 12 pasta(s) 89.984.339.968 bytes disponíveis

Pós execução: 14 pasta(s) 90.501.873.664 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - D574015F9E2B3AD8B0C8764E80F815A1

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:23:59, on 1/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Gilberto\Dados de aplicativos\Claro\ouc.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFGuage.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFTimerD.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Arquivos de programas\ContactKeeper\ContactKeeper.exe" /Reminder

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Arquivos de programas\Claro\UpdateDog\ouc.exe"

O4 - Startup: Samsung Auto Backup Guage.lnk = ?

O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?

O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 6827 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Poste o Log criado + um novo Log do HijackThis..


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, seguem os logs:

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 23:37:47

# Updated 29/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Gilberto - GILBERTO-8CB297

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Gilberto\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Arquivos de programas\Claro

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Claro

Folder Deleted : C:\Documents and Settings\Gilberto\Dados de aplicativos\Claro

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\cacaoweb

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

Key Deleted : HKLM\Software\PIP

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [1012 octets] - [01/12/2012 23:37:47]

########## EOF - C:\AdwCleaner[s1].txt - [1072 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:46:08, on 1/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFGuage.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFRealTimeD.exe

C:\Arquivos de programas\Clarus\Samsung Auto Backup\ISFTimerD.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gilberto\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Arquivos de programas\ContactKeeper\ContactKeeper.exe" /Reminder

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Arquivos de programas\Claro\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Samsung Auto Backup Guage.lnk = ?

O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?

O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService\HWDeviceService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 7623 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×