Avaliação de log

Rafael Spilki · Agosto 16, 2010

Bom dia! Pessoal, meu PC tá ficando meio lento de uns dias pra cá... como não instalei nada novo (pelo menos não nada pesado) acredito que esteja com algum virus ou malware... podem dar uma verificada no log abaixo pra mim?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:27, on 16/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\COMODO\Firewall\cfp.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Cobian Backup 9\Cobian.exe
C:\Arquivos de programas\ASUS\PC Probe II\Probe2.exe
C:\Arquivos de programas\NCH Swift Sound\VRS\vrs.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Cobian Backup 9\cbInterface.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Arquivos de programas\ASUS\AASP\1.00.17\aaCenter.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fluidez.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll
O4 - HKLM\..\Run: [igfxTray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Arquivos de programas\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Arquivos de programas\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [EPSON_UD_START] "C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
O4 - HKLM\..\Run: [VRSRun] "C:\Arquivos de programas\NCH Swift Sound\VRS\vrs.exe" /logon
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Notax\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Notax\Dados de aplicativos\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209131927078
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65AB43E9-4E23-4CB3-B76E-082A684B7497}: NameServer = 200.175.89.188,200.175.5.188
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\ctl3dv232.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O20 - Winlogon Notify: a0ad55ba982 - C:\WINDOWS\system32\ctl3dv232.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
--
End of file - 11116 bytes

Muito obrigado!

[]'s Rafael Spilki

RenatoMejias · Agosto 17, 2010

1. Faça o download do DDS e salve no desktop.

Links Alternativos

Link2

Temporariamente desative seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve os resultados e cole-os no seu tópico.

Rafael Spilki · Agosto 18, 2010

Obrigado pelo retorno Renato.

Segue:

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Notax at 8:40:27,29 on qua 18/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.114 [GMT -3:00]AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\COMODO\Firewall\cfp.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Cobian Backup 9\Cobian.exe
C:\Arquivos de programas\ASUS\PC Probe II\Probe2.exe
C:\Arquivos de programas\NCH Swift Sound\VRS\vrs.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Cobian Backup 9\cbInterface.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Arquivos de programas\ASUS\AASP\1.00.17\aaCenter.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
c:\arquivos de programas\groupmail 5\gmmailer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Arquivos de programas\GroupMail 5\GMMain.exe
c:\arquivos de programas\groupmail 5\gmsdlr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\dw\Adobe Dreamweaver CS3\dreamweaver.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe
C:\ARQUIV~1\Adobe\ADOBEF~2\Flash.exe
C:\Arquivos de programas\FileZilla FTP Client\filezilla.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Notax\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.fluidez.com.br/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\arquivos de programas\download_energy\tbDown.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\arquivos de programas\download_energy\tbDown.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\arquivos de programas\download_energy\tbDown.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\notax\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [COMODO Firewall Pro] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h
mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Cobian Backup 9] "c:\arquivos de programas\cobian backup 9\Cobian.exe"
mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h
mRun: [AsusStartupHelp] c:\arquivos de programas\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [Launch PC Probe II] "c:\arquivos de programas\asus\pc probe ii\Probe2.exe" 1
mRun: [EPSON_UD_START] "c:\arquivos de programas\epson projector\epson usb display v1.4\EMP_UD.exe" -UDCONNECT
mRun: [VRSRun] "c:\arquivos de programas\nch swift sound\vrs\vrs.exe" /logon
mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [RTHDBPL] c:\documents and settings\notax\dados de aplicativos\systemproc\lsass.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mcafee~1.lnk - c:\arquivos de programas\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209131927078
DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} - hxxps://certificacao.unibanco.com.br/VSApps/vspta3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {65AB43E9-4E23-4CB3-B76E-082A684B7497} = 200.175.89.188,200.175.5.188
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll
Notify: a0ad55ba982 - c:\windows\system32\ctl3dv232.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,c:\windows\system32\ctl3dv232.dll
se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\notax\dadosd~1\mozilla\firefox\profiles\ktbmn2mq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DownloadEnergy
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1269415&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&q=
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\GbMzhCef.dll
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8873}\components\GbMzhUni.dll
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\notax\dados de aplicativos\mozilla\firefox\profiles\ktbmn2mq.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\documents and settings\notax\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-já", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2008-11-11 45224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-5 165456]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-3-13 133064]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-3-13 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 17744]
R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-5-18 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\arquivos de programas\comodo\firewall\cmdagent.exe [2008-3-13 723632]
R2 EMP_UDSA;EMP_UDSA;c:\arquivos de programas\epson projector\epson usb display v1.4\EMP_UDSA.exe [2010-3-14 98304]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-9-1 54824]
R3 BematechClassService;Bematech Parallel Port Printer;c:\windows\system32\drivers\bemapar.sys [2007-3-26 71168]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2010-3-14 17664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-5-18 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-5-18 40384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 usbior1;USBIO Driver (usbior1.sys);c:\windows\system32\drivers\usbior1.sys [2009-5-5 19812]
=============== Created Last 30 ================
2010-08-13 17:47:39 0 d-----w- c:\arquivos de programas\ElcomSoft
2010-08-10 16:02:51 1154048 --sha-w- c:\windows\system32\16B5.tmp
2010-08-09 20:27:27 0 ---há-w- c:\documents and settings\notax\uiyunvnsvl.tmp
2010-08-09 20:23:15 24576 ----a-w- c:\windows\system32\snEUps.dll
2010-08-09 20:23:15 151552 ----a-w- c:\windows\system32\HexValidEmail.dll
2010-08-09 20:23:15 122880 ----a-w- c:\windows\system32\snEU.exe
2010-08-09 20:23:15 102400 ----a-w- c:\windows\system32\HexDns.dll
2010-08-09 20:22:11 678682 ----a-w- c:\docume~1\notax\dadosd~1\unins000.exe
2010-08-09 20:22:11 28166 ----a-w- c:\docume~1\notax\dadosd~1\unins000.dat
2010-08-09 20:22:11 0 d-----w- c:\arquivos de programas\GroupMail 5
2010-08-09 20:07:09 137728 ----a-w- c:\windows\system32\catsrvps32.dll
2010-08-09 20:03:47 817 ----a-w- c:\windows\system32\548230586
2010-08-09 20:03:37 325632 ----a-w- c:\windows\system32\comctl3232.dll
2010-08-09 20:03:23 141 ----a-w- c:\windows\system32\sl287086456
2010-08-09 20:03:23 0 d-sh--w- c:\windows\system32\SysWoW32
2010-08-09 20:03:02 203776 --sh--w- c:\windows\system32\unrar.exe
2010-08-09 20:03:02 0 d-----w- c:\windows\system32\312423133
2010-08-09 20:02:45 0 d-sh--w- c:\docume~1\notax\dadosd~1\SystemProc
2010-08-09 20:02:39 1154048 --sha-w- c:\windows\system32\15DE.tmp
2010-08-09 20:02:37 327680 ----a-w- c:\windows\system32\d3drm32.dll
2010-08-09 19:01:23 0 d-----w- C:\tmp_linkws
2010-08-09 16:09:56 349224 ----a-w- c:\windows\system32\IGThreed40.ocx
2010-08-09 16:09:56 0 d-----w- c:\arquivos de programas\Common Files
2010-08-06 20:03:44 0 d-----w- c:\arquivos de programas\Carteiro
2010-07-24 13:38:11 0 d-----w- c:\docume~1\alluse~1\dadosd~1\McAfee Security Scan
2010-07-24 13:38:06 0 d-----w- c:\arquivos de programas\McAfee Security Scan
==================== Find3M ====================
2010-07-30 18:03:30 2568 --sha-w- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-05-27 09:25:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-08-15 19:06:35 212991 ----a-w- c:\arquivos de programas\Adobe After Effects CS4 ????.pdf
2009-08-15 19:06:35 143872 ----a-w- c:\arquivos de programas\Adobe After Effects CS4 ???????.pdf
2008-08-28 18:09:48 85534 ----a-w- c:\arquivos de programas\Leggimi di Adobe After Effects CS4.pdf
2008-08-28 18:09:48 80920 ----a-w- c:\arquivos de programas\Adobe After Effects CS4 — Lisez-moi.pdf
2008-08-28 18:09:48 80508 ----a-w- c:\arquivos de programas\Adobe After Effects CS4 - Bitte lesen.pdf
2008-08-28 18:09:48 54092 ----a-w- c:\arquivos de programas\Léame de Adobe After Effects CS4.pdf
2008-08-25 02:59:50 63669 ----a-w- c:\arquivos de programas\Adobe After Effects CS4 Read Me.pdf
============= FINISH: 8:41:25,51 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2008 18:03:07
System Uptime: 17/8/2010 07:07:03 (25 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Processador Intel Pentium II | LGA 775 | 1599/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 127 GiB total, 21,598 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 3,856 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 81,653 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP582: 26/7/2010 18:38:46 - Ponto de verificação do sistema
==== Installed Programs ======================
32 Bit HP CIO Components Installer
3600_Help
3dsmax ancillary install
ACDSee 8
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color já Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files CS4
Adobe Reader 6.0.1 - Português
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
AeroFly Professional Deluxe (incl. StarFlight AddOn)
Arquivo do WinRAR
ARToolKit Marker Generator
Assistente de Conexão do Windows Live
AssistentePimacoV2_0_1
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
avast! Free Antivirus
Backburner
Blender (remove only)
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Carteiro
CCleaner
Cobian Backup 9
COMODO Firewall Pro
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CustomerResearchQFolder
CuteFTP 8 Professional
CutePDF Writer 2.8
Destinations
DeviceManagementQFolder
Discador TIM
DocProc
Download_Energy Toolbar
Dundas Software Free Products Documentation
DVD Decrypter (Remove Only)
EPSON USB Display
eSupportQFolder
EZ Screen Recorder
Fax
FBX Plugin 2006.08 for Max 9.0
Ferramenta de Carregamento do Windows Live
FileZilla Client 3.0.11.1
FlashBoot 1.4.0.157
Free Mp3 Wma Converter V 1.81
Google Chrome
GroupMail :: Business Edition
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB915865)
Hotfix para o produto Microsoft .NET Framework 2.0 (KB918842)
Hotfix para Windows XP (KB918997)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet J3600 Series
HP Smart Web Printing
HP Solution Center 8.0
HP USB Disk Storage Format Tool
HPProductAssistant
HPSSupply
ImgBurn
J3600
Java Auto Updater
Java 6 Update 20
Java 6 Update 5
JC-Email Direct Express 4.2
K-Lite Mega Codec Pack 4.7.0
lameGen 1.1.3
LemonWire
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miniaurélio
Motorola Phone Tools
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.0.6)
MSVCRT
MSXML 6.0 Parser
MultipleIEs
Nero 7 Essentials
neroxml
No-IP.com DUC (remove only)
PC Probe II
PDF Settings
PE Builder 3.1.10a
ProductContext
RamBooster
Real Alternative 1.8.0
Realtek High Definition Audio Driver
Renomear Tudo 2.0
Scan
Segoe UI
Skype™ 4.1
SolutionCenter
Sothink SWF Decompiler
SpamItBack 1.055 + Screensaver 2.1
Status
Swift 3D v5.00
Toolbox
TrayApp
Ultr@VNC Release 1.0.0 RC 20.3 - Win32
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VobSub v2.23 (Remove Only)
VRS Recording System Uninstall
WebFldrs XP
WebReg
WinAVI Video Converter 9.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
WinTimer
WinZip
WorldCast
==== End Of File ===========================

RenatoMejias · Agosto 27, 2010

Desculpe a demora.

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

Instale o programa normalmente, seguindo todas as instruções.
Uma pasta chamada Virus Removal Tool será criada no desktop.
Na tela do programa clique nas opções:
- Meu computador
- Hidden Startup objects
- Disk boot sectors
- System Memory
Clique no botão Start Scan.
Seja paciente, o scan é demorado!
Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
- Desinfection (quando possível)
- Delete
- Skip
Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
- Autoscan
- Group by result
- All Events
Expanda Autoscan clicando no sinal ao lado de +
Expanda Result: Detected.
Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
Abra o Bloco de Notas e cole (ctrl + v)
Dê um nome para o arquivo e salve numa pasta de sua preferência.
Feche o resultado clicando no botão Exit.
Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
Reinicie o computador quando for pedido.
Poste o conteúdo desse arquivo em sua próxima resposta.

OBSERVAÇÃO1:

Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

verde
:
baixo risco
amarelo
:
médio risco
vermelho
:
alto risco

Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em

Skip

.

OBSERVAÇÃO2:

Se no resultado final do scan apenas tiver

Result:

OK

, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3:

Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:

c:\

QooBox

. Caso isto aconteça escolha a opção

Skip

, pois a mesma pertence ao

ComboFix

e será removida quando o mesmo for desinstalado.

Rafael Spilki · Setembro 12, 2010

Obrigado pelo retorno Renato, e agora eu é que peço desculpas pela demora.

Tive que me programar para fazer isso porque levou muito tempo! Rsssssss...

Segue o log:

Autoscan: completed 33 minutes ago (events: 1537665, objects: 1552450, time: 12:16:25)
Result: OK (events: 1504111)
Result: Detected (events: 41)
11/9/2010 11:39:43 C:\Arquivos de programas\UltraVNC\vnchooks.dll Information
11/9/2010 11:45:04 C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\2XTBQTBR\upgrade[1].cab/upgrade.exe/data0006
11/9/2010 11:45:04 C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\ZC4HB56X\upgrade[1].cab/upgrade.exe/data0006
11/9/2010 12:05:53 C:\Documents and Settings\Notax\Configurações locais\TempImages\si1setup-142-SI1PRT1-silent.exe
11/9/2010 12:19:24 C:\Inetpub\wwwroot\efimax\bckp_20_05_09\admin\index.php
11/9/2010 15:17:15 C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\2XTBQTBR\upgrade[1].cab/upgrade.exe/data0007
11/9/2010 15:17:15 C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\ZC4HB56X\upgrade[1].cab/upgrade.exe/data0007
11/9/2010 15:52:18 C:\_backup\Backup Geral 2009-10-17 00;00;05.zip/_dados/rafa/empresarial/efi/site/migracao_16_10_09/temp/admin/index.php
11/9/2010 17:08:40 C:\_dados\programas\ps2_vfix_2005.zip/ps2_vfix.exe
11/9/2010 18:49:01 D:\_dados\rafa\emails\programas envio\setup_jcelm30_vip2.zip/setup_jcelm30_vip2.exe/data0000
11/9/2010 18:53:30 D:\_dados\rafa\empresarial\efi\bckp_locaweb_25_06_09\admin\index.php
11/9/2010 18:53:44 D:\_dados\rafa\empresarial\efi\site\bckp_29_10_09\temp\admin\index.php
11/9/2010 18:53:58 D:\_dados\rafa\empresarial\efi\site\migracao_16_10_09\temp\admin\index.php
11/9/2010 19:10:42 D:\_dados\rafa\mp3\the_corrs\the corrs - live.wma
11/9/2010 19:10:43 D:\_dados\rafa\mp3\the_corrs\the corrs - CD rip.wma
11/9/2010 20:31:07 F:\_backup\D 2010-06-15 18;44;41\_dados\rafa\emails\programas envio\setup_jcelm30_vip2.zip/setup_jcelm30_vip2.exe/data0000
11/9/2010 20:34:09 F:\_backup\D 2010-06-15 18;44;41\_dados\rafa\empresarial\efi\bckp_locaweb_25_06_09\admin\index.php
11/9/2010 20:34:16 F:\_backup\D 2010-06-15 18;44;41\_dados\rafa\empresarial\efi\site\bckp_29_10_09\temp\admin\index.php
11/9/2010 20:34:24 F:\_backup\D 2010-06-15 18;44;41\_dados\rafa\empresarial\efi\site\migracao_16_10_09\temp\admin\index.php
11/9/2010 21:03:05 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\emails\programas envio\setup_jcelm30_vip2.zip/setup_jcelm30_vip2.exe/data0000
11/9/2010 21:06:15 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\empresarial\efi\bckp_locaweb_25_06_09\admin\index.php
11/9/2010 21:06:24 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\empresarial\efi\site\bckp_29_10_09\temp\admin\index.php
11/9/2010 21:06:33 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\empresarial\efi\site\migracao_16_10_09\temp\admin\index.php
11/9/2010 21:18:52 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\mp3\the_corrs\the corrs - CD rip.wma
11/9/2010 21:18:53 F:\_backup\D 2010-08-23 18;50;06\_dados\rafa\mp3\the_corrs\the corrs - live.wma
11/9/2010 21:37:48 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\emails\programas envio\setup_jcelm30_vip2.zip/setup_jcelm30_vip2.exe/data0000
11/9/2010 21:41:19 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\empresarial\efi\bckp_locaweb_25_06_09\admin\index.php
11/9/2010 21:41:29 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\empresarial\efi\site\bckp_29_10_09\temp\admin\index.php
11/9/2010 21:41:44 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\empresarial\efi\site\migracao_16_10_09\temp\admin\index.php
11/9/2010 21:54:35 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\mp3\the_corrs\the corrs - live.wma
11/9/2010 21:54:35 F:\_backup\D 2010-09-05 12;40;14\_dados\rafa\mp3\the_corrs\the corrs - CD rip.wma
11/9/2010 22:06:54 F:\_backup\Inetpub 2010-05-03 18;56;21\wwwroot\efi\bckp_20_05_09\admin\index.php
11/9/2010 22:08:44 F:\_backup\Inetpub 2010-06-15 18;36;38\wwwroot\efi\bckp_20_05_09\admin\index.php
11/9/2010 22:10:30 F:\_backup\Inetpub 2010-07-08 18;13;38\wwwroot\efi\bckp_20_05_09\admin\index.php
11/9/2010 22:13:30 F:\_backup\Inetpub 2010-08-23 18;43;04\wwwroot\efi\bckp_20_05_09\admin\index.php
11/9/2010 22:15:44 F:\_backup\Inetpub 2010-09-05 12;31;13\wwwroot\efi\bckp_20_05_09\admin\index.php
11/9/2010 22:19:00 F:\_backup\_dados 2010-05-03 18;46;36\programas\ps2_vfix_2005.zip/ps2_vfix.exe
11/9/2010 22:25:23 F:\_backup\_dados 2010-06-15 18;21;52\programas\ps2_vfix_2005.zip/ps2_vfix.exe
11/9/2010 22:31:14 F:\_backup\_dados 2010-07-08 17;58;48\programas\ps2_vfix_2005.zip/ps2_vfix.exe
11/9/2010 22:37:32 F:\_backup\_dados 2010-08-23 18;25;57\programas\ps2_vfix_2005.zip/ps2_vfix.exe
11/9/2010 22:43:32 F:\_backup\_dados 2010-09-05 12;10;57\programas\ps2_vfix_2005.zip/ps2_vfix.exe
Result: Archive (events: 20955)
Result: Packed (events: 6298)
Result: Corrupted (events: 2)
Result: Untreated (events: 5)
Result: Deleted (events: 16)
Result: Backed up (events: 17)
Result: Moved to Quarantine (events: 19)
Result: Not processed (events: 1)
Result: Password protected (events: 6198)
Result: Task started (events: 1)
Result: Task completed (events: 1)

[]'s

RenatoMejias · Setembro 16, 2010

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

Abra o programa e clique em Executar Limpeza;
Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Feito isso veja se há alguma melhora.

Rafael Spilki · Setembro 22, 2010

Fala Renato!

Vou rodar sim!

Na real, logo depois de rodar o Kaspersky Removal Tool já notei uma boa melhora!

Agredeço sua ajuda mais uma vez!

[]'s

RenatoMejias · Setembro 25, 2010

Ok, mantenha-nos informados para fechar o caso quando resolvido.

Entrar

Avaliação de log

Pergunta

Rafael Spilki

Link para o comentário

Compartilhar em outros sites

7 respostass a esta questão

Posts Recomendados

RenatoMejias

Link para o comentário

Compartilhar em outros sites

Rafael Spilki

Link para o comentário

Compartilhar em outros sites

RenatoMejias

Link para o comentário

Compartilhar em outros sites

Rafael Spilki

Link para o comentário

Compartilhar em outros sites

RenatoMejias

Link para o comentário

Compartilhar em outros sites

Rafael Spilki

Link para o comentário

Compartilhar em outros sites

RenatoMejias

Link para o comentário

Compartilhar em outros sites

Participe da discussão

Estatísticas dos Fóruns

Navegação

Atividades