Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia,
ontem à noite meu pc reiniciou umas 2 vezes e depois disso meu antivirus(AVG) não funciona mais. Tentei instalar novamente e não consegui, dá um erro dizendo q não é um arquivo win32 válido. O mesmo acontece com o Spybot e o AVG antirootkit.
Tentei usar o Hujackthis conforme o explicado e tb dá o mesmo erro. Não sei o que fazer!!
Obrigada
Evelin
Não sei se isso ajuda, mas: Log do F-secure Blacklight
04/02/08 09:34:21 [info]: BlackLight Engine 1.0.70 initialized
04/02/08 09:34:21 [info]: OS: 5.1 build 2600 (Service Pack 2)
04/02/08 09:34:25 [Note]: 7019 4
04/02/08 09:34:25 [Note]: 7005 0
04/02/08 09:34:40 [Note]: 7006 0
04/02/08 09:34:40 [Note]: 7011 1428
04/02/08 09:34:41 [Note]: 7035 0
04/02/08 09:34:44 [Note]: 7026 0
04/02/08 09:34:48 [Note]: 7026 0
04/02/08 09:34:48 [Note]: 7024 3
04/02/08 09:34:48 [info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
04/02/08 09:34:52 [Note]: FSRAW library version 1.7.1024
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Empty.txt
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Filters.xml
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\news.png
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\paint.png
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Profiles\Blank.txt
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample1.jpg
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample2.jpg
04/02/08 09:46:15 [Note]: 10002 3
04/02/08 09:46:15 [Note]: 10002 2
04/02/08 09:46:15 [Note]: 10002 2
04/02/08 09:53:38 [Note]: 10002 2
04/02/08 09:53:38 [Note]: 10002 2
04/02/08 10:00:03 [info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
04/02/08 10:00:03 [Note]: 10002 2
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\102062.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\125828.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\128312.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\136640.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\173343.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\183718.exe
04/02/08 10:00:26 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\191046.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\214125.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\218484.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\230015.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\241187.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\247921.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\254640.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\270671.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\288046.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\339140.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\348421.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\371734.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\376328.exe
04/02/08 10:00:27 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\434437.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\601171.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\632531.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\656375.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\682203.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\685734.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\691140.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\726343.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\758828.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\76312.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\775562.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\788406.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\805921.exe
04/02/08 10:00:28 [Note]: 10002 3
04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\821546.exe
04/02/08 10:00:29 [Note]: 10002 3
04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\91625.exe
04/02/08 10:00:29 [Note]: 10002 3
04/02/08 10:00:29 [Note]: 10002 2
04/02/08 10:00:29 [Note]: 10002 2
04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
04/02/08 10:00:29 [Note]: 10002 2
04/02/08 10:13:00 [Note]: 7007 0
Tentei fazer o q você pediu, mas não consegui reiniciar em modo seguro, o pc reinicou qnd estava na tela ST.. .sys.
Jà reiniciou depois disso 3 vezes.
Agora logo qnd o pc reinicia aparece uma tela: Select file to be cracked.
Socorro!! Eu estou preciso terminar de fazer um trabalho p hj.
Grata
Wed Apr 02 11:41:41 2008
EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Wed Apr 02 11:43:49 2008
EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Agora o pc reiniciou em modo de segurança.
E já consegui instalar o antivírus.
Muito obrigada!!
Wed Apr 02 13:24:27 2008
EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Wed Apr 02 13:27:59 2008
EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
Boa Noite! EvelinSF
>@< Faça o download do ComboFix.
>@< Baixe-o para o Desktop!
>@< Desabilite as proteções residente de: Antivírus,Antispywares e Firewall.
>@< Desabilite o TeaTimer,do Spybot.
>@< Feche todas as janelas e execute a ferramenta!
Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe
Ps: Nomeie durante o salvamento,e não após salvá-la!
>@< Abrirá a janela Auto Scan. Aguarde!
>@< Digite a opção para continuar e < Enter >
>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!
___________________________
>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.
Abraços!
Fiz o q você falou.
Combo fix
ComboFix 08-04-03.3 - Evelin 2008-04-03 21:52:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.476 [GMT -3:00]
Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\packet.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((( Ficheiros criados de 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))
.
2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat
2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy
2008-04-02 11:41 . 2008-04-02 14:36 <DIR> d-------- C:\Muestras
2008-04-02 10:23 . 2008-04-02 10:24 <DIR> d-------- C:\Hijack
2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx
2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo-2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe
2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-01 21:25 . 2008-04-01 21:25 <DIR> d-------- C:\Arquivos de programas\PDF Info
2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 22008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-04-01 21:18 . 2008-04-01 21:18 <DIR> d-------- C:\Program Files
2008-04-01 21:09 . 2008-04-01 21:09 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v3.02008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI
2008-04-01 21:04 . 2008-04-01 21:04 <DIR> d-------- C:\Arquivos de programas\VeryPDF PDF2Word v3.0
2008-04-01 20:52 . 2008-04-01 20:52 <DIR> d-------- C:\Arquivos de programas\Advanced PDF Tools v2.0
2008-04-01 20:46 . 2008-04-01 20:46 <DIR> d-------- C:\Arquivos de programas\PDFTools
2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡!
2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-03-29 01:21 . 2008-03-31 19:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch
2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet
2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-03-28 21:53 . 2008-04-03 21:16 <DIR> d-------- C:\Arquivos de programas\DreMule
2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox
2008-03-04 19:39 . 2008-03-04 19:39 <DIR> d-------- C:\Arquivos de programas\GenoPro
2008-03-04 19:25 . 2008-03-27 14:58 <DIR> d-------- C:\Arquivos de programas\Simple Family Tree
.((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 15:56 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit
2008-04-03 15:18 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7
2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft
2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7
2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft
2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-
2008-04-01 23:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater
2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí!
2008-03-30 10:12 --------- d-----w C:\Arquivos de programas\Orbitdownloader
2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire
2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire
2008-03-27 00:28 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon
2008-03-27 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
2008-03-22 13:05 --------- d-----w C:\Arquivos de programas\Oi Internet
2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts
2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES
2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon
2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS
2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS
2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys
2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll
.
------- Sigcheck -------
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360]
"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896]
"blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360]
"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk
backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]
path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk
backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch]
--a------ 2008-03-31 19:53 1936 C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa]
---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa]
---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]
--a------ 2005-07-25 14:41 1329152 C:\Arquivos de programas\iGv6\Discador iG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Arquivos de programas\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon]
--a------ 2005-03-14 21:14 77824 C:\Arquivos de programas\Discador iBest\baloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell]
C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]
--a------ 2007-07-30 09:52 2040832 C:\Arquivos de programas\POPDiscador\POPDiscador.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect]
C:\ARQUIV~1\TURBOC~1\TurboConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"E:\\Warcraft3\\Warcraft III.exe"=
"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Jogos\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Arquivos de programas\\DreMule\\emule.exe"=
"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20173:TCP"= 20173:TCP:BitComet 20173 TCP
"20173:UDP"= 20173:UDP:BitComet 20173 UDP
R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]
R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50]
R2 snss;snss;C:\WINDOWS\system32\snss.exe [2007-03-14 11:19]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 21:56:13
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-04-03 21:58:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 00:58:19
Pre-Run: 8,970,559,488 bytes disponíveis
Post-Run: 8,892,600,320 bytes dispon¡veis
HJT
Logfile of HijackThis v1.99.1
Scan saved at 22:06:34, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ARQUIV~1\BLOKFR~1\Agente.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\bfsa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\snss.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
Boa Noite! EvelinSF
>@< Vá em Iniciar >> Executar >> Digite: services.msc >> Ok.
________________________
>@< Localize snss.
>@< Em Tipo de inicialização,deixe: Desativado
>@< Se estiver em Manual ou Automático,clique em Parar o serviço.
________________________
Delete:
C:\QooBox
C:\ComboFix.txt << Log anterior do ComboFix.
________________________
>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.
>@< Salve-o,no Desktop,com o nome: CFScript.txt
>
File::C:\WINDOWS\system32\snss.exe
Folder::
C:\Muestras
Driver::
"snss"
>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.
>@< Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://img169.imageshack.us/img169/281/cpiadecfscriptxt7.gif&key=e3a2732c48041732df168abb559d35b0724db8640aeac968a5b75d36f2db21a4" alt="cpiadecfscriptxt7.gif" />
>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!
>@< Caso não reinicie,faça-o manualmente!
>@< Durante a execução,não utilize o teclado ou Mouse!
>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.
Abraços!
Peço desculpas pela demora.
Aí estão os relátórios requisitados.
Combofix
ComboFix 08-04-03.3 - Evelin 2008-04-13 12:11:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.458 [GMT -3:00]
Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Evelin\Desktop\CFScript.txt
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\snss.exe
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Muestras
C:\WINDOWS\system32\snss.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SNSS
-------\Service_snss
((((((((((((((((((((((( Ficheiros criados de 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))
.
2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar
2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Arquivos de programas\Winamp Toolbar
2008-04-12 08:21 . 2008-04-13 02:04 <DIR> d-------- C:\Documents and Settings\Evelin\Dados de aplicativos\MegauploadToolbar
2008-04-12 08:21 . 2008-04-12 08:21 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar
2008-04-07 19:34 . 2008-04-07 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead
2008-04-06 14:55 . 2008-04-07 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink
2008-04-06 14:55 . 2008-04-06 14:55 <DIR> d-------- C:\Arquivos de programas\DVD Shrink
2008-04-04 08:53 . 2008-04-04 08:53 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader2008-04-04 08:53 . 2007-08-08 13:56 69,632 --a------ C:\WINDOWS\system32\nporbit.dll
2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais
2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais
2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais
2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\Evelin\Configurações locais
2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat
2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy
2008-04-02 10:23 . 2008-04-03 22:06 <DIR> d-------- C:\Hijack
2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx
2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo-2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe
2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 2
2008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI
2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡!
2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-03-29 01:21 . 2008-04-13 11:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch
2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet
2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-03-28 21:53 . 2008-04-13 11:58 <DIR> d-------- C:\Arquivos de programas\DreMule
2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox
.((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:13 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit
2008-04-13 15:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater
2008-04-13 14:55 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\Simple Family Tree
2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\POPDiscador
2008-04-13 14:50 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Ahead
2008-04-12 20:12 --------- d-----w C:\Arquivos de programas\Winamp
2008-04-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
2008-04-05 14:29 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon
2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft
2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7
2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft
2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-
2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí!
2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire
2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire
2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts
2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES
2008-03-04 22:39 --------- d-----w C:\Arquivos de programas\GenoPro
2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon
2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS
2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS
2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys
2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll
.
------- Sigcheck -------
2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-19 19:36 1267040 --a------ C:\Arquivos de programas\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-03-19 19:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360]
"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896]
"blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360]
"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-04 08:53:35 1678536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk
backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]
path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk
backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa]
---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa]
---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]
C:\Arquivos de programas\iGv6\Discador iG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Arquivos de programas\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon]
C:\Arquivos de programas\Discador iBest\baloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell]
C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]
C:\Arquivos de programas\POPDiscador\POPDiscador.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect]
C:\ARQUIV~1\TURBOC~1\TurboConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\DreMule\\emule.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20173:TCP"= 20173:TCP:BitComet 20173 TCP
"20173:UDP"= 20173:UDP:BitComet 20173 UDP
R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]
R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 12:15:32
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-04-13 12:17:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 15:17:46
Pre-Run: 10,720,833,536 bytes disponíveis
Post-Run: 10,711,437,312 bytes dispon¡veis
HJT
Logfile of HijackThis v1.99.1
Scan saved at 12:22:09, on 13/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [blokfsa] bfsa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
Bom Dia! EvelinSF
>@< Abra o HijackThis,e dê Fix nesta entrada:
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
----------------------------------
>@< Clique em Iniciar >> Executar >> Digite: Combofix.exe /u >> Clique Ok.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img177.imageshack.us/img177/6567/runlm8.jpg&key=5cc7f8659f887c06e11b02b388b653430404d838c73eaccc55911427aa31e10f" alt="runlm8.jpg" />
>@< Na solicitação,escolha o dois. ( 2 )
----------------------------------
Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.
Depois,desmarque novamente! >> Aplicar >> Ok.
Para maiores detalhes,vá em:< Docs >
----------------------------------
>@< Faça o download do CCleaner.
>@< Baixe-o para o Desktop!
>@< Abra o programa e clique em Analisar >> Executar Limpeza.
>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.
----------------------------------
>@< No mais,tudo Ok. :thumbsup:
>@< Log Limpo!
Abraços!
Muito obrigada!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.
Bom Dia! EvelinSF
>@< Faça o download do EliBagla.
>@< Salve-o no Desktop!
>@< Agora,vá ao seu ícone e execute a ferramenta!
>@< Reinicie o computador,em Modo de Segurança. << Importante!
>@< Execute,novamente,o EliBagla.
>@< Reinicie em Modo Normal!
>@< Poste o relatório: infoSAT.txt que está na raíz C:\ ( Disco Local-C )
Abraços!