[Resolvido!] Analisem meu log !

[Kronnus 0]

Olá, pessoal o problema e o seguinte toda hora o internet iexplorer fica abrido sozinho na pagina system defender ja passei um bucade de spywares o avast o avira mais na adianta.Deem uma olhada no meu logo pra ver qual e o problema fico muito grato !!!!!!!!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 10:14:06, on 22/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.344\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [sblkf] sblkf.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: evgratsm - {C5560AED-ACD7-4437-99E8-3B7428EF1E1E} - C:\WINDOWS\evgratsm.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

 

:unsure: :unsure: :unsure: :unsure: :unsure:

[Silas Martins 0]

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[Kronnus 0]

Silas eu pasei o MSN fix ele deu Infection Presente, de 3 ai ele pedeiu para reiniciar para completar a limpeza e ñ gerou nenhum log.Depois que de reiniciar pessei de novo ele ñ achou mais nada e gerou esse log:

 

MSNFix 1.734

 

C:\Documents and Settings\Jogos\Desktop\MSNFix

Fix lançado dia qua 23/07/2008 - 10:40:24,71 By Jogos

modo normal

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

E esse e o do Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:44:17, on 23/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.156\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [sblkf] sblkf.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\Jogos\Desktop\MSNFix\MSNFix.bat /pass2

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: evgratsm - {C5560AED-ACD7-4437-99E8-3B7428EF1E1E} - C:\WINDOWS\evgratsm.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[hgb7 3]

O tópico sobre o ComboFix deveria ficar sempre nos recomendados... economizaria dedos ^^

[Kronnus 0]

aqui esta nos novos logs:

 

ComboFix 08-07-22.4 - Jogos 2008-07-23 14:22:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.604 [GMT -3:00]

Executando de: C:\Documents and Settings\Jogos\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\GbPluggin\svchost

C:\Documents and Settings\Jogos\Dados de aplicativos\inst.exe

C:\WINDOWS\etvb.exe

C:\WINDOWS\evgratsm.dll

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\default.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\FP_AX_CAB_INSTALLER.exe

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\muweb.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\UploaderX.dll

C:\WINDOWS\system32\phcrclj0elf3.bmp

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))

.

 

2009-03-22 21:15 . 2009-03-22 21:15 258,352 --------- C:\WINDOWS\system32\unicows.dll

2008-07-22 10:00 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-22 09:54 . 2008-07-22 09:54 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-07-21 11:30 . 2008-07-21 11:39 <DIR> d-------- C:\LinhaDefensiva

2008-07-19 10:08 . 2008-07-19 10:08 <DIR> d-------- C:\!KillBox

2008-07-18 10:58 . 2008-07-22 11:35 <DIR> d-------- C:\Documents and Settings\Jogos\Dados de aplicativos\Spyware Terminator

2008-07-18 10:58 . 2008-07-22 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-07-18 10:58 . 2008-07-21 10:07 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-07-18 10:58 . 2008-07-18 10:58 <DIR> d-------- C:\Arquivos de programas\Crawler

2008-07-18 10:58 . 2008-07-18 10:58 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-07-17 11:33 . 2008-07-19 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-17 11:33 . 2008-07-17 11:33 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-07-17 10:13 . 2008-07-17 10:13 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-16 12:13 . 2008-07-16 12:13 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-07-16 12:09 . 2008-07-16 12:09 <DIR> d-------- C:\Arquivos de programas\Sygate

2008-07-16 12:09 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-07-16 12:09 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2008-07-16 12:09 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2008-07-16 11:53 . 2008-07-16 11:53 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-07-15 11:11 . 2008-07-15 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-07-15 11:11 . 2008-07-15 11:11 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-07-09 11:39 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-07-09 11:39 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-07-09 11:39 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-09 11:39 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-09 11:39 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-09 11:39 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-09 11:39 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-07-08 11:21 . 2008-07-08 11:26 23,983 --a------ C:\Nvu.htm

2008-07-08 10:56 . 2008-07-17 14:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-08 10:56 . 2008-07-08 10:56 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-06 20:31 . 2008-07-23 14:13 <DIR> d--h----- C:\Documents and Settings\LocalService\Help

2008-07-06 15:38 . 2008-07-06 15:56 <DIR> d-------- C:\Documents and Settings\Jogos\Help

2008-07-06 15:38 . 2008-07-07 10:02 <DIR> d--h----- C:\Documents and Settings\All Users\Help

2008-07-06 15:38 . 2008-04-13 10:40 527,360 --a------ C:\WINDOWS\system32\abkf.dat

2008-07-06 15:38 . 2008-03-13 09:19 407,552 --a------ C:\WINDOWS\system32\sbkf.dat

2008-07-06 15:37 . 2008-07-06 15:37 <DIR> d--h----- C:\Arquivos de programas\Blok Free 2

2008-07-06 12:03 . 2008-07-06 12:03 6,656 --ahs---- C:\WINDOWS\Thumbs.db

2008-07-05 17:47 . 2008-07-05 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-01 10:43 . 2008-07-01 13:46 <DIR> d-------- C:\Arquivos de programas\CPUFSB

2008-06-29 22:18 . 2038-01-18 21:14 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll

2008-06-29 22:17 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2008-06-29 19:21 . 2003-09-12 10:26 646,784 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys

2008-06-29 19:21 . 2003-10-29 15:07 163,840 --a------ C:\WINDOWS\system32\CnxHwIo.dll

2008-06-29 19:21 . 2002-08-06 14:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll

2008-06-29 19:21 . 2001-10-03 14:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll

2008-06-29 19:21 . 2003-10-29 15:02 108,675 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys

2008-06-29 19:21 . 2003-09-12 10:26 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys

2008-06-29 19:20 . 2008-07-06 12:03 <DIR> d-------- C:\Arquivos de programas\D-Link

2008-06-29 12:33 . 2008-06-29 12:34 48,814 --a------ C:\WINDOWS\BS_DEF.sys

2008-06-28 10:34 . 2006-11-16 15:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2038-01-19 00:14 98,304 ----a-w C:\WINDOWS\system32\msir3jp.dll

2038-01-19 00:14 9,216 ----a-w C:\WINDOWS\system32\kbdnecAT.dll

2038-01-19 00:14 838,144 ----a-w C:\WINDOWS\system32\chtbrkr.dll

2038-01-19 00:14 70,656 ----a-w C:\WINDOWS\system32\korwbrkr.dll

2038-01-19 00:14 7,680 ----a-w C:\WINDOWS\system32\kbdnecNT.dll

2038-01-19 00:14 7,168 ----a-w C:\WINDOWS\system32\kbdnec95.dll

2038-01-19 00:14 6,656 ----a-w C:\WINDOWS\system32\c_is2022.dll

2038-01-19 00:14 6,144 ----a-w C:\WINDOWS\system32\kbd101a.dll

2038-01-19 00:14 1,677,824 ----a-w C:\WINDOWS\system32\chsbrkr.dll

2009-03-23 00:15 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll

2009-03-23 00:15 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-07-23 17:22 --------- d-----w C:\Arquivos de programas\GbPluggin

2008-07-22 14:52 --------- d-----w C:\Arquivos de programas\DreMule

2008-07-22 14:38 --------- d-----w C:\Arquivos de programas\ESET

2008-07-17 14:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-07-17 13:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-16 14:43 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-16 14:33 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-07-15 15:20 --------- d-----w C:\Arquivos de programas\Wise Registry Cleaner 3

2008-07-14 14:57 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-12 13:19 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-11 14:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-07-06 15:03 6,144 --sha-w C:\Arquivos de programas\Thumbs.db

2008-07-06 15:03 --------- d-----w C:\Arquivos de programas\Xvid

2008-07-06 15:03 --------- d-----w C:\Arquivos de programas\QuickTime

2008-07-05 20:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-05 20:32 --------- d-----w C:\Arquivos de programas\Ahead

2008-07-05 20:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-06-28 13:08 --------- d-----w C:\Arquivos de programas\Livid CellDEMO

2008-06-27 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Agnitum Shared

2008-06-26 13:13 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-06-26 13:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-22 01:54 --------- d-----w C:\Arquivos de programas\DsNET Corp

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 14:15 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Auslogics

2008-06-20 14:15 --------- d-----w C:\Arquivos de programas\Auslogics

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 12:48 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-06-16 01:04 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\DNA

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\GTA Underground

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\eMule

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\DVD Photo Slideshow Professional

2008-06-01 19:42 --------- d-----w C:\Arquivos de programas\bmoworld

2008-06-01 03:00 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Bitstream

2008-06-01 02:46 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\BitTorrent

2008-05-31 13:30 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\CFC6F53F6A.sys

2008-05-31 13:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Protexis

2008-05-31 13:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-05-30 13:08 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Corel

2008-05-30 13:02 --------- d-----w C:\Arquivos de programas\Corel

2008-05-28 14:41 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-05-28 13:44 --------- d-----w C:\Arquivos de programas\Agnitum

2008-05-25 17:53 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Ahead

2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 05:11 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-03 01:46 6,108,160 ----a-w C:\WINDOWS\system32\nv4_disp(2).dll

2008-05-01 13:55 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-03 14:24 87,608 ------w C:\Documents and Settings\Jogos\Dados de aplicativos\ezpinst.exe

2008-04-03 14:24 47,360 ------w C:\Documents and Settings\Jogos\Dados de aplicativos\pcouffin.sys

2008-03-30 17:56 25,600 ------w C:\Documents and Settings\Jogos\usbsermptxp.sys

2008-03-30 17:56 22,768 ------w C:\Documents and Settings\Jogos\usbsermpt.sys

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:32 204288]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 03:06 13801]

"TSClientAXDisabler"="C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 08:13 2247]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 09:44 36864]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-13 23:51 352256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 7323648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"avast!"="C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"Agente do Blok Free"="C:\Arquivos de programas\Blok Free 2\agente.exe" [2008-04-13 10:40 527360]

"SmcService"="C:\ARQUIV~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-18 10:58 1809408]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-02-18 20:20 185896]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-05 10:30 98304]

"nwiz"="nwiz.exe" [2006-07-24 23:33 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 03:00 16050176 C:\WINDOWS\RTHDCPL.exe]

"sblkf"="sblkf.exe" [2008-03-13 09:19 407552 C:\WINDOWS\system32\sblkf.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 1 (0x1)

"DisableLocalMachineRunOnce"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

"vidc.yv12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GammaTray.lnk]

backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^NCProTray.lnk]

backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^sound.exe]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^Blaero Start Orb.lnk]

backup=C:\WINDOWS\pss\Blaero Start Orb.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^Thoosje Sidebar.lnk]

backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

backup=C:\WINDOWS\pss\WinFlip.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplorers

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sound

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--------- 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]

--a------ 2008-02-08 04:35 545520 C:\Arquivos de programas\Jetico\BCWipe\BCWipeTM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-04-29 10:45 288576 C:\Arquivos de programas\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]

--a------ 2003-12-01 11:44 507904 C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 19:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-05 10:30 98304 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]

--a------ 2008-04-17 14:51 1870592 C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-02-18 20:20 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-11-02 23:32 204288 C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r---c--- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-07-18 10:58]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

R2 ssblkfn;Diretivas de diagnóstico;C:\WINDOWS\system32\ssblkf.exe [2008-03-13 09:19]

S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]

S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]

S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]

S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-14 01:46]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-06-20 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe

.

- - - - ORFAOS REMOVIDOS - - - -

 

SSODL-evgratsm-{C5560AED-ACD7-4437-99E8-3B7428EF1E1E} - C:\WINDOWS\evgratsm.dll

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R0 -: HKLM-Main,Start Page = about:blank

O8 -: Crawler Search - tbr:iemenu

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 14:24:13

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:29:17, on 23/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.516\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [sblkf] sblkf.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

[hgb7 3]

Você não tem dó da minha barra de rolagem?

[Mário Monteiro 179]

hgb7

 

Evite comentarios desnecessarios na analise

 

Pois estes farão com que os demais usuarios precisem usar um pouco mais a barra de rolagem que voce reclamou de ter usado para ver o log do membro postado corretamente e de forma completa como deve ser

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\WINDOWS\system32\sblkf.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKLM\..\Run: [sblkf] sblkf.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Kronnus 0]

o novo log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:35:13, on 24/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\sblkf.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.859\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sblkf] C:\WINDOWS\System32\sblkf.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

[Silas Martins 0]

Você executou o Hijackthis em modo de segurança? e outra você executou o Killbox?

[Kronnus 0]

Fiz tudo como você falou vou fazer de novo pra ve cê da certo agora

[Kronnus 0]

eu fiz tudo de novo e ficou assim ollha o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:51:16, on 26/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.063\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

[Silas Martins 0]

SDFix:

Baixe o SDFix e e arquive na sua área de trabalho.

 

*Execute o SDFix.exe clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

[Kronnus 0]

Aqui os novos logs, mas parece que o problema do iexplore ja ta resolvido ñ fica mais abrindo.

 

 

SDFix: Version 1.209

Run by Jogos on ter 29/07/2008 at 13:47

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:18:08, on 29/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.812\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sblkf] C:\WINDOWS\System32\sblkf.exe

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

[Silas Martins 0]

baixe o WornFix

Salve-o na área de trabalho, descompacte-o e execute o fix.exe worn e clique em remover.

 

Feito isso gere um novo log do Hijackthis.

[Kronnus 0]

Logfile of HijackThis v1.99.1

Scan saved at 12:24:46, on 30/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX15.578\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sblkf] C:\WINDOWS\System32\sblkf.exe

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

[Kronnus 0]

o Wormfix ñ encontrou nada!!!

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis poste junto o relatório.txt.

 

Aguardo o Retorno

[Kronnus 0]

Logfile of HijackThis v1.99.1

Scan saved at 14:29:38, on 31/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Blok Free 2\agente.exe

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.094\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sblkf] C:\WINDOWS\System32\sblkf.exe

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C75F49-6AB0-40D7-8280-6F91DED1E716}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Diretivas de diagnóstico (ssblkfn) - Unknown owner - C:\WINDOWS\system32\ssblkf.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

 

esse tambem ñ encontrou nada :huh: :huh: