Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:18, on 10/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Razer\Lachesis\razerhid.exe
C:\Arquivos de programas\Razer\Tarantula\razerhid.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\netaps\sysinternals.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\Arquivos de programas\Razer\Lachesis\OSD.exe
C:\Arquivos de programas\Razer\Lachesis\razerofa.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spooler de Impressão] C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\windll.dll update
O4 - HKCU\..\Run: [serviço de Indexação Windows] C:\windows\netaps\sysinternals.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8320 bytes
MBAM:
Malwarebytes' Anti-Malware 1.44
Database version: 3538
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702
2010-01-11 00:18:38
mbam-log-2010-01-11 (00-18-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 291777
Time elapsed: 30 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully.
ComboFix:
ComboFix 10-01-04.01 - Godoy 11/01/2010 0:36.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1791.1299 [GMT -2:00]
Executando de: c:\documents and settings\Godoy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\khq
c:\windows\netaps
c:\windows\netaps\outlook.exe
c:\windows\netaps\sysinternals.exe
c:\windows\netaps\windll.dll
c:\windows\netaps\Windll.log
c:\windows\system32\msvcr92d.cfg
c:\windows\system32\msvcr92d.usr
D:\Autorun.inf
D:\khq
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-11 to 2010-01-11 ))))))))))))))))))))))))))))
.
2010-01-11 02:29 . 2010-01-11 02:29 400384 ----a-w- c:\windows\system32\CF4801.exe
2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Malwarebytes
2010-01-11 01:38 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-11 01:38 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 00:59 . 2010-01-11 01:02 -------- d-----w- C:\Hijack
2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- C:\ProgramData
2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- c:\arquivos de programas\Electronic Arts
2010-01-06 23:24 . 2010-01-06 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-12-22 18:08 . 2009-12-22 18:08 4043544 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgui.exe
2009-12-22 18:08 . 2009-12-18 18:07 294656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avglngx.dll
2009-12-22 18:08 . 2009-12-22 18:07 3966744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 01:08 . 2009-10-05 14:05 -------- d-----w- c:\arquivos de programas\WS_FTP
2010-01-11 01:04 . 2008-07-24 05:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-01-11 01:04 . 2008-07-24 05:43 -------- d-----w- c:\arquivos de programas\SpywareBlaster
2010-01-09 20:21 . 2008-07-18 02:55 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FrostWire
2010-01-09 02:31 . 2008-12-15 19:19 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tibia
2010-01-08 12:52 . 2008-07-24 05:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2010-01-07 21:05 . 2009-06-29 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts
2010-01-07 20:49 . 2008-07-16 23:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-01-07 20:31 . 2009-09-09 23:34 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FileZilla
2010-01-07 00:03 . 2009-09-09 23:34 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client
2010-01-06 23:40 . 2008-07-17 00:20 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Ahead
2010-01-06 01:17 . 2008-07-18 02:26 -------- d-----w- c:\arquivos de programas\FrostWire
2009-12-12 23:07 . 2009-12-04 19:09 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tropico 3
2009-12-10 23:23 . 2001-10-28 18:07 71242 ----a-w- c:\windows\system32\perfc016.dat
2009-12-10 23:23 . 2001-10-28 18:07 432812 ----a-w- c:\windows\system32\perfh016.dat
2009-11-30 18:24 . 2009-11-30 18:24 -------- d-----w- c:\arquivos de programas\AGEIA Technologies
2009-11-30 18:24 . 2008-09-16 22:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\DVDVideoSoft
2009-11-27 13:34 . 2009-08-06 01:55 1 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-23 20:39 . 2008-07-17 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-11-23 19:36 . 2008-07-18 02:37 -------- d-----w- c:\arquivos de programas\Java
2009-11-23 19:35 . 2009-11-23 19:35 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 19:34 . 2009-11-23 19:34 79488 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 16:42 . 2004-08-04 03:45 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 22:03 . 2008-07-16 23:27 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation
2009-11-19 20:21 . 2009-11-19 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare
2009-11-19 19:06 . 2009-11-19 19:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation
2009-11-19 18:50 . 2009-06-26 18:56 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2009-11-15 22:58 . 2008-07-26 06:13 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-11-10 00:53 . 2009-10-25 17:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-29 07:42 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 17:33 . 2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 17:33 . 2009-10-25 17:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 17:33 . 2009-10-25 17:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-21 06:01 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:01 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 02:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 22:45 . 2009-10-14 22:45 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\arquivos de programas\LClock\lclock.exe" [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"Lachesis"="c:\arquivos de programas\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"Tarantula"="c:\arquivos de programas\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"nwiz"="nwiz.exe" [2006-10-30 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Iolo Macro Magic.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Iolo Macro Magic.lnk
backup=c:\windows\pss\Iolo Macro Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Godoy^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Godoy\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 14:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 18:55 1057328 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-07-26 03:27 249856 ----a-w- c:\arquivos de programas\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 18:07 1394000 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Jogos\\Steam\\Steam.exe"=
"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"d:\\Jogos\\Tibia\\Tibia.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"d:\\Jogos\\Steam\\steamapps\\guilherme_godoy@sixsons.com.br\\counter-strike\\hl.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 15:33 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 15:33 360584]
R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [25/10/2009 15:33 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 23:11 721904]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [20/1/2009 00:24 12032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;c:\windows\system32\drivers\slnt.sys [16/7/2008 22:00 18042]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [5/8/2009 00:35 44800]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva187;XDva187;\??\c:\windows\system32\XDva187.sys --> c:\windows\system32\XDva187.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva220;XDva220;\??\c:\windows\system32\XDva220.sys --> c:\windows\system32\XDva220.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [12/9/2008 01:21 90568]
S4 Htiideaewxr;Htiideaewxr; [x]
--- =Outros Serviços/Drivers Na Memória ---
Deregistered - uphcleanhlp
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Godoy\Dados de aplicativos\Mozilla\Firefox\Profiles\8mhv5gzd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.MSConfigStartUp-cida - c:\windows\system32\cida.exe
MSConfigStartUp-Serviço de Indexação Windows - c:\windows\netaps\sysinternals.exe
MSConfigStartUp-Spooler de Impressão - c:\windows\netaps\windll.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:39
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54AF3933-F717-AE76-896C-3750071518DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaalplckjnmjeglddmdmcpgnaianlo"=hex:64,61,61,6a,66,66,65,63,00,80
"oamipemfdabjmldcmpmncncpimhlip"=hex:6a,61,64,67,65,67,61,6c,6a,65,64,64,6b,64,
70,65,6d,69,6e,69,00,fd
"naoifghocillpphajobfdkfpncde"=hex:69,61,67,66,70,68,69,6b,6e,6c,61,69,6b,64,
69,61,66,61,00,00
[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5CDDD73-75CC-932B-DE3A-92816583454F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paebhegnmjopcbogleahicjncnlgoepk"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62,
70,67,67,66,63,64,6f,65,6d,00,00
"oaoajgdcjlkephaaoagfhfmfabamia"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62,70,
67,67,66,63,64,6f,65,6d,00,00
[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,6e,9c,33,45,fa,28,74,7e,75,17,d2,03,d6,79,14,2a,cb,f1,0b,33,ac,6e,
42,1a,13,ea,b8,39,9e,c1,fa,1f,86,05,83,69,bf,be,d3,5a,e8,00,d7,89,eb,a6,95,\
"??"=hex:eb,ed,84,dd,a8,31,88,9c,45,0d,1b,b1,dd,01,48,48
[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ca,47,05,9c,5d,1f,41,eb,5e,e9,2a,7f,5c,28,d9,a4,9a,f9,8f,d2,ac,
3b,05,e8,0c,42,61,3a,f7,1d,0d,fb,5b,5a,60,2a,7f,4c,84,4f,e0,1c,73,47,b2,c7,\
"rkeysecu"=hex:61,69,c9,ec,af,13,4e,17,43,58,ba,60,fe,a5,9a,b4
.
Tempo para conclusão: 2010-01-11 00:41:07
ComboFix-quarantined-files.txt 2010-01-11 02:41
Pré-execução: 8 pasta(s) 12.254.998.528 bytes disponíveis
Pós execução: 11 pasta(s) 12.217.229.312 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:26, on 11/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7344 bytes
:) Vários problemas foram removidos do seu PC.
:seta: Siga, por gentileza, as dicas destes tutoriais:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix
Tutorial do antivírus BitDefender Online
Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos.
Ficamos no aguardo.
USBFix:
############################## | UsbFix V6.073 |
User : Godoy (Administradores) # PC1
Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:47:57 | 13/1/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon 64 X2 Dual Core Processor 4800+
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]
A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 29,3 Go (11,15 Go free) # NTFS
D:\ -> Disco fixo local # 119,74 Go (87,52 Go free) # NTFS
E:\ -> Disco CD-ROM # 5,56 Go (0 Mo free) [sims3] # UDF
F:\ -> Disco removível # 1,89 Go (1,74 Go free) [2GB - GODOY] # FAT
############################## | Processos activos |
C:\WINDOWS\System32\smss.exe 624
C:\WINDOWS\system32\csrss.exe 676
C:\WINDOWS\system32\winlogon.exe 700
C:\WINDOWS\system32\services.exe 744
C:\WINDOWS\system32\lsass.exe 756
C:\WINDOWS\system32\svchost.exe 940
C:\WINDOWS\system32\svchost.exe 988
C:\WINDOWS\System32\svchost.exe 1084
C:\WINDOWS\system32\svchost.exe 1204
C:\WINDOWS\system32\svchost.exe 1280
C:\WINDOWS\system32\logonui.exe 1360
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe 1392
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe 1408
C:\WINDOWS\system32\spoolsv.exe 1468
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe 1600
C:\WINDOWS\Explorer.EXE 1972
C:\WINDOWS\system32\svchost.exe 500
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe 536
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe 616
C:\Arquivos de programas\Java\jre6\bin\jqs.exe 828
C:\WINDOWS\system32\nvsvc32.exe 1064
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe 1200
C:\WINDOWS\system32\svchost.exe 1532
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe 1764
C:\Arquivos de programas\UPHClean\uphclean.exe 276
C:\WINDOWS\system32\wuauclt.exe 512
C:\WINDOWS\system32\wbem\wmiprvse.exe 2316
C:\WINDOWS\System32\alg.exe 2380
################## | Ficheiros # pastas infeciosos |
Supprimido ! C:\kht
Supprimido ! C:\khu
Supprimido ! C:\khv
Supprimido ! C:\khw
Supprimido ! C:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003
Supprimido ! D:\kht
Supprimido ! D:\khu
Supprimido ! D:\khv
Supprimido ! D:\khw
Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003
Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-500
Não supprimido ! E:\autorun.inf
################## | Registro # Chaves infectieuses |
Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Registro # Mountpoints2 |
################## | Listing |
[16/07/2008 21:18|--a------|0] C:\AUTOEXEC.BAT
[10/01/2010 23:14|--ah-----|223] C:\Boot.bak
[11/01/2010 00:34|-rahs----|293] C:\boot.ini
[28/10/2001 16:06|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--ah-----|261856] C:\cmldr
[16/07/2008 21:18|--a------|0] C:\CONFIG.SYS
[16/07/2008 21:18|-rahs----|0] C:\IO.SYS
[16/07/2008 21:18|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 23:59|-rahs----|251168] C:\ntldr
[?|?|?] C:\pagefile.sys
[13/04/2008 08:56|-rahs----|815690] C:\psifyq.exe
[13/04/2008 20:22|-rahs----|851154] C:\ttcpao.exe
[13/01/2010 20:52|--a------|3599] C:\UsbFix.txt
[14/04/2008 00:22|-rahs----|405622] D:\mutbnp.exe
[?|?|?] D:\pagefile.sys
[13/04/2008 08:56|-rahs----|815690] D:\psifyq.exe
[14/04/2008 08:03|-rahs----|878074] D:\tcxjeg.exe
[04/08/2004 15:32|-rahs----|724902] D:\trnavs.exe
[13/04/2008 20:22|-rahs----|851154] D:\ttcpao.exe
[09/04/2009 23:52|-r-------|12292] E:\.DS_Store
[09/04/2009 23:59|-r-------|253] E:\.hidden
[30/04/2009 00:57|-r-------|54544] E:\Autorun.exe
[21/10/2008 21:48|-r-------|45] E:\Autorun.inf
[19/06/2008 23:06|-r-------|555520] E:\ISSetup.dll
[21/10/2008 21:48|-r-------|174684] E:\Sims3.ico
[30/04/2009 01:03|-r-------|398608] E:\Sims3Setup.exe
[05/03/2009 18:33|-r-------|319488] E:\_Setup.dll
[30/04/2009 00:58|-r-------|3204962] E:\data1.cab
[30/04/2009 00:57|-r-------|195056] E:\data1.hdr
[30/04/2009 01:03|-r-------|512] E:\data2.cab
[12/08/2008 19:02|-r-------|10134] E:\eauninstall.ico
[30/04/2009 01:03|-r-------|25506] E:\layout.bin
[03/10/2008 17:46|-r-------|164463] E:\setup.gif
[30/04/2009 00:57|-r-------|707] E:\setup.ini
[30/04/2009 00:57|-r-------|354226] E:\setup.inx
[28/03/2009 04:29|-r-------|548828] E:\setup.isn
[30/04/2009 00:57|-r-------|152] E:\skuversion.txt
[14/12/2009 14:19|--ah-----|4096] F:\._.Trashes
################## | Vaccinação |
################## | Crack > Keygen > Serial |
################## | Upload |
Favor enviar o arquivo : C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição .
################## | ! Fim do relatório # UsbFix V6.073 ! |
Amanhã faço o outro.
:) Vários problemas foram removidos pelo Usbfix.
Envie, por gentileza, o arquivo C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip para este site abaixo para que o Usbfix possa ser aperfeiçoado:
http://chiquitine.changelog.fr/Sample/Upload.php
_______________________________________
Amanhã faço o outro
Ok, ficamos na espera.
Faça também o seguinte por gentileza:
● Desative temporariamente a proteção residente de seu antivírus para evitar conflitos e volte a ativá-la depois de cumprir todas as etapas abaixo:
* Faça o download do PenClean:
https://dl.getdropbox.com/u/1035720/PenClean.zip
● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo).
● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo:
● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar.
● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde.
● Será salvo um log em C:\PenClean\PenClean.txt
____________________________________
:seta: Siga também as dicas deste tutorial:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-flash-disinfector.html"]Tutorial do Flash Disinfector
___________________________________
:seta: Na sua próxima resposta poste o log que estará em C:\PenClean\PenClean.txt, o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos.
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
:) Olá Godoy!
:seta: Siga, primeiramente, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware
_________________________________________
:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:
Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>
Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Malwarebytes e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.
Ficamos no aguardo.