EvelinSF 0 Denunciar post Postado Abril 2, 2008 Bom dia, ontem à noite meu pc reiniciou umas 2 vezes e depois disso meu antivirus(AVG) não funciona mais. Tentei instalar novamente e não consegui, dá um erro dizendo q não é um arquivo win32 válido. O mesmo acontece com o Spybot e o AVG antirootkit. Tentei usar o Hujackthis conforme o explicado e tb dá o mesmo erro. Não sei o que fazer!! Obrigada Evelin Não sei se isso ajuda, mas: Log do F-secure Blacklight 04/02/08 09:34:21 [info]: BlackLight Engine 1.0.70 initialized 04/02/08 09:34:21 [info]: OS: 5.1 build 2600 (Service Pack 2) 04/02/08 09:34:25 [Note]: 7019 4 04/02/08 09:34:25 [Note]: 7005 0 04/02/08 09:34:40 [Note]: 7006 0 04/02/08 09:34:40 [Note]: 7011 1428 04/02/08 09:34:41 [Note]: 7035 0 04/02/08 09:34:44 [Note]: 7026 0 04/02/08 09:34:48 [Note]: 7026 0 04/02/08 09:34:48 [Note]: 7024 3 04/02/08 09:34:48 [info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe 04/02/08 09:34:52 [Note]: FSRAW library version 1.7.1024 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Empty.txt 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Filters.xml 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\news.png 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\paint.png 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Profiles\Blank.txt 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample1.jpg 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample2.jpg 04/02/08 09:46:15 [Note]: 10002 3 04/02/08 09:46:15 [Note]: 10002 2 04/02/08 09:46:15 [Note]: 10002 2 04/02/08 09:53:38 [Note]: 10002 2 04/02/08 09:53:38 [Note]: 10002 2 04/02/08 10:00:03 [info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe 04/02/08 10:00:03 [Note]: 10002 2 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\102062.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\125828.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\128312.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\136640.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\173343.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\183718.exe 04/02/08 10:00:26 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\191046.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\214125.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\218484.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\230015.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\241187.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\247921.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\254640.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\270671.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\288046.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\339140.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\348421.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\371734.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\376328.exe 04/02/08 10:00:27 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\434437.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\601171.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\632531.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\656375.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\682203.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\685734.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\691140.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\726343.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\758828.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\76312.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\775562.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\788406.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\805921.exe 04/02/08 10:00:28 [Note]: 10002 3 04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\821546.exe 04/02/08 10:00:29 [Note]: 10002 3 04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\91625.exe 04/02/08 10:00:29 [Note]: 10002 3 04/02/08 10:00:29 [Note]: 10002 2 04/02/08 10:00:29 [Note]: 10002 2 04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys 04/02/08 10:00:29 [Note]: 10002 2 04/02/08 10:13:00 [Note]: 7007 0 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 2, 2008 Bom Dia! EvelinSF >@< Faça o download do EliBagla. >@< Salve-o no Desktop! >@< Agora,vá ao seu ícone e execute a ferramenta! >@< Reinicie o computador,em Modo de Segurança. << Importante! >@< Execute,novamente,o EliBagla. >@< Reinicie em Modo Normal! >@< Poste o relatório: infoSAT.txt que está na raíz C:\ ( Disco Local-C ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EvelinSF 0 Denunciar post Postado Abril 2, 2008 Tentei fazer o q você pediu, mas não consegui reiniciar em modo seguro, o pc reinicou qnd estava na tela ST.. .sys. Jà reiniciou depois disso 3 vezes. Agora logo qnd o pc reinicia aparece uma tela: Select file to be cracked. Socorro!! Eu estou preciso terminar de fazer um trabalho p hj. Grata Wed Apr 02 11:41:41 2008 EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Wed Apr 02 11:43:49 2008 EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Por favor, envienos una muestra del fichero C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Compartilhar este post Link para o post Compartilhar em outros sites
EvelinSF 0 Denunciar post Postado Abril 2, 2008 Agora o pc reiniciou em modo de segurança. E já consegui instalar o antivírus. Muito obrigada!! Wed Apr 02 13:24:27 2008 EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Por favor, envienos una muestra del fichero C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Wed Apr 02 13:27:59 2008 EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit) Por favor, envienos una muestra del fichero C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 2, 2008 Boa Noite! EvelinSF >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: Antivírus,Antispywares e Firewall. >@< Desabilite o TeaTimer,do Spybot. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! ___________________________ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EvelinSF 0 Denunciar post Postado Abril 4, 2008 Fiz o q você falou. Combo fix ComboFix 08-04-03.3 - Evelin 2008-04-03 21:52:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.476 [GMT -3:00] Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\packet.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((( Ficheiros criados de 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))) . 2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira 2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe 2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat 2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-04-02 11:41 . 2008-04-02 14:36 <DIR> d-------- C:\Muestras 2008-04-02 10:23 . 2008-04-02 10:24 <DIR> d-------- C:\Hijack 2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx 2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo- 2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe 2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-01 21:25 . 2008-04-01 21:25 <DIR> d-------- C:\Arquivos de programas\PDF Info 2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 2 2008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-04-01 21:18 . 2008-04-01 21:18 <DIR> d-------- C:\Program Files 2008-04-01 21:09 . 2008-04-01 21:09 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v3.0 2008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI 2008-04-01 21:04 . 2008-04-01 21:04 <DIR> d-------- C:\Arquivos de programas\VeryPDF PDF2Word v3.0 2008-04-01 20:52 . 2008-04-01 20:52 <DIR> d-------- C:\Arquivos de programas\Advanced PDF Tools v2.0 2008-04-01 20:46 . 2008-04-01 20:46 <DIR> d-------- C:\Arquivos de programas\PDFTools 2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld 2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡! 2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator 2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-03-29 01:21 . 2008-03-31 19:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch 2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet 2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-03-28 21:53 . 2008-04-03 21:16 <DIR> d-------- C:\Arquivos de programas\DreMule 2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox 2008-03-04 19:39 . 2008-03-04 19:39 <DIR> d-------- C:\Arquivos de programas\GenoPro 2008-03-04 19:25 . 2008-03-27 14:58 <DIR> d-------- C:\Arquivos de programas\Simple Family Tree . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 15:56 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit 2008-04-03 15:18 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7 2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft 2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft 2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7 2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft 2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo- 2008-04-01 23:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí! 2008-03-30 10:12 --------- d-----w C:\Arquivos de programas\Orbitdownloader 2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire 2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire 2008-03-27 00:28 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon 2008-03-27 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon 2008-03-22 13:05 --------- d-----w C:\Arquivos de programas\Oi Internet 2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts 2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES 2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon 2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS 2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS 2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys 2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll . ------- Sigcheck ------- 2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992] "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072] "avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896] "blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360] "AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk] path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] --a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch] --a------ 2008-03-31 19:53 1936 C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa] ---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa] ---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG] --a------ 2005-07-25 14:41 1329152 C:\Arquivos de programas\iGv6\Discador iG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon] --a------ 2005-03-14 21:14 77824 C:\Arquivos de programas\Discador iBest\baloon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell] C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador] --a------ 2007-07-30 09:52 2040832 C:\Arquivos de programas\POPDiscador\POPDiscador.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect] C:\ARQUIV~1\TURBOC~1\TurboConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"= "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"= "C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "E:\\Warcraft3\\Warcraft III.exe"= "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"= "C:\\Jogos\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Arquivos de programas\\DreMule\\emule.exe"= "C:\\Arquivos de programas\\BitComet\\BitComet.exe"= "C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "20173:TCP"= 20173:TCP:BitComet 20173 TCP "20173:UDP"= 20173:UDP:BitComet 20173 UDP R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11] R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50] R2 snss;snss;C:\WINDOWS\system32\snss.exe [2007-03-14 11:19] R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 21:56:13 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusÆo: 2008-04-03 21:58:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-04 00:58:19 Pre-Run: 8,970,559,488 bytes disponíveis Post-Run: 8,892,600,320 bytes dispon¡veis HJT Logfile of HijackThis v1.99.1 Scan saved at 22:06:34, on 3/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\ARQUIV~1\BLOKFR~1\Agente.exe C:\WINDOWS\system32\HPZipm12.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\bfsa.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\snss.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file) O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [blokfsa] bfsa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing) O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 4, 2008 Boa Noite! EvelinSF >@< Vá em Iniciar >> Executar >> Digite: services.msc >> Ok. ________________________ >@< Localize snss. >@< Em Tipo de inicialização,deixe: Desativado >@< Se estiver em Manual ou Automático,clique em Parar o serviço. ________________________ Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. ________________________ >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\WINDOWS\system32\snss.exe Folder:: C:\Muestras Driver:: "snss" >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EvelinSF 0 Denunciar post Postado Abril 13, 2008 Peço desculpas pela demora. Aí estão os relátórios requisitados. Combofix ComboFix 08-04-03.3 - Evelin 2008-04-13 12:11:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.458 [GMT -3:00] Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Evelin\Desktop\CFScript.txt * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\snss.exe . TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Muestras C:\WINDOWS\system32\snss.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SNSS -------\Service_snss ((((((((((((((((((((((( Ficheiros criados de 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))) . 2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar 2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Arquivos de programas\Winamp Toolbar 2008-04-12 08:21 . 2008-04-13 02:04 <DIR> d-------- C:\Documents and Settings\Evelin\Dados de aplicativos\MegauploadToolbar 2008-04-12 08:21 . 2008-04-12 08:21 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar 2008-04-07 19:34 . 2008-04-07 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2008-04-06 14:55 . 2008-04-07 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink 2008-04-06 14:55 . 2008-04-06 14:55 <DIR> d-------- C:\Arquivos de programas\DVD Shrink 2008-04-04 08:53 . 2008-04-04 08:53 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader 2008-04-04 08:53 . 2007-08-08 13:56 69,632 --a------ C:\WINDOWS\system32\nporbit.dll 2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais 2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais 2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais 2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\Evelin\Configurações locais 2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira 2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe 2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat 2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-04-02 10:23 . 2008-04-03 22:06 <DIR> d-------- C:\Hijack 2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx 2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo- 2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe 2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 2 2008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI 2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld 2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡! 2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator 2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-03-29 01:21 . 2008-04-13 11:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch 2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet 2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-03-28 21:53 . 2008-04-13 11:58 <DIR> d-------- C:\Arquivos de programas\DreMule 2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 15:13 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit 2008-04-13 15:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-04-13 14:55 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\Simple Family Tree 2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\POPDiscador 2008-04-13 14:50 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7 2008-04-13 00:33 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Ahead 2008-04-12 20:12 --------- d-----w C:\Arquivos de programas\Winamp 2008-04-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon 2008-04-05 14:29 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon 2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft 2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft 2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7 2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft 2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo- 2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí! 2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire 2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire 2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts 2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES 2008-03-04 22:39 --------- d-----w C:\Arquivos de programas\GenoPro 2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon 2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS 2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS 2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys 2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll . ------- Sigcheck ------- 2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2008-03-19 19:36 1267040 --a------ C:\Arquivos de programas\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-03-19 19:36 1267040] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992] "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072] "avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896] "blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360] "AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-04 08:53:35 1678536] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk] path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] --a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch] C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa] ---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa] ---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG] C:\Arquivos de programas\iGv6\Discador iG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon] C:\Arquivos de programas\Discador iBest\baloon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell] C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador] C:\Arquivos de programas\POPDiscador\POPDiscador.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator] --a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect] C:\ARQUIV~1\TURBOC~1\TurboConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\DreMule\\emule.exe"= "C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "20173:TCP"= 20173:TCP:BitComet 20173 TCP "20173:UDP"= 20173:UDP:BitComet 20173 UDP R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11] R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50] R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 12:15:32 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe . ************************************************************************** . Tempo para conclusÆo: 2008-04-13 12:17:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-13 15:17:46 Pre-Run: 10,720,833,536 bytes disponíveis Post-Run: 10,711,437,312 bytes dispon¡veis HJT Logfile of HijackThis v1.99.1 Scan saved at 12:22:09, on 13/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [blokfsa] bfsa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing) O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 14, 2008 Bom Dia! EvelinSF >@< Abra o HijackThis,e dê Fix nesta entrada: O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file) ---------------------------------- >@< Clique em Iniciar >> Executar >> Digite: Combofix.exe /u >> Clique Ok. >@< Na solicitação,escolha o dois. ( 2 ) ---------------------------------- Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > ---------------------------------- >@< Faça o download do CCleaner. >@< Baixe-o para o Desktop! >@< Abra o programa e clique em Analisar >> Executar Limpeza. >@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados. ---------------------------------- >@< No mais,tudo Ok. :thumbsup: >@< Log Limpo! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EvelinSF 0 Denunciar post Postado Abril 24, 2008 Muito obrigada! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 25, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites
