[Resolvido!]virus derruba MSN

[jaspion 0]

Estou com um problema no msn, que cai toda hora. Na verdade, pra mim ele aparece como se estivesse conectado, inclusive recebo as mensagens dizendo que um contato acabou de entrar. Meus contatos me vêem como se eu estivesse conectado, mas se mandam uma mensagem, ela retorna depois de um tempo dizendo que não foi possível entregar a mensagem. Passei o Avast e ele encontrou um trojan, que aparentemente foi removido. mas continuo tendo o mesmo problema. Já passei o HijackThis e estou enviando o relatório para sua avaliação.

Desde já agradeço a atenção.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:27:48, on 5/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jovempan.uol.com.br/jpamnew/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OrderReminder] "C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.notetower.us

O17 - HKLM\System\CCS\Services\Tcpip\..\{66455888-83AC-4F5C-8A9B-6B48F4E93FD7}: NameServer = 66.249.220.2,66.249.220.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[raphael436 0]

Faça um scan online em www.bitdefender.com.br e coloque o log do final do scan

[jaspion 0]

raphael436,

 

Antes de qualquer coisa, obrigado pela resposta.

Passei o bitdefender e estou mandando o relatório gerado, como sugerido. Estou mandando também o relatório do HijackThis para certificar se ainda existe algum problema.

 

valeu...

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Mon, Sep 10, 2007 - 13:41:34

 

 

Scan path: C:\;D:\;E:\;

 

 

Statistics

 

Time

00:14:33

 

Files

102043

 

Folders

3077

 

Boot Sectors

3

 

Archives

739

 

Packed Files

5768

 

 

 

 

Results

 

Identified Viruses

1

 

Infected Files

1

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

1

 

 

 

Engines Info

 

Virus Definitions

800419

 

Engine build

AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

Scanned File

Status

 

C:\autoexec.bat

Infected with: Trojan.Bat.Killfiles.GB

 

C:\autoexec.bat

Disinfection failed

 

C:\autoexec.bat

Deleted

 

 

--------------------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:34:48, on 10/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\DOCUME~1\CHICO~1\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jovempan.uol.com.br/jpamnew/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OrderReminder] "C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.notetower.us

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{66455888-83AC-4F5C-8A9B-6B48F4E93FD7}: NameServer = 66.249.220.2,66.249.220.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[raphael436 0]

Faça download do killbox

Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

C:\autoexec.bat

Clique no botão . Responda Sim à pergunta.

 

Faça o download do ComboFix

É importante que o salve no seu desktop (ambiente de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.

É um pouco demorado, por favor seja paciente. Não clique com o mouse enquando a ferramenta estiver em execução, isto pode fazer que o computador pare, Para parar ou sair do ComboFix, tecle "N".

Quando a ferramenta terminar de rodar, gerará um log. Que estará em C:\ComboFix.txt, copie-o na sua resposta, faça também um novo log do HijackThis para colocar na sua resposta.

[jaspion 0]

Segue o relatório do ComboFix e na sequencia o relatório do hijackThis...

 

Obrigado pela atenção...

 

 

ComboFix 07-09-10.6 - "ChicÆo" 2007-09-11 16:04:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1621 [GMT -3:00]

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))))

.

 

2007-09-10 12:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-09-05 11:27 218,112 --a------ C:\HijackThis.exe

2007-08-31 15:57 <DIR> d-------- C:\Arquivos de programas\aMSN

2007-08-31 15:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

2007-08-31 15:40 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-08-31 15:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-08-31 15:34 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-31 15:34 <DIR> d-------- C:\!KillBox

2007-08-31 10:52 164 --a------ C:\install.dat

2007-08-28 13:15 1,497,600 --a------ C:\WINDOWS\folder2.exe

2007-08-27 15:27 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-08-27 15:27 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-08-27 15:27 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-08-27 15:27 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-08-27 15:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-08-27 15:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-27 15:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-08-27 15:27 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-15 15:47 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2007-08-15 15:47 63,040 --a------ C:\WINDOWS\system32\LMIinit.dll

2007-08-15 15:47 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2007-08-15 15:47 26,176 --a------ C:\WINDOWS\system32\LMIport.dll

2007-08-15 15:47 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2007-08-15 10:24 90,112 --a------ C:\WINDOWS\system32\SDCCInfo.dll

2007-08-15 10:24 172,032 --a------ C:\WINDOWS\system32\rsUtil.dll

2007-08-15 10:24 <DIR> d-------- C:\Arquivos de programas\Stamps.com Internet Postage

2007-08-15 10:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Intuit

2007-08-15 10:22 <DIR> d-------- C:\WINDOWS\Crystal

2007-08-15 10:22 <DIR> d-------- C:\Arquivos de programas\Crystal Decisions

2007-08-15 10:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Peach

2007-08-15 10:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Crystal Decisions

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-11 16:02 --------- d-------- C:\Arquivos de programas\lg_fwupdate

2007-09-01 09:17 --------- d-------- C:\Arquivos de programas\Google

2007-08-04 10:01 --------- d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-08-04 10:01 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-07-31 16:55 --------- d-------- C:\Arquivos de programas\Real

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-28 16:51 --------- d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-27 11:21 --------- d--h----- C:\Arquivos de programas\Zenographics

2007-07-27 11:21 --------- d-------- C:\Arquivos de programas\Hewlett-Packard

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot_2007-08-31_153928.81 )))))))))))))))))))))))))))))))))))))))))

.

----a-w 53,248 2006-05-25 04:22:06 C:\WINDOWS\bdoscandel.exe

----a-w 15,072 2007-03-06 01:00:55 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll

----a-w 215,264 2007-03-06 01:01:00 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe

----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe

----a-w 22,752 2007-03-06 01:00:53 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll

----a-w 721,120 2007-03-06 01:01:17 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe

----a-w 384,224 2007-03-06 01:02:08 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll

-c----w 60,416 2007-01-29 08:58:06 C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe

-c----w 215,264 2007-03-06 01:01:00 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe

-c----w 384,224 2007-03-06 01:02:08 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll

-c----w 316,928 2006-11-03 02:29:46 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe

-c----w 215,264 2005-06-28 13:23:32 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe

-c----w 371,424 2005-06-28 13:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll

----a-w 45,056 2007-09-10 15:59:15 C:\WINDOWS\BDOSCAN8\avxdisk.dll

----a-w 10,240 2007-09-10 15:59:18 C:\WINDOWS\BDOSCAN8\avxs.dll

----a-w 27,136 2007-09-10 15:59:21 C:\WINDOWS\BDOSCAN8\avxt.dll

----a-w 181,248 2007-09-10 16:01:00 C:\WINDOWS\BDOSCAN8\bdcore.dll

----a-w 118,784 2005-03-01 17:08:48 C:\WINDOWS\BDOSCAN8\bdupd.dll

----a-w 53,248 2005-03-01 17:08:52 C:\WINDOWS\BDOSCAN8\ipsupd.dll

----a-w 142,848 2007-09-10 16:01:26 C:\WINDOWS\BDOSCAN8\libfn.dll

----a-w 86,016 2007-09-10 15:59:45 C:\WINDOWS\BDOSCAN8\librtvr.dll

----a-w 118,784 2005-03-01 17:08:48 C:\WINDOWS\Downloaded Program Files\bdupd.dll

----a-w 53,248 2005-03-01 17:08:52 C:\WINDOWS\Downloaded Program Files\ipsupd.dll

----a-w 318,464 2007-06-27 19:02:52 C:\WINDOWS\inf\unregmp2.exe

----a-r 29,696 2007-08-31 18:40:59 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

----a-r 18,944 2007-08-31 18:40:59 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

----a-r 65,024 2007-08-31 18:40:59 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

----a-w 15,072 2007-03-06 01:00:55 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\spmsg.dll

----a-w 215,264 2007-03-06 01:01:00 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\spuninst.exe

----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\sp2gdr\tzchange.exe

----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\sp2qfe\tzchange.exe

----a-w 22,752 2007-03-06 01:00:53 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\update\spcustom.dll

----a-w 721,120 2007-03-06 01:01:17 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\update\update.exe

----a-w 384,224 2007-03-06 01:02:08 C:\WINDOWS\SoftwareDistribution\Download\3cddacc1c7e93629fdbbcbaa53af6c0b\update\updspapi.dll

----a-w 13,536 2005-06-28 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\spmsg.dll

----a-w 215,264 2005-06-28 13:23:32 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\spuninst.exe

----a-w 318,464 2007-06-27 19:02:52 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\unregmp2.exe

----a-w 721,120 2005-06-28 13:25:00 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\update\update.exe

----a-w 371,424 2005-06-28 13:23:54 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\update\updspapi.dll

------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe

-c--a-w 318,464 2007-06-27 19:02:52 C:\WINDOWS\system32\dllcache\unregmp2.exe

----atw 16,384 2007-09-11 19:02:13 C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat

----atw 16,384 2007-09-11 19:02:29 C:\WINDOWS\Temp\Perflib_Perfdata_c9c.dat

.

----a-w 316,928 2006-11-03 02:29:46 C:\WINDOWS\inf\unregmp2.exe

------w 60,416 2007-01-29 08:58:06 C:\WINDOWS\system32\tzchange.exe

-c--a-w 316,928 2006-11-03 02:29:46 C:\WINDOWS\system32\dllcache\unregmp2.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

 

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-10-22 01:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2006-04-30 23:07]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-07-12 06:58]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-04-07 10:15]

"msnappau"="C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe" [2004-08-13 17:41]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 23:33]

"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"OrderReminder"="C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 13:00]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-08-04 10:01]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"Simp"="C:\Arquivos de programas\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe" [2006-10-02 18:12]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-04-11 19:15]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

 

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys

R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\rtl8180.SYS

R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8e7d6b-5700-11dc-b74d-0040f4c4830b}]

AutoRun\command- fooool.exe

explore\Command- fooool.exe

open\Command- fooool.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e905812-356a-11dc-b726-001a922728ff}]

AutoRun\command- F:\fooool.exe

explore\Command- F:\fooool.exe

open\Command- F:\fooool.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f10d023e-531b-11dc-b745-0040f4c4830b}]

AutoRun\command- fooool.exe

explore\Command- fooool.exe

open\Command- fooool.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-09-11 19:02:12 C:\WINDOWS\Tasks\startt.job"

- c:\autoexec.bat

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-11 16:04:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-11 16:05:09

C:\ComboFix-quarantined-files.txt ... 2007-09-11 16:05

C:\ComboFix2.txt ... 2007-09-11 15:58

C:\ComboFix3.txt ... 2007-08-31 15:39

.

--- E O F ---

 

 

---------

HijackThis ...

 

Logfile of HijackThis v1.99.1

Scan saved at 16:08:32, on 11/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\DOCUME~1\CHICO~1\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jovempan.uol.com.br/jpamnew/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-pt\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.3000.1001\pt-pt\msnappau.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OrderReminder] "C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [simp] C:\Arquivos de programas\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.notetower.us

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{66455888-83AC-4F5C-8A9B-6B48F4E93FD7}: NameServer = 66.249.220.2,66.249.220.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[raphael436 0]

Faça downlaod do Ccleaner

Abra o programa e clique em Executar Limpeza;

Após isto, clique em Erros > Procurar erros > Corrigir Erros

 

Abra o HijackThis e clique em Do a system scan only.

Marque SOMENTE as entrada abaixo e clique em Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O15 - Trusted Zone: *.notetower.us

 

Apague a pasta C:\!killbox

 

Reinstale o MSN, Faça o download do bankerfix - http://linhadefensiva.uol.com.br/dl/bankerfix

Ao executar-lo vai aparecer "pressione qualquer tecla para continuar..." pressione qualquer tecla

Atenção ao executar-lo ele fechara todas as paginas da internet que estiverem abertas, Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt.

[jaspion 0]

Segui os procedimentos e estou postando o relatório do bankerfix.

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 12/9/2007 - 10:48

-------------------------------------------------------

Lista de Definição: 2007-09-09-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\Tasks\startt.job

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[raphael436 0]

Log limpo, ainda há algum problema?

[jaspion 0]

valeu raphael436,problema resolvido.... muito obrigado!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.