[Resolvido!]Meu pc não acessa determinado servidor, ..

[JackDenio 0]

Ta rolando algo muito estranho ...eu até ja postei sobre isso em outro lado aqui no fórum, pq achei que o problema podia ser outro, mais ai eu passi o spybot no meu pc e o problema sumiu, so que hoje voltou o problema, passei o spybot de novo e achou o mesmo problema, acho que é alguma mudança de DNS, to postando meu log aqui se alguém puder me ajudar eu agradeço ...

 

Logfile of HijackThis v1.99.1

Scan saved at 14:13:55, on 19/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\wamp\apache2\bin\httpd.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Bom Dia! RomanMG

 

...acho que é alguma mudança de DNS, to postando meu log aqui se alguém puder me ajudar eu agradeço ..

<!> Esse problema,ainda,não foi resolvido? :mellow:

------------------------------

<@> Pelo log,temos apenas um worm de "pendrive",que não causa mudança de DNS.Aonde,esse modus operandi,pertence ao Trojan DNS Changer.

------------------------------

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

------------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[JackDenio 0]

<!> Esse problema,ainda,não foi resolvido?

 

Diz ai Dig, isso nunca foi resolvido, meu spybot detecta isso sempre, o engraçado é que nunca deu problema como agora, eu deleto esse lance a cada vez que rodo o spybot e o problema desaparece ...

 

Combofix :

 

ComboFix 08-07-19.1 - Dênio 2008-07-20 13:43:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.417 [GMT -3:00]

Executando de: C:\Documents and Settings\Dênio\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Dênio\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))))

.

 

2008-07-19 03:32 . 2008-07-19 03:32 <DIR> d-------- C:\Arquivos de programas\Desliga A¡!

2008-07-18 12:07 . 2008-07-18 12:07 <DIR> d-------- C:\publica

2008-07-16 15:37 . 2008-07-16 15:37 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-07-16 15:37 . 2008-06-30 11:47 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-07-12 10:12 . 2008-07-12 10:12 <DIR> d-------- C:\Arquivos de programas\Sytexis Software

2008-07-05 07:26 . 2008-07-05 07:26 2,494,464 --a------ C:\WINDOWS\system32\ffdshow.ax

2008-07-05 07:14 . 2008-07-05 07:14 3,591,168 --a------ C:\WINDOWS\system32\libavcodec.dll

2008-07-05 07:14 . 2008-07-05 07:14 456,192 --a------ C:\WINDOWS\system32\libmplayer.dll

2008-07-05 07:13 . 2008-07-05 07:13 708,096 --a------ C:\WINDOWS\system32\ff_x264.dll

2008-07-02 21:46 . 2008-07-02 21:47 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-06-22 13:34 . 2008-06-22 13:34 177,664 --a------ C:\WINDOWS\system32\ff_theora.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-19 06:32 --------- d-----w C:\Arquivos de programas\Desliga Aí!

2008-07-18 23:36 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-18 00:10 130,258 ----a-w C:\Arquivos de programas\megacubo_log.log

2008-07-16 18:26 --------- d-----w C:\Arquivos de programas\Soulseek

2008-07-14 16:06 --------- d-----w C:\Arquivos de programas\Google

2008-07-12 14:34 --------- d-----w C:\Arquivos de programas\Java

2008-07-06 23:58 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-06 23:58 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-06-20 16:08 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-06-16 16:53 --------- d-----w C:\Arquivos de programas\NitroPC(2)

2008-06-05 03:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-04 22:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-06-04 22:34 --------- d-----w C:\Arquivos de programas\AVG

2008-05-30 18:37 --------- d-----w C:\Arquivos de programas\Vimicro

2008-05-28 18:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-09 19:22 190024]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35 202024]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 01:10 851968]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 03:10 1392640]

"Dell QuickSet"="C:\Arquivos de programas\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]

"PDVDDXSrv"="C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 07:03 17920]

"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 17:53 53248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 09:36 2044712]

"InCD"="C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe" [2007-09-20 09:35 1077032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-06 20:58 1232152]

"SigmatelSysTrayApp"="stsystra.exe" [2007-04-23 21:01 303104 C:\WINDOWS\stsystra.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\SopCast\\sopvod.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Soulseek\\slsk.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\megasrv.exe"=

 

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2007-05-23 14:07]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 20:58]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-06 20:58]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 20:58]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 20:58]

R2 wampapache;wampapache;c:\wamp\apache2\bin\httpd.exe [2007-01-10 00:17]

R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 13:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b263f16-1917-11dd-8d60-001c239adbbc}]

\Shell\AutoRun\command - E:\fi.cmd

\Shell\explore\Command - E:\fi.cmd

\Shell\open\Command - E:\fi.cmd

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-NitroPC - C:\Arquivos de programas\NitroPC\NitroPC.exe

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

HKLM-Run-NBKeyScan - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-Discador iG - C:\Arquivos de programas\iGv6\Discador iG.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-20 13:53:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\WLTRYSVC.EXE

C:\WINDOWS\system32\BCMWLTRY.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-20 14:01:57 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-20 17:01:46

 

Pre-Run: 17 pasta(s) 22,658,289,664 bytes disponíveis

Post-Run: 21 pasta(s) 22,999,732,224 bytes dispon¡veis

 

150 --- E O F --- 2008-06-03 23:23:37

[JackDenio 0]

E agora o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:09:55, on 20/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\wamp\apache2\bin\httpd.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

 

Obs: Coloquei separado pq não cabe tudo em uma resposta !!

[DigRam 144]

Boa Tarde! RomanMg

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<@> Reinicie o computador!

-----------------------------------

<!> Antes de promover,qualquer ação de desinfecção,instale o Console de Recuperação!

-----------------------------------

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

-----------------------------------

<!> Vá ao site da Microsoft: < Link >

 

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

 

 

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

 

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

 

 

<!> Terminando,poste o relatório: C:\ComboFix.txt

 

Abraços!

[JackDenio 0]

Por incrível que pareça o link pra download na página da microsoft está quebrado ...

[DigRam 144]

Por incrível que pareça o link pra download na página da microsoft está quebrado ...

--------------------

Opa! RomanMG

 

<!> Teremos que aguardar o restabelecimento do link.

<!> Enquanto isso,baixe e execute o FixWareout.

--------------------

>@< Faça o download do FixWareout.exe.

>@< Salve-o no Desktop!

>@< Com todos os programas fechados,dê um duplo clique em FixWareout.exe

>@< Clique no botão Next >> Clique,depois,em Install.

>@< Verifique se a caixa Run fixit está marcada!A seguir,clique em Finish.

>@< Siga as instruções da tela e,quando perguntar se quer reiniciar ( Restart ).Clique em Sim!

>@< Vai demorar para reiniciar.Aguarde!

>@< Verifique se foi gerado no Disco Local-C,o Log ( report.txt ).

>@< Durante os procedimentos,poderá ser pedido uma conecção à um servidor remoto.Aceite a solicitação!

>@< Faça e poste:HJT,atualizado + Report.txt,na sua resposta.

 

Abraços!

[JackDenio 0]

Report by Fixwareout:

 

 

Username "Dˆnio" - 22/07/2008 10:51:55 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}

"nameserver"="85.255.116.68" <Value cleared.

 

Liberação do cache do DNS Resolver bem-sucedida.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"SynTPEnh"="C:\\Arquivos de programas\\Synaptics\\SynTP\\SynTPEnh.exe"

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\jusched.exe\""

"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"

"Dell QuickSet"="C:\\Arquivos de programas\\Dell\\QuickSet\\quickset.exe"

"SigmatelSysTrayApp"="stsystra.exe"

"PDVDDXSrv"="\"C:\\Arquivos de programas\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\""

"ECenter"="C:\\Dell\\E-Center\\EULALauncher.exe"

"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Vimicro USB PC Camera (VC0305)"

"NeroFilterCheck"="C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NeroCheck.exe"

"SecurDisc"="C:\\Arquivos de programas\\Nero\\Nero8\\InCD\\NBHGui.exe"

"InCD"="C:\\Arquivos de programas\\Nero\\Nero8\\InCD\\InCD.exe"

"Adobe Reader Speed Launcher"="\"C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"avgnt"="\"C:\\Arquivos de programas\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"StartCCC"="C:\\Arquivos de programas\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

"MessengerPlus3"="\"C:\\Arquivos de programas\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

"MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

"msnmsgr"="\"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe\" /background"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMBgMonitor.exe\""

"WMPNSCFG"="C:\\Arquivos de programas\\Windows Media Player\\WMPNSCFG.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

[JackDenio 0]

Agora o HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:02:32, on 22/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\wamp\apache2\bin\httpd.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\Notepad.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Boa Tarde! RomanMG

 

Segure a tecla shift,e em seguida,insira sua(s) unidade(s) removíveis,na entrada USB.

Atente,para o dispositivo conectado na unidade E:\.

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

E:\fi.cmd

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b263f16-1917-11dd-8d60-001c239adbbc}]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}]

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

<@> Terminando,poste o relatório: C:\ComboFix.txt

----------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes. ( TeaTimer do Spybot! )

<@> Para uma ação mais efetiva,execute-o estando em Modo de Segurança. << Importante!

<@> Terminando,reinicie em Modo Normal!

-----------------------

<@> Poste,os relatórios:

 

<!> MBAM.txt + HijackThis,atualizado.

 

Abraços!

[JackDenio 0]

Comfix:

 

ComboFix 08-07-19.1 - Dênio 2008-07-22 14:51:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.384 [GMT -3:00]

Executando de: C:\Documents and Settings\Dênio\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Dênio\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

E:\fi.cmd

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))

.

 

2008-07-21 16:16 . 2008-07-21 16:16 737,628 --a------ C:\WINDOWS\xobglu32.dll

2008-07-21 16:16 . 2008-07-21 16:16 63,488 --a------ C:\WINDOWS\xobglu16.dll

2008-07-20 15:29 . 2008-07-20 15:29 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\DÛnio

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-07-19 03:32 . 2008-07-19 03:32 <DIR> d-------- C:\Arquivos de programas\Desliga Aí!

2008-07-18 12:07 . 2008-07-18 12:07 <DIR> d-------- C:\publica

2008-07-16 15:37 . 2008-07-16 15:37 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-07-16 15:37 . 2008-06-30 11:47 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-07-12 10:12 . 2008-07-12 10:12 <DIR> d-------- C:\Documents and Settings\Dênio\Dados de aplicativos\Sytexis Software

2008-07-12 10:12 . 2008-07-12 10:12 <DIR> d-------- C:\Arquivos de programas\Sytexis Software

2008-07-05 07:26 . 2008-07-05 07:26 2,494,464 --a------ C:\WINDOWS\system32\ffdshow.ax

2008-07-05 07:14 . 2008-07-05 07:14 3,591,168 --a------ C:\WINDOWS\system32\libavcodec.dll

2008-07-05 07:14 . 2008-07-05 07:14 456,192 --a------ C:\WINDOWS\system32\libmplayer.dll

2008-07-05 07:13 . 2008-07-05 07:13 708,096 --a------ C:\WINDOWS\system32\ff_x264.dll

2008-07-02 21:46 . 2008-07-02 21:47 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-06-22 13:34 . 2008-06-22 13:34 177,664 --a------ C:\WINDOWS\system32\ff_theora.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-22 17:49 --------- d-----w C:\Documents and Settings\Dênio\Dados de aplicativos\MegauploadToolbar

2008-07-22 14:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-20 18:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-20 17:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-18 23:36 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-18 00:10 130,258 ----a-w C:\Arquivos de programas\megacubo_log.log

2008-07-16 18:26 --------- d-----w C:\Arquivos de programas\Soulseek

2008-07-14 16:06 --------- d-----w C:\Arquivos de programas\Google

2008-07-12 14:34 --------- d-----w C:\Arquivos de programas\Java

2008-06-20 16:08 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-06-16 16:53 --------- d-----w C:\Arquivos de programas\NitroPC(2)

2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll

2008-06-04 22:34 --------- d-----w C:\Arquivos de programas\AVG

2008-05-30 18:37 --------- d-----w C:\Arquivos de programas\Vimicro

2008-05-28 18:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-02-19 19:48 320 ----a-w C:\Documents and Settings\Dênio\Dados de aplicativos\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-20_14.01.28.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 21:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

- 2007-03-01 12:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

+ 2007-03-01 13:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-09 19:22 190024]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35 202024]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 01:10 851968]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 03:10 1392640]

"Dell QuickSet"="C:\Arquivos de programas\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]

"PDVDDXSrv"="C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 07:03 17920]

"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 17:53 53248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 09:36 2044712]

"InCD"="C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe" [2007-09-20 09:35 1077032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"SigmatelSysTrayApp"="stsystra.exe" [2007-04-23 21:01 303104 C:\WINDOWS\stsystra.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\SopCast\\sopvod.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Soulseek\\slsk.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\megasrv.exe"=

 

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2007-05-23 14:07]

R2 wampapache;wampapache;c:\wamp\apache2\bin\httpd.exe [2007-01-10 00:17]

R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 13:14]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-22 14:57:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-22 14:59:28

ComboFix-quarantined-files.txt 2008-07-22 17:58:42

ComboFix2.txt 2008-07-20 17:01:58

 

Pre-Run: 17 pasta(s) 22,754,447,360 bytes disponíveis

Post-Run: 20 pasta(s) 22,954,909,696 bytes disponíveis

 

131 --- E O F --- 2008-06-03 23:23:37

 

 

 

Malwarebytes' Anti-Malware:

 

 

Malwarebytes' Anti-Malware 1.22

Versão do banco de dados: 979

Windows 5.1.2600 Service Pack 2

 

01:08:32 23/7/2008

mbam-log-7-23-2008 (01-08-27).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 128014

Tempo decorrido: 4 hour(s), 48 minute(s), 42 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> No action taken.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[JackDenio 0]

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:18:37, on 23/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\wamp\apache2\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

E quanto ao console de recuperação, eu enviei um e-mail pra microsoft falando do link quebrado e me indicaram essa página ..

[DigRam 144]

Boa Tarde! RomanMG

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> No action taken.

<!> Nenhuma ação foi adotada,ou seja,não houve desinfecção!

<!> Execute,novamente,o Malwarebytes! Faça-o em Modo Normal,e escolha a verificação rápida.

<!> Não esqueça de desabilitar o Spybot. ( TeaTimer! )

<!> Se notar que houve discrepância,no número de arquivos detectados,utilize a verificação completa.

<!> Portanto,não esqueça de enviar os ítens detectados,para a quarentena!

-----------------------

E quanto ao console de recuperação, eu enviei um e-mail pra microsoft falando do link quebrado e me indicaram essa página ..

<!> < http://support.microsoft.com/kb/307654/pt-br#3 >

 

<!> Aqui,meu amigo,a instalação do CR é atravéz de CD-ROM,do Windows XP.

-----------------------

<!> Poste: mbam....txt + HijackThis,atualizado.

 

Abraços!

[JackDenio 0]

mbam:

 

Malwarebytes' Anti-Malware 1.22

Versão do banco de dados: 979

Windows 5.1.2600 Service Pack 2

 

17:27:05 23/7/2008

mbam-log-7-23-2008 (17-27-05).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 12662

Tempo decorrido: 1 minute(s), 6 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{afa72d52-9db8-41e5-a40e-077ca7f760cd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68 85.255.112.141 -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:34:35, on 23/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\wamp\apache2\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Boa Noite! RomanMG

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

<@> Marque a entrada,àcima,e clique em Fix checked.

--------------------

<!> Voçê diz que não pode acessar,determinado servidor. Qual servidor?

--------------------

<@> Poste: HJT,atualizado.

 

Abraços!

[JackDenio 0]

Logfile of HijackThis v1.99.1

Scan saved at 20:14:52, on 23/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\wamp\apache2\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FC1E714-875E-43A5-B0F4-6D3495AFAE44}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{E50DF39F-0628-481E-A2F6-A43E330BF1A1}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Boa Noite! RomanMG

 

<@> BAIXE: < Kaspersky Virus Removal Tool >

----------------------

<@> Faça o download da atualização mais recente! << Observe as datas!

<@> Salve-o em Arquivos de Programas!

<@> Reinicie o computador,em Modo de Segurança! << Importante!

<@> Execute a ferramenta,com um duplo-clique,em seu executável.

<@> Abrir-se-á a seguinte janela:

 

 

<@> Na opção: Manual Cure,marque todas as caixas e clique em Scan.

<@> Terminando o scan,copie e poste o relatório.

 

Abraços!

[JackDenio 0]

Coloquei um resumo pq o report é muito grande ..

 

Scan

----

Scanned: 909376

Detected: 0

Untreated: 0

Start time: 24/7/2008 10:58:12

Duration: 18:51:13

Finish time: 25/7/2008 05:49:25

[DigRam 144]

Coloquei um resumo pq o report é muito grande ..

 

Scan

----

Scanned: 909376

Detected: 0

Untreated: 0

Start time: 24/7/2008 10:58:12

Duration: 18:51:13

Finish time: 25/7/2008 05:49:25

-----------------------

Opa! RomanMG

Boa Tarde!

 

<!> Pelo log,resumido,do Kaspersky Virus Removal Tool está tudo Ok!

-----------------------

<@> Veja se voçê consegue chegar ao servidor,com este procedimento de ajuste:

 

<@> Coloque: < http://www.hostrevenda.com >,como Site Preferencial.

 

<@> Abra o Internet Explorer.

<@> Clique em Ferramentas >> Opções da Internet>> Clique na guia Segurança.

<@> Clique em Sites Confiáveis >> Sites, no campo Adicionar este site à zona,coloque:

 

http://www.hostrevenda.com

<@> Clique em Adicionar.

<@> Desmarque a opção: Exigir Verificação do Servidor.( https ) <-- Importante!

<@> Verifique,se já consegue o acesso ao servidor!

 

Abraços!

[JackDenio 0]

Diz aê Dig ..

 

Velho fiz aqui mais ainda continua na mesma ... ta rolando o seguinte eu passo o spybot ele detecta essa mudança de DNS pelo trojan ... eu deleto ai eu acesso o tranquilo ...mais toda vez que eu ligo o pc tenho que fazer o mesmo processo ... a ideia de formartação ou de reinstalar o sistema ja quase me convencendo ... ou você acha que ainda pode ter algum software que tire isso ...

 

Obrigado!!