Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

Meu PC não desliga pelo menu iniciar

Criado por Lycurgus, Feb 14 2011 07:50 PM

Faça login para responder

6 respostas neste tópico

#1 Lycurgus

Participante
8 mensagens

Publicado 14 February 2011 - 07:50 PM

Ola galera!
Meu PC não desliga pelo menu iniciar, para desativa-lo tenho que trocar de usuário e então faze-lo.
Ja pesquisei sobre isso e ja tentei varios programas de correção, ja tentei desativar todos os programas em uso antes de desliga-lo, mas mesmo assim ele não responde.

Esse é o diagnóstico do Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:10, on 14/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Arquivos de programas\FileSystem\aboutblank.exe
C:\Windows\System32\svchost.exe
C:\Windows\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Arquivos de programas\FileSystem\winhelp.exe
C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Windows\system32\rundll32.exe
E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2567694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [FileRum.exe] C:\Windows\system32\FileRum.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\firefox\explorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\firefox\explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\firefox\explorer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\firefox\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--
End of file - 10278 bytes

Obigado, me ajudem por favor.

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59646 mensagens

Publicado 14 February 2011 - 08:52 PM

Desinstale o COMODO Internet Security..
Reinicie....

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Dê um duplo-clique em bankerfix.exe . Dê Enter.
O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.
Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar
Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + o Relatorio.txt que encontrará em C:\LinhaDefensiva + um novo Log do HijackThis .
Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus..

Ir para o topo

#3 Lycurgus

Participante
8 mensagens

Publicado 14 February 2011 - 11:33 PM

Bom ai segue o pedido:

Log do MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versão da Base de Dados: 5765

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/2/2011 00:17:26
mbam-log-2011-02-15 (00-17-26).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 153449
Tempo decorrido: 2 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 2
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 2
Valores de Registro Infectados: 6
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 1
Arquivos Infectados: 19

Processos de Memória Infectados:
c:\arquivos de programas\filesystem\aboutblank.exe (Trojan.Banker) -> 3944 -> Unloaded process successfully.
c:\arquivos de programas\filesystem\winhelp.exe (Trojan.Banker) -> 2136 -> Unloaded process successfully.

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.Bot) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.Bot) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FileRum.exe (Trojan.Banker) -> Value: FileRum.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
c:\arquivos de programas\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.

Arquivos Infectados:
c:\Windows\system32\firefox\explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\arquivos de programas\filesystem\aboutblank.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\arquivos de programas\filesystem\filerum.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\arquivos de programas\filesystem\winhelp.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Windows\system32\FileRum.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\bel e bia\dados de aplicativos\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\dados de aplicativos\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Windows\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\bel e bia\configurações locais\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\configurações locais\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\bel e bia\configurações locais\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\configurações locais\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\bel e bia\configurações locais\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\configurações locais\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\bel e bia\configurações locais\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\configurações locais\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
c:\documents and settings\bel e bia\configurações locais\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Raphael\configurações locais\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\system32\qwdijxxixojdxf.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Relatorio.txt

BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2011-02-15 - 00:07
-------------------------------------------------------
Lista de Definição: 2010-12-25-1 | CORE: 2010-12-28-6
=======================================================

Arquivo infectado detectado: C:\DOCUME~1\Raphael\CONFIG~1\Temp\6.tmp
Arquivo infectado removido com sucesso!

----- Fim -------------------------

um novo Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:24:13, on 15/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE
E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2567694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--
End of file - 8289 bytes

Aguardo novas instruções...

Editado por Mr.Million, 15 February 2011 - 09:54 AM.

Ir para o topo

#4 Mr.Million

Consumer Security MVP

Especialista
59646 mensagens

Publicado 15 February 2011 - 09:55 AM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#5 Lycurgus

Participante
8 mensagens

Publicado 15 February 2011 - 08:13 PM

Bom, desculpe pela demora.

este é o relatório do combofix:

ComboFix 11-02-15.01 - Raphael 15/02/2011 21:00:25.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1656 [GMT -2:00]
Executando de: c:\documents and settings\Raphael\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\AutocompletePro
c:\arquivos de programas\AutocompletePro\AcRemoteUpdate.exe
c:\arquivos de programas\AutocompletePro\AutocompletePro.dll
c:\arquivos de programas\AutocompletePro\InstTracker.exe
c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome.manifest
c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\arquivos de programas\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\arquivos de programas\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\arquivos de programas\AutocompletePro\support@predictad.com\install.rdf
c:\arquivos de programas\AutocompletePro\TaskScheduler.dll
c:\arquivos de programas\AutocompletePro\unins000.dat
c:\arquivos de programas\AutocompletePro\unins000.exe
c:\arquivos de programas\facemoods.com
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.2\facemoods.crx
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.2\facemoods.png
c:\arquivos de programas\FileSystem
c:\arquivos de programas\FileSystem\ntwdblib.dll
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Bel e Bia\Dados de aplicativos\PriceGong\Data\z.xml
C:\MDXX2010.tmp
c:\Windows\system32\firefox

.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))
.

2011-02-15 04:50 . 2010-12-20 20:09 38224 ----a-w- c:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-15 04:50 . 2011-02-15 04:50 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2011-02-15 04:50 . 2010-12-20 20:08 20952 ----a-w- c:\Windows\system32\drivers\mbam.sys
2011-02-15 04:49 . 2011-02-15 04:50 -------- d-----w- C:\LinhaDefensiva
2011-02-15 04:08 . 2011-02-15 04:08 -------- d-----w- C:\$AVG
2011-02-15 03:48 . 2011-02-15 03:48 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\AVG10
2011-02-15 03:48 . 2011-02-15 03:48 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\Common Files
2011-02-15 03:47 . 2011-02-15 22:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG10
2011-02-15 03:29 . 2011-02-15 05:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData
2011-02-15 02:09 . 2011-02-15 02:09 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Malwarebytes
2011-02-15 02:09 . 2011-02-15 02:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2011-02-12 01:11 . 2011-02-12 01:11 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\GlarySoft
2011-02-12 01:07 . 2011-02-12 01:07 -------- d-----w- c:\arquivos de programas\Glary Utilities
2011-02-11 23:07 . 2011-02-11 23:07 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2011-02-11 21:21 . 2011-02-11 21:21 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\IObit
2011-02-11 21:21 . 2011-02-11 21:21 -------- d-----w- c:\arquivos de programas\IObit
2011-02-10 19:40 . 2011-02-15 04:08 -------- d-----w- C:\Adobe
2011-02-10 01:06 . 2008-04-13 21:20 219648 ----a-w- c:\Windows\system32\uxtheme.uxtender
2011-02-10 01:01 . 2011-02-10 01:01 -------- d-----w- c:\Windows\system32\wbem\Repository
2011-02-10 00:53 . 2008-04-13 21:20 219648 ----a-w- c:\Windows\system32\uxtheme.dll.backup
2011-02-10 00:32 . 2011-02-10 01:00 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Real Desktop
2011-02-10 00:31 . 2011-02-10 01:00 -------- d-----w- c:\arquivos de programas\Real Desktop
2011-02-08 21:26 . 2011-02-08 21:26 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 4.0 Beta 11
2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MessengerDiscovery 2
2011-02-07 14:13 . 2011-02-15 17:31 -------- d-----w- c:\documents and settings\Bel e Bia
2011-02-05 03:40 . 2011-02-05 03:40 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\Nero
2011-02-04 23:59 . 2011-02-04 23:59 -------- d-----w- c:\documents and settings\Raphael\Dados de aplicativos\Nero
2011-02-04 21:30 . 2011-02-04 21:30 -------- d-----w- c:\arquivos de programas\Windows Sidebar
2011-02-04 21:21 . 2011-02-04 21:31 -------- d-----w- c:\arquivos de programas\Nero
2011-02-04 21:21 . 2011-02-04 21:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero
2011-02-04 21:21 . 2011-02-04 21:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2011-02-03 04:18 . 2011-02-03 04:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon
2011-02-03 01:42 . 2011-02-13 22:39 -------- d-----w- C:\Nexon
2011-02-02 23:57 . 2011-02-03 04:28 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\PMB Files
2011-02-02 23:57 . 2011-02-03 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files
2011-02-02 23:56 . 2011-02-02 23:56 -------- d-----w- c:\arquivos de programas\Pando Networks
2011-02-02 22:10 . 2011-02-15 22:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai
2011-02-02 22:08 . 2011-02-02 22:26 -------- d-----w- c:\arquivos de programas\History Channel Games
2011-02-01 01:27 . 2011-02-01 01:27 83765096 ----a-w- c:\arquivos de programas\Arquivos comuns\Windows Live\.cache\wlcD.tmp
2011-01-31 23:54 . 2011-01-31 23:54 -------- d--h--r- c:\documents and settings\All Users\Dados de aplicativos\Atheros
2011-01-31 23:54 . 2010-01-05 11:31 1714176 ----a-r- c:\Windows\system32\drivers\athuw.sys
2011-01-31 23:54 . 2010-01-05 05:31 1714176 ----a-r- c:\Windows\system32\athuw.sys
2011-01-31 23:53 . 2011-01-31 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK
2011-01-29 21:31 . 2011-01-29 21:32 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\ConduitEngine
2011-01-29 21:31 . 2011-01-29 21:31 0 ----a-w- c:\Windows\system32\ConduitEngine.tmp
2011-01-29 21:30 . 2011-01-29 21:30 -------- d-sh--w- c:\documents and settings\Raphael\IECompatCache
2011-01-29 21:22 . 2011-01-29 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-29 21:18 . 2007-11-05 09:02 215040 ----a-r- c:\Windows\system32\drivers\RTL8187B.sys
2011-01-29 19:39 . 2011-01-29 19:39 -------- d-----w- c:\documents and settings\Raphael\Configurações locais\Dados de aplicativos\The Music Producer
2011-01-29 19:38 . 2011-01-29 19:38 -------- d-----w- c:\arquivos de programas\The Music Producer
2011-01-25 01:16 . 2011-01-25 01:16 -------- d-----w- c:\arquivos de programas\Digiarty
2011-01-23 22:04 . 2004-10-22 04:18 749568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-01-23 22:04 . 2004-10-22 04:17 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-01-23 22:04 . 2004-10-22 04:17 274432 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-01-23 22:04 . 2004-10-22 04:16 180224 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-01-23 22:04 . 2011-01-23 22:04 323716 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-01-23 22:04 . 2011-01-23 22:04 192644 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-01-23 20:31 . 2011-01-23 20:31 -------- d-----w- c:\Windows\San Andreas Mod Installer
2011-01-22 18:06 . 2011-01-29 21:31 -------- d-----w- c:\arquivos de programas\ConduitEngine
2011-01-22 18:06 . 2011-01-22 20:04 -------- d-----w- c:\arquivos de programas\Softonic_Brasil
2011-01-22 16:32 . 2011-01-22 16:32 98304 ----a-w- c:\Windows\system32\CmdLineExt.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 01:06 . 2004-08-04 03:45 219648 ----a-w- c:\Windows\system32\uxtheme.dll
2011-01-04 01:00 . 2011-01-04 01:00 223128 ----a-w- c:\Windows\system32\drivers\dtscsi.sys
2011-01-04 00:58 . 2011-01-04 00:58 96384 ----a-w- c:\Windows\system32\drivers\sptd5741.sys
2011-01-04 00:58 . 2011-01-04 00:58 664064 ----a-w- c:\Windows\system32\drivers\sptd.sys
2010-11-18 18:15 . 2010-04-18 03:31 86016 ----a-w- c:\Windows\system32\isign32.dll
2010-02-10 14:18 . 2010-05-01 02:41 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\arquivos de programas\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]
2009-03-08 16:28 2079256 ----a-w- c:\arquivos de programas\AresTube2\tbAres.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
2010-04-15 15:33 2515552 ----a-w- c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DBBE01D1-5A24-48DB-AE99-BD025B80B9E7}"= "c:\arquivos de programas\AresTube2\tbAres.dll" [2009-03-08 2079256]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{dbbe01d1-5a24-48db-ae99-bd025b80b9e7}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-05-10 202256]
"NvMediaCenter"="c:\Windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\Windows\system32\NvCpl.dll" [2009-09-27 13918208]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\currentversion\run-disabled]
"HKLM"=c:\Windows\system32\firefox\explorer.exe
"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
"Alcmtr"=ALCMTR.EXE
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\History Channel Games\\Kuma.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57438:TCP"= 57438:TCP:Pando Media Booster
"57438:UDP"= 57438:UDP:Pando Media Booster
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\Windows\System32\svchost.exe -k Akamai [4/8/2004 01:45 14336]
R3 AR9271;Wireless Network Adapter Service;c:\Windows\system32\drivers\athuw.sys [31/1/2011 21:54 1714176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\Windows\system32\drivers\nvhda32.sys [18/4/2010 02:29 57248]
S0 actusb;ACtUsb;c:\Windows\system32\drivers\actusb.sys --> c:\Windows\system32\drivers\actusb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/4/2010 20:23 136176]
S3 EagleXNt;EagleXNt;\??\c:\Windows\system32\drivers\EagleXNt.sys --> c:\Windows\system32\drivers\EagleXNt.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\Windows\system32\drivers\RTL8187B.sys [29/1/2011 19:18 215040]
S4 sptd;sptd;c:\Windows\system32\drivers\sptd.sys [3/1/2011 22:58 664064]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'

2011-02-15 c:\Windows\Tasks\GlaryInitialize.job
- c:\arquivos de programas\Glary Utilities\initialize.exe [2011-02-12 16:13]

2011-02-15 c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-22 22:22]

2011-02-15 c:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-22 22:22]

2011-02-15 c:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-746137067-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-746137067-725345543-1006.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-746137067-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-15 c:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-746137067-725345543-1006.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

2011-02-14 c:\Windows\Tasks\SmartDefrag.job
- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-02-11 20:08]

2011-02-15 c:\Windows\Tasks\User_Feed_Synchronization-{305AE983-EC1C-4ADA-9342-01A0B965E565}.job
- c:\Windows\system32\msfeedssync.exe [2009-03-08 06:31]

2011-02-15 c:\Windows\Tasks\WGASetup.job
- c:\Windows\system32\KB905474\wgasetup.exe [2010-04-21 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2567694
uInternet Settings,ProxyOverride = local
IE: Download all by FlashGet3 - c:\documents and settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Raphael\Dados de aplicativos\Mozilla\Firefox\Profiles\dw4noc1m.default\
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AutocompletePro2_is1 - c:\arquivos de programas\AutocompletePro\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 21:03
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_dbc0250.dll"
.
Tempo para conclusão: 2011-02-15 21:04:24
ComboFix-quarantined-files.txt 2011-02-15 23:04

Pré-execução: 15 pasta(s) 134.812.688.384 bytes disponíveis
Pós execução: 20 pasta(s) 134.944.845.824 bytes disponíveis

- - End Of File - - AB0665EE03C70FED18A19F1572EAB8A3

e esse é o do hijack atual:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:37, on 15/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE
E:\BACK UP\correção de erros\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2567694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Arquivos de programas\AutocompletePro\AutocompletePro.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Arquivos de programas\AresTube2\tbAres.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Raphael\Dados de aplicativos\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

--
End of file - 7816 bytes

PS.: Ainda não habilitei o antivírus... quando posso faze-lo?

Ah! Existem duas contas de usuário no meu PC, preciso repetir o processo nas duas contas?

Obrigado

Editado por Lycurgus, 15 February 2011 - 08:16 PM.

Ir para o topo

#6 Mr.Million

Consumer Security MVP

Especialista
59646 mensagens

Publicado 15 February 2011 - 08:46 PM

Desinstale os Programas......

Messenger_Plus_Live_Brazil
ConduitEngine

Ok, o PC está limpo (Y)

Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.
Depois desmarque novamente. Aplicar > OK.

Ir para o topo

#7 Lycurgus

Participante
8 mensagens

Publicado 15 February 2011 - 09:29 PM

Muito obrigado mesmo pela ajuda!
Abraço!

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Instalei um vírus em meu PC, como tirá-lo? antivírus não detecta vírus, malware, retirar vírus 1 2	Malwares	Duanees	12 respostas 128 visualizações	há 16 min. Duanees
Meu PC está apitando! apito, apitando, barulho	Hardware e Tecnologia	Cookies	7 respostas 71 visualizações	Hoje, 04:40 PM ciro-mota
home theater em meu notebook home theater	Multimídia (Vídeo, Áudio & afins)	daemoncesar	3 respostas 86 visualizações	Hoje, 03:38 PM caze
não consigo jogar Doom no meu PC preciso de ajuda	Jogos em geral	domminic123	2 respostas 48 visualizações	Hoje, 02:20 PM domminic123
Notebook desligando	Notebooks, Tablets...	Sesshoumaru-sama	5 respostas 450 visualizações	ontem, 08:36 PM alx11

Meu PC não desliga pelo menu iniciar

Tópicos Relacionados

Fazer login