[Resolvido]Autorun.inf

[tiagolimp]

Olá a todos. Tenho um Autorun.inf em C: e um em D: que são os meus dois discos do pc. Não consigo remove-los, alguém me pode ajudar?

Obrigado desde já.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:12:00, on 20-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\NetProject\scit.exe

C:\Programas\NetProject\sbmntr.exe

C:\Programas\NetProject\scm.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\NetProject\sbsm.exe

C:\Programas\Portrait Displays\HP My Display\DTHtml.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\HookManager.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe

C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\Programas\OpenOffice.org 2.3\program\soffice.exe

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programas\OpenOffice.org 2.3\program\soffice.BIN

C:\Programas\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Programas\NetProject\sbsm.exe

C:\Programas\NetProject\sbsm.exe

C:\Programas\NetProject\sbsm.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programas\Windows Media Player\wmplayer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Programas\NetProject\sbmdl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Programas\NetProject\wamdl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programas\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Programas\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programas\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programas\NetProject\sbmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programas\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910501539

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910492054

O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 8928 bytes

[JackSSA]

Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
2. Tecle Y para que a ferramenta inicie o processo de remoção
3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
5. Uma janela com o relatório do SDFix irá aparecer.
6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

[tiagolimp]

Boas, já fiz o exame, mas tenho uma duvida. Tenho de fazer o mesmo para o disco D: ? porque o tal ficheiro autorun.inf tambem se encontrava no d: .

Abaixo seguem os dois relatorios:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:49, on 22-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\Portrait Displays\HP My Display\DTHtml.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\HookManager.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe

C:\Programas\OpenOffice.org 2.3\program\soffice.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programas\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Programas\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programas\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Programas\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programas\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910501539

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910492054

O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7771 bytes

-------------------------------------------------------------------------------------------------------------

SDFix: Version 1.173

Run by Tiago on 22-04-2008 at 15:23

Microsoft Windows XP [VersÆo 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default IE HomePage

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\BUBBJ.DLL - Deleted

C:\Documents and Settings\All Users\Menu Iniciar\Online Security Guide.url - Deleted

C:\Documents and Settings\All Users\Menu Iniciar\Security Troubleshooting.url - Deleted

C:\Programas\NetProject\ot.ico - Deleted

C:\Programas\NetProject\sbmdl.dll - Deleted

C:\Programas\NetProject\sbmntr.exe - Deleted

C:\Programas\NetProject\sbsm.exe - Deleted

C:\Programas\NetProject\sbun.exe - Deleted

C:\Programas\NetProject\scit.exe - Deleted

C:\Programas\NetProject\scm.exe - Deleted

C:\Programas\NetProject\scu.exe - Deleted

C:\Programas\NetProject\ts.ico - Deleted

C:\Programas\NetProject\wamdl.dll - Deleted

C:\Programas\NetProject\waun.exe - Deleted

C:\DOCUME~1\Tiago\DEFINI~1\Temp\zfe2.exe - Deleted

C:\DOCUME~1\Tiago\DEFINI~1\Temp\zfe4.exe - Deleted

Folder C:\Programas\NetProject - Removed

Folder C:\WINDOWS\system32\892267 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 15:25:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programas\\Grisoft\\AVG Free\\avginet.exe"="C:\\Programas\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Programas\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Programas\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Programas\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Programas\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Programas\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Programas\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Programas\\Tiago\\Jogos\\Diablo II\\Diablo II.exe"="C:\\Programas\\Tiago\\Jogos\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"

"C:\\Programas\\Ficheiros comuns\\Nero\\Nero Web\\SetupX.exe"="C:\\Programas\\Ficheiros comuns\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\\Programas\\Tiago\\Jogos\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Programas\\Tiago\\Jogos\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\\Programas\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"="C:\\Programas\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"

"C:\\Programas\\Microsoft Games\\Version 1.0\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Programas\\Microsoft Games\\Version 1.0\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\\Programas\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Programas\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\\Programas\\Tiago\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"="C:\\Programas\\Tiago\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe:*:Enabled:Age of Empires II Expansion"

"C:\\Programas\\Microsoft Games\\versao com patch\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Programas\\Microsoft Games\\versao com patch\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\\Programas\\mIRC\\mirc.exe"="C:\\Programas\\mIRC\\mirc.exe:*:Enabled:mIRC"

"C:\\Programas\\Microsoft Games\\versao com patch\\Age of Empires II\\EMPIRES2.EXE"="C:\\Programas\\Microsoft Games\\versao com patch\\Age of Empires II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"

"C:\\Programas\\Microsoft Games\\age of kings\\OldAOC\\AGE2tc_oldversion.exe"="C:\\Programas\\Microsoft Games\\age of kings\\OldAOC\\AGE2tc_oldversion.exe:*:Enabled:Age of Empires II Expansion"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 17 Apr 2008 857 ...HR --- "C:\Documents and Settings\Tiago\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

[JackSSA]

Baixe o ComboFix e salve no desktop.

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[tiagolimp]

[JackSSA]

Delete o log ComboFix.txt localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::

C:\WINDOWS\bnetunin.exe

C:\WINDOWS\diabunin.exe

F:\Knight.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12a0ffa9-dee7-11dc-93c5-001d601a8752}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12a0ffaa-dee7-11dc-93c5-001d601a8752}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8820a96b-de5e-11dc-93c4-001d601a8752}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8820a96b-de5e-11dc-93c4-001d601a8752}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste o novo Log ComboFix.txt à sua resposta.

Poste também um novo Log do Hijackthis.

[tiagolimp]

[JackSSA]

Crie uma pasta com o nome de AntiKnight.

Baixe: http://www.plusexpert.cl/download/AntiKnight.rar e extraia os seus arquivos para a pasta criada anteiormente.

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

Entre na pasta AntiKnight e dê um duplo-clique no ícone do AntiKnight.

Clique em Buscar y Reparar. Aguarde terminar.

[tiagolimp]

Boa noite, de facto tinha uma pendrive com o Knight. O programa disse que foi eliminado quer o da pen, quer o do pc.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:08:06, on 25-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\Portrait Displays\HP My Display\DTHtml.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Portrait Displays\Shared\HookManager.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe

C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE

C:\Programas\OpenOffice.org 2.3\program\soffice.exe

C:\Programas\OpenOffice.org 2.3\program\soffice.BIN

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programas\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DT HPW] C:\Programas\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Programas\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programas\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910501539

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199910492054

O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programas\Ficheiros comuns\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 8069 bytes

[JackSSA]

Clique em Iniciar -> Executar -> digite ComboFix.exe /u -> Ok.

Aguarde a deinstalação.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Seu Log está limpo. Ainda há algum problema com o PC?

[tiagolimp]

Certissimo, muito obrigado por tudo, restam-me apenas 2 duvidas:

A unidade D: tambem estara limpa? eu fiz todos estes procedimentos na unidade C: ou os programas tambem actuaram para o disco D: ?

Por ultimo, gostaria de lhe pedir um conselho sobre programas que ache importante ter instalados (anti-virus, firewalls, etc) por forma a prevenir virus, trojans, etc?

Muito obrigado por tudo

[JackSSA]

A unidade D: tambem estara limpa? eu fiz todos estes procedimentos na unidade C: ou os programas tambem actuaram para o disco D: ?

A remoção abrange todas as unidades.

Por ultimo, gostaria de lhe pedir um conselho sobre programas que ache importante ter instalados (anti-virus, firewalls, etc) por forma a prevenir virus, trojans, etc?

Vide:

http://linhadefensiva.uol.com.br/artigos/proteja-seu-pc/

[JackSSA]

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.