[Resolvido] Your computer is Infected" Problema chato!

[ThiagoKon 0]

Bem eu estou recorrendo ajuda aqui...não sou muito de pegar virus , bem mas peguei,e espero que me ajudem

Eu andei pesquisando e vi muita gente no mesmo barco que eu , mas fiquei sabendo que as atitudes tomadas devem ser diferentes tomei respeito do HijackThis...Até então ele não abria, não executava , mas pesquisando mais um pouco eu descobri que um tal de ComboFix resolvia o problema Resolvi me arriscar, agora o HijackThis abre, mas tenho que resolver o problema da janelinha no tray que fica dizendo: "Your computer is Infected" "Windows has detected spyware infection!"

 

Sou novo nisso espero que ajudem

Desde já agradeço.Obrigado. Aqui vai meu Log

 

Logfile of HijackThis v1.99.1

Scan saved at 21:36:35, on 29/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\snss.exe

C:\Arquivos de programas\Blok Free\Agente.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\BLOKFR~1\Agente.exe

C:\WINDOWS\system32\bfsa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hjsadf.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O3 - Toolbar: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206754223765

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Silas Martins 0]

Sigas as Instruções:

 

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[ThiagoKon 0]

Eu fiz isso ai o resultado foi isso aqui....

 

MSNFix 1.719

 

C:\Documents and Settings\Thiago\Desktop\MSNFix

Fix lançado dia --- 30/05/2008 - 10:30:14,75 By Thiago

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\sys????.exe

... C:\??????.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\sys????.exe

/!\ ... C:\??????.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

************************ Apagando os arquivos

 

.. OK ... C:\??????.exe

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\KillBox.exe] 32CABB7112E22422075279BAE1BF729B

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\Thiago\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo --- 30052008_10353257.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

Aqui vai o do HijackThis.....

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:46:31, on 30/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\system32\snss.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\ApvxdWin.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\BLOKFR~1\Agente.exe

C:\WINDOWS\system32\bfsa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Blok Free\Agente.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hjsddgj\Hijadfbs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O3 - Toolbar: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206754223765

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

 

 

Obrigado Aguardo Resposta.

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

 

 

Aguardo Retorno

[ThiagoKon 0]

Aqui Está o relatório do ComboFix.exe

 

ComboFix 08-05-29.1 - Thiago 2008-05-30 20:16:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.629 [GMT -3:00]

Executando de: C:\Documents and Settings\Thiago\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))))

.

 

2008-05-30 19:05 . 2008-05-30 19:05 <DIR> d-------- C:\WINDOWS\LastGood

2008-05-30 19:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-30 19:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-30 19:05 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-30 10:45 . 2008-05-30 10:46 <DIR> d-------- C:\Hjsddgj

2008-05-30 09:52 . 2008-05-30 09:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software

2008-05-30 09:52 . 2008-05-29 23:28 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-05-30 09:52 . 2008-05-29 23:28 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-05-29 23:28 . 2008-05-29 23:28 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-05-29 23:23 . 2008-05-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\sentinel

2008-05-29 23:22 . 2008-05-29 23:27 <DIR> d-------- C:\WINDOWS\system32\PAV

2008-05-29 23:22 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2008-05-29 23:22 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-05-29 23:22 . 2008-05-29 23:22 264 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-05-29 23:21 . 2008-05-29 23:21 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-05-29 23:21 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-05-29 20:01 . 2008-05-29 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-05-29 20:01 . 2008-05-29 20:01 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\Thiago\Configuraþ§es locais

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\Convidado\Configuraþ§es locais

2008-05-29 19:41 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-05-29 19:27 . 2008-05-29 19:27 1,948,397 --a------ C:\Coasx_exe.vir

2008-05-29 12:47 . 2007-08-02 10:49 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-29 12:47 . 2007-08-02 10:49 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-29 12:47 . 2007-08-02 10:49 38,728 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-29 12:47 . 2007-08-02 10:49 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-29 12:46 . 2008-05-29 12:46 <DIR> d-------- C:\Documents and Settings\Thiago\Dados de aplicativos\PC Tools

2008-05-28 23:35 . 2008-05-28 23:35 <DIR> d-------- C:\!KillBox

2008-05-28 23:16 . 2008-05-28 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-05-28 23:12 . 2008-05-28 23:12 92,672 --a------ C:\KillBox.exe

2008-05-28 22:51 . 2008-05-28 22:51 19,901 --a------ C:\WINDOWS\girijo.dat

2008-05-28 22:51 . 2008-05-28 22:51 18,064 --a------ C:\WINDOWS\system32\hytiwid.dl

2008-05-28 22:51 . 2008-05-28 22:51 16,491 --a------ C:\WINDOWS\system32\uxyfewubiq.reg

2008-05-28 22:51 . 2008-05-28 22:51 16,205 --a------ C:\Documents and Settings\Thiago\Dados de aplicativos\donazuher.bin

2008-05-28 22:51 . 2008-05-28 22:51 15,813 --a------ C:\WINDOWS\ojof._dl

2008-05-28 22:51 . 2008-05-28 22:51 15,206 --a------ C:\WINDOWS\joloq.vbs

2008-05-28 22:51 . 2008-05-28 22:51 13,897 --a------ C:\WINDOWS\system32\utipo.db

2008-05-28 22:51 . 2008-05-28 22:51 13,651 --a------ C:\Arquivos de programas\Arquivos comuns\ohicilam.sys

2008-05-28 22:51 . 2008-05-28 22:51 13,403 --a------ C:\Arquivos de programas\Arquivos comuns\yjuwixut.exe

2008-05-28 22:51 . 2008-05-28 22:51 12,796 --a------ C:\WINDOWS\ocypa.ban

2008-05-28 22:51 . 2008-05-28 22:51 11,678 --a------ C:\Arquivos de programas\Arquivos comuns\sexunaco.exe

2008-05-28 22:51 . 2008-05-28 22:51 11,640 --a------ C:\Arquivos de programas\Arquivos comuns\igoc.vbs

2008-05-28 22:51 . 2008-05-28 22:51 11,520 --a------ C:\WINDOWS\ycebijo.dl

2008-05-28 22:51 . 2008-05-28 22:51 11,244 --a------ C:\WINDOWS\system32\wetatil.dat

2008-05-28 21:48 . 2008-05-28 21:48 70,144 --a------ C:\syscqvi.MSNFix

2008-05-18 22:18 . 2008-05-18 22:21 <DIR> d-------- C:\Documents and Settings\Thiago\Dados de aplicativos\BSplayer PRO

2008-05-18 22:18 . 2008-05-18 22:18 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-05-08 12:43 . 2008-05-08 12:43 <DIR> d-------- C:\Documents and Settings\Thiago\Dados de aplicativos\Ti Software

2008-05-08 12:43 . 2008-05-08 12:43 <DIR> d-------- C:\Arquivos de programas\Ti Software

2008-04-30 18:41 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-04-30 18:41 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-04-30 18:41 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2008-04-30 18:41 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2008-04-30 18:41 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-04-30 18:41 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-04-30 18:32 . 2008-04-30 18:32 <DIR> d-------- C:\Arquivos de programas\THQ

2008-04-26 22:32 . 2008-05-14 11:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-26 22:32 . 2008-04-26 22:32 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-23 00:01 . 2008-04-23 00:01 84 --a------ C:\WINDOWS\winamp.ini

2008-04-20 16:59 . 2008-04-20 16:59 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp

2008-04-17 10:37 . 2008-02-23 19:38 <DIR> d--h----- C:\Documents and Settings\Convidado\Modelos

2008-04-17 10:37 . 2008-04-17 11:14 <DIR> dr------- C:\Documents and Settings\Convidado\Meus documentos

2008-04-17 10:37 . 2008-02-23 16:02 <DIR> dr------- C:\Documents and Settings\Convidado\Menu Iniciar

2008-04-17 10:37 . 2008-04-17 10:38 <DIR> dr------- C:\Documents and Settings\Convidado\Favoritos

2008-04-17 10:37 . 2008-04-17 10:42 <DIR> dr-h----- C:\Documents and Settings\Convidado\Dados de aplicativos

2008-04-17 10:37 . 2008-05-30 20:18 <DIR> d--h----- C:\Documents and Settings\Convidado\Configurações locais

2008-04-17 10:37 . 2008-02-23 16:02 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de rede

2008-04-17 10:37 . 2008-02-23 16:02 <DIR> d--h----- C:\Documents and Settings\Convidado\Ambiente de impressão

2008-04-17 10:37 . 2008-05-29 19:41 <DIR> d-------- C:\Documents and Settings\Convidado

2008-04-10 19:15 . 2008-04-10 19:15 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-30 22:04 --------- d-----w C:\Documents and Settings\Thiago\Dados de aplicativos\DMCache

2008-05-30 12:59 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2008

2008-05-30 02:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-30 00:43 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-05-29 23:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-29 01:51 13,164 ----a-w C:\Arquivos de programas\Arquivos comuns\ekewa.dl

2008-05-26 23:04 --------- d-----w C:\Documents and Settings\Thiago\Dados de aplicativos\uTorrent

2008-05-21 03:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-05-17 19:52 --------- d-----w C:\Documents and Settings\Thiago\Dados de aplicativos\LimeWire

2008-05-12 21:35 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-05-11 21:16 --------- d-----w C:\Arquivos de programas\MegaCubo

2008-04-29 21:52 2,324,480 ----a-w C:\WINDOWS\system32\TUKernel.exe

2008-04-20 19:59 --------- d-----w C:\Arquivos de programas\AlienGUIse

2008-04-14 22:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-04-02 13:35 --------- d-----w C:\Arquivos de programas\Java

2008-03-29 01:46 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-29 01:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-29 01:46 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-28 15:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-28 15:02 --------- d--h--r C:\Documents and Settings\Thiago\Dados de aplicativos\SecuROM

2008-03-28 13:23 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-03-28 13:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Elaborate Bytes

2008-03-28 03:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-02-26 12:54 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe

2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-29_19.40.43.89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-29 22:36:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-30 22:03:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-29 23:01:13 1,038,336 ----a-r C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC.exe

+ 2008-05-29 23:01:13 178,688 ----a-r C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC1.exe

+ 2007-06-04 18:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

+ 2007-06-04 18:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

+ 2007-06-04 18:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

+ 2007-04-13 18:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

- 2008-02-24 16:39:32 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-30 12:56:26 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-02-24 16:39:32 48,846 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-05-30 12:56:26 48,846 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-02-24 16:39:32 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-30 12:56:26 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-02-24 16:39:32 344,734 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-05-30 12:56:26 344,734 ----a-w C:\WINDOWS\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{505C6B18-81AF-40C3-B24C-008461749131}"= "C:\Arquivos de programas\hiphoptotal\tbhiph.dll" [2008-02-28 14:59 1470488]

 

[HKEY_CLASSES_ROOT\clsid\{505c6b18-81af-40c3-b24c-008461749131}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{505C6B18-81AF-40C3-B24C-008461749131}"= C:\Arquivos de programas\hiphoptotal\tbhiph.dll [2008-02-28 14:59 1470488]

 

[HKEY_CLASSES_ROOT\clsid\{505c6b18-81af-40c3-b24c-008461749131}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"IDMan"="C:\Arquivos de programas\Internet Download Manager\IDMan.exe" [2008-02-23 22:14 2594224]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 09:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-05-05 22:34 3805184]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-05-05 22:34 81920]

"blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2006-10-30 12:17 659968]

"blokfsa"="bfsa.exe" [2006-10-30 09:59 390144 C:\WINDOWS\system32\bfsa.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"nwiz"="nwiz.exe" [2004-05-05 22:34 831488 C:\WINDOWS\system32\nwiz.exe]

"APVXDWIN"="C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\Thiago\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

 

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-05-29 23:28]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-05-29 23:28]

R2 snss;snss;C:\WINDOWS\system32\snss.exe [2006-10-30 09:52]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 09:54]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df869ccf-ed31-11dc-a226-00115bf23224}]

\Shell\Auto\command - G:\MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-17 02:31:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2008\OneClick.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-30 20:18:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-30 20:19:53

ComboFix-quarantined-files.txt 2008-05-30 23:19:23

 

Pre-Run: 4,015,321,088 bytes disponíveis

Post-Run: 4,107,681,792 bytes disponíveis

 

206

 

 

E aqui novamente o do HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:21:07, on 30/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\system32\snss.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\BLOKFR~1\Agente.exe

C:\WINDOWS\system32\bfsa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Blok Free\Agente.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Hjsddgj\Hijadfbs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O3 - Toolbar: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206754223765

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

 

Aguardo retorno.Obrigado.

[Silas Martins 0]

Siga as instruções abaixo:

 

Em primeiro lugar desinstale o software Blokfree

Vá em Iniciar\Executar e digite services.msc,

 

Ache esse Servico " snss", dê um duplo clique e escolha Desativado. Clique

também em Parar e altere o tipo de inicialização para desativado.

 

Reinicie o PC em entre em Modo Seguro (pressione F8 intermitentemente durante a Inicialização e escolha Modo Seguro na tela de seleção);

 

Em "Modo Seguro", abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

 

Abra o HijackThis e clique no botão Open the Misc Tools section e depois

em Delete an NT service.

 

Coloque isto: snss

 

Aguardo Retorno

[ThiagoKon 0]

Olá o programa BlokFree nunca foi um programa que me deu trabalho ou algo parecido

mas eu já tratei de desinstalar...porém após remover o mesmo não consegui achar as entradas no HijackThis :

C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

 

Devido a isto não pude prosseguir na operação.

 

Aqui vai mais um Log meu no HijackThis (Caso precise)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:14:58, on 31/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hjsddgj\Hijadfbs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O3 - Toolbar: hiphoptotal Toolbar - {505c6b18-81af-40c3-b24c-008461749131} - C:\Arquivos de programas\hiphoptotal\tbhiph.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206754223765

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus 2008\PsImSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

Obrigado Aguardo Resposta

[Silas Martins 0]

Log Limpo

O problema persiste?

[ThiagoKon 0]

Cara felizmente ao reiniciar o Pc aqui a bolinha vermelha com o X branco ao lado do relógio com a certa mensagem saiu sim.

Mas fico pensando eu se o vírus se foi 100%...

Resumindo problema sumiu, mas não sei se sumiu 100%... :D

 

 

Em todo o caso obrigado.

[Silas Martins 0]

Caso Resolvido

 

Caso o autor do tópico deseje a continuidade deste tópico no futuro é só contactar um dos moderadores.

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.