KiLLeR__ 0 Denunciar post Postado Setembro 3, 2008 Boas, podem-me ajudar a remover o malware CiD ? Logfile of HijackThis v1.99.1 Scan saved at n00b^^[23:44:49], on 03-09-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programas\Bonjour\mDNSResponder.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programas\Mozilla Firefox\firefox.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://down2crazy.com/index.php/?checknow=ok& R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://down2crazy.com/?checknow=ok& R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O2 - BHO: BHOvX - {A27835AD-3A92-13DA-8324-0913200C9AA3} - C:\Programas\BHOvX\ie-improver.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C83B5001-4969-45E7-A93C-46AE237938BE} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\info ford.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All with FlashGet - C:\Programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll O13 - DefaultPrefix: http://click.vnn.bz/?checknow=ok&url= O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002A6CA.dat,avgrsstx.dll O20 - Winlogon Notify: eixbbuof - eixbbuof.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gqdahnsf.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Setembro 4, 2008 Opa KiLLeR__, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
KiLLeR__ 0 Denunciar post Postado Setembro 4, 2008 ComboFix ComboFix 08-09-03.02 - eu 2008-09-04 11:51:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.594 [GMT 1:00] Executando de: C:\Documents and Settings\eu\Ambiente de trabalho\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Menu Iniciar\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Iniciar\Online Security Guide.lnk C:\Documents and Settings\eu\Application Data\inst.exe C:\Documents and Settings\eu\Application Data\macromedia\Flash Player\#SharedObjects\VC92HNRQ\bin.clearspring.com C:\Documents and Settings\eu\Application Data\macromedia\Flash Player\#SharedObjects\VC92HNRQ\bin.clearspring.com\clearspring.sol C:\Documents and Settings\eu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\eu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\eu\Cookies\eu@bestsellerantivirus[1].txt C:\Documents and Settings\eu\Cookies\eu@doiscliques.blogs.sapo[1].txt C:\Documents and Settings\eu\Favoritos\Download programs.url C:\Documents and Settings\eu\Favoritos\Games.url C:\Documents and Settings\eu\Favoritos\Online Security Guide.lnk C:\Documents and Settings\eu\Favoritos\Translator.url C:\Documents and Settings\eu\Favoritos\Videos.url C:\Programas\OneStepSearch C:\WINDOWS\system32\acwxcrex.ini C:\WINDOWS\system32\ameikcqm.ini C:\WINDOWS\system32\bkghpcxb.ini C:\WINDOWS\system32\btfunc.dll C:\WINDOWS\system32\ckqgwdyl.ini C:\WINDOWS\system32\ckshylio.ini C:\WINDOWS\system32\dnghssws.ini C:\WINDOWS\system32\eixbbuof.dllbox C:\WINDOWS\system32\ghsrajsa.ini C:\WINDOWS\system32\hfvldagc.ini C:\WINDOWS\system32\iauansgi.ini C:\WINDOWS\system32\ibmrcdfd.ini C:\WINDOWS\system32\iygoaxyv.ini C:\WINDOWS\system32\jaesadpr.ini C:\WINDOWS\system32\kcgrfvtw.ini C:\WINDOWS\system32\kesqcvmt.ini C:\WINDOWS\system32\maljxrtd.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mxoshgrf.ini C:\WINDOWS\system32\nbfmkjbd.ini C:\WINDOWS\system32\nxylddnw.ini C:\WINDOWS\system32\odyvptiw.ini C:\WINDOWS\system32\omsbqrbo.ini C:\WINDOWS\system32\pbmrugjf.ini C:\WINDOWS\system32\plpnlpyh.ini C:\WINDOWS\system32\ppsuqsal.ini C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\qbwboqup.ini C:\WINDOWS\system32\riclesib.ini C:\WINDOWS\system32\rtstv.bak1 C:\WINDOWS\system32\rtstv.bak2 C:\WINDOWS\system32\rtstv.ini C:\WINDOWS\system32\rtstv.ini2 C:\WINDOWS\system32\rtstv.tmp C:\WINDOWS\system32\ruotwfcr.ini C:\WINDOWS\system32\saeitwhd.ini C:\WINDOWS\system32\sdmhofmh.ini C:\WINDOWS\system32\tnlhubdn.ini C:\WINDOWS\system32\uganejeg.ini C:\WINDOWS\system32\ureftlbp.ini C:\WINDOWS\system32\uuajxlnh.ini C:\WINDOWS\system32\uxwcofqa.ini C:\WINDOWS\system32\vugccbft.ini C:\WINDOWS\system32\vursgkje.ini C:\WINDOWS\system32\waevvjdq.ini C:\WINDOWS\system32\wjpdcliq.ini C:\WINDOWS\system32\xwdbdlnk.ini C:\WINDOWS\system32\yddpmcew.ini C:\WINDOWS\system32\ymqtygfd.ini I:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Legacy_POWERMANAGER -------\Service_DomainService ((((((((((((((((((((((( Ficheiros criados de 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))) . 2008-09-03 23:44 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe 2008-09-03 23:44 . 2008-09-03 23:44 212,849 --a------ C:\hijackthis.zip 2008-09-02 20:06 . 2008-09-02 20:41 <DIR> d-------- C:\Programas\NoAdware5.0 2008-08-31 14:31 . 2008-08-31 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\File dvd base road 2008-08-31 14:30 . 2008-08-31 14:30 <DIR> d-------- C:\Programas\PlusTrans 2008-08-31 14:30 . 2008-09-02 12:00 <DIR> d-------- C:\Documents and Settings\eu\Application Data\PlusTrans 2008-08-31 14:29 . 2008-08-31 14:29 <DIR> d-------- C:\Programas\Circle Developement . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-02 19:42 --------- d-----w C:\Programas\Ares 2008-09-02 19:32 --------- d-----w C:\Programas\eMule 2008-09-02 11:20 --------- d-----w C:\Programas\FlashGet 2008-09-01 15:16 --------- d-----w C:\Programas\Teamspeak2_RC2 2008-08-31 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-31 13:29 --------- d-----w C:\Programas\Messenger Plus! Live 2008-08-21 19:05 --------- d-----w C:\Programas\Valve 2008-08-16 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-08-12 14:43 --------- d-----w C:\Documents and Settings\eu\Application Data\teamspeak2 2008-08-04 22:42 --------- d-----w C:\Programas\BT Next Evolution 2008-08-04 16:31 --------- d-----w C:\Documents and Settings\eu\Application Data\Vso 2008-07-29 08:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-08 10:11 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 662,528 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 12:22 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll 2007-11-10 21:47 47,360 ----a-w C:\Documents and Settings\eu\Application Data\pcouffin.sys . ------- Sigcheck ------- 2004-08-04 00:57 544768 e357804df72d85d35374eaf9c7cd10f4 C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:57 544768 e357804df72d85d35374eaf9c7cd10f4 C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 00:57 505344 42d8303e00cd0545182bbd202900194b C:\WINDOWS\VistaMizer\old\winlogon.exe 2005-03-02 19:12 2060800 9084480351ffb4d15ee7034b37a363d9 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 17:07 2063232 dd3cb4069fe2937b200febf454f63013 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2004-08-04 01:08 2019328 4d6d35c9481413b01d7c05499b723c8a C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 19:07 2019328 95c8a2d6adf0076883858218da8a7000 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 17:02 2061440 5f25794d38ffaf2633d335a6deee27e8 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2007-02-28 17:02 2019840 638ed9060674cb37d03f109510e33866 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 2005-03-02 19:13 2183424 37451da5f4495b1d134644acc2032092 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 17:07 2185984 8c13966df96ecf4bfcbf7509068cf9eb C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2004-08-04 00:49 2152448 65a0f53ccef1287eb5cfcd48a46c1086 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 19:07 2139648 0e2f1b8258bc08c5f0bde698591f76dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 17:02 2184192 8b2d9379324bf7d84bdd75220666ffe2 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2007-02-28 17:02 2140160 e8a019235cb9ca29da6bb33da803b2fb C:\WINDOWS\VistaMizer\old\ntoskrnl.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\explorer.exe 2007-06-13 14:10 1035264 4b1174a06f3e4bd5341521d151b84dce C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 00:57 1034240 7a28f6b962dcdbfd94280338b4a8e6fb C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\system32\VITrans\explorer.exe 2007-06-13 14:22 1035264 e33d51ece9047331fcf59dbfa4f4b856 C:\WINDOWS\VistaMizer\old\explorer.exe 2004-08-04 00:56 25088 21a39ea1d956a04b1faeff85abc0f842 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:56 25088 21a39ea1d956a04b1faeff85abc0f842 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 00:56 15360 62b37f1f519a08af502e6f6bb41d2dff C:\WINDOWS\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088] "msnmsgr"="C:\Programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-03 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-03 86016] "!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "Base road long save"="C:\Documents and Settings\All Users\Application Data\File dvd base road\info ford.exe" [2008-09-04 2512896] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088] "Nokia.PCSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\ BTTray.lnk - C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe [2006-05-12 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 10:25 6731312 C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-10-27 19:46 2321600 C:\Programas\Ficheiros comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2008-07-29 09:56 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-27 19:46 202024 C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 00:56 25088 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-06-29 12:44 1990704 C:\Programas\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-12-18 02:02 471040 C:\Programas\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 11:12 695808 C:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 17:24 71216 C:\Programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 21:40 1271032 c:\Programas\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-03 01:31 68856 C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-10-18 18:00 180269 C:\Programas\Windows Media Player\K-Lite Codec Pack\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc] --a------ 2007-06-26 06:13 305447 C:\WINDOWS\system32\viwc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt] --a------ 2007-12-13 17:31 8824112 C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Programas\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-11-03 07:02 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -ra------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programas\\Valve\\hl.exe"= "C:\\Programas\\Messenger\\msmsgs.exe"= "C:\\Programas\\Valve\\hlds.exe"= "C:\\Programas\\eMule\\emule.exe"= "C:\\Programas\\Ficheiros comuns\\Nero\\Nero Web\\SetupX.exe"= "C:\\Programas\\HLSW\\hlsw.exe"= "C:\\Programas\\Bonjour\\mDNSResponder.exe"= "C:\\Programas\\BHOvX\\uninstall.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\killer_461\\counter-strike\\hl.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\killer_461\\condition zero\\hl.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programas\\Valve\\Steam\\steam.exe"= "C:\\Programas\\BT Next Evolution\\btnext.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Programas\\age\\age2_x1.exe"= "C:\\Programas\\Valve\\hltv.exe"= "C:\\Programas\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programas\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Programas\\Mozilla Firefox\\firefox.exe"= "C:\\Programas\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "C:\\Programas\\Teamspeak2_RC2\\server_windows.exe"= "C:\\Programas\\AVG\\AVG8\\avgupd.exe"= "C:\\Programas\\AVG\\AVG8\\avgnsx.exe"= "C:\\Programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "C:\\Programas\\FlashGet\\FlashGet.exe"= R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-20 12936] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-29 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programas\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-29 231704] R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-29 1220888] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 76040] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496] S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-20 23296] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' . - - - - ORFAOS REMOVIDOS - - - - Notify-eixbbuof - eixbbuof.dll Notify-WgaLogon - (no file) MSConfigStartUp-a4b6a71f - C:\WINDOWS\system32\obrqbsmo.dll MSConfigStartUp-ares - C:\Programas\Ares\Ares.exe MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-AVP - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe MSConfigStartUp-BtTray - C:\Programas\IVT Corporation\BlueSoleil\BtTray.exe . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\eu\Application Data\Mozilla\Firefox\Profiles\0bfsmdu7.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pt FF -: plugin - C:\Programas\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Programas\Mozilla Firefox\plugins\NPMyGlSh.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-04 11:54:16 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Programas\CyberLink\PowerDVD\000.fcl" . Tempo para conclusão: 2008-09-04 11:58:11 ComboFix-quarantined-files.txt 2008-09-04 10:57:08 Pre-Run: 11,666,046,976 bytes livres Post-Run: 11,653,484,544 bytes livres 301 --- E O F --- 2008-08-31 13:40:49 HijackThis Logfile of HijackThis v1.99.1 Scan saved at n00b^^[12:00:16], on 04-09-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programas\Bonjour\mDNSResponder.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programas\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG8\avgscanx.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://down2crazy.com/?checknow=ok& R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\info ford.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All with FlashGet - C:\Programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll O13 - DefaultPrefix: http://click.vnn.bz/?checknow=ok&url= O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe é isto ? Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Setembro 4, 2008 Opa KiLLeR__, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::C:\Documents and Settings\All Users\Application Data\File dvd base road\info ford.exe C:\WINDOWS\system32\viwc.exe Folder:: C:\Documents and Settings\All Users\Application Data\File dvd base road Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Base road long save"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc] ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
KiLLeR__ 0 Denunciar post Postado Setembro 5, 2008 Está aqui : ComboFix ComboFix 08-09-04.02 - eu 2008-09-05 1:47:51.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.600 [GMT 1:00] Executando de: C:\Documents and Settings\eu\Ambiente de trabalho\ComboFix.exe Command switches used :: C:\Documents and Settings\eu\Ambiente de trabalho\CFScript.txt * Criado um novo ponto de restauro ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\File dvd base road C:\Documents and Settings\All Users\Application Data\File dvd base road\info ford.exe C:\WINDOWS\system32\viwc.exe . ((((((((((((((((((((((( Ficheiros criados de 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))) . 2008-09-03 23:44 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe 2008-09-03 23:44 . 2008-09-03 23:44 212,849 --a------ C:\hijackthis.zip 2008-09-02 20:06 . 2008-09-02 20:41 <DIR> d-------- C:\Programas\NoAdware5.0 2008-08-31 14:30 . 2008-08-31 14:30 <DIR> d-------- C:\Programas\PlusTrans 2008-08-31 14:30 . 2008-09-04 12:07 <DIR> d-------- C:\Documents and Settings\eu\Application Data\PlusTrans 2008-08-31 14:29 . 2008-08-31 14:29 <DIR> d-------- C:\Programas\Circle Developement . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-02 19:42 --------- d-----w C:\Programas\Ares 2008-09-02 19:32 --------- d-----w C:\Programas\eMule 2008-09-02 11:20 --------- d-----w C:\Programas\FlashGet 2008-09-01 15:16 --------- d-----w C:\Programas\Teamspeak2_RC2 2008-08-31 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-31 13:29 --------- d-----w C:\Programas\Messenger Plus! Live 2008-08-21 19:05 --------- d-----w C:\Programas\Valve 2008-08-16 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-08-12 14:43 --------- d-----w C:\Documents and Settings\eu\Application Data\teamspeak2 2008-08-04 22:42 --------- d-----w C:\Programas\BT Next Evolution 2008-08-04 16:31 --------- d-----w C:\Documents and Settings\eu\Application Data\Vso 2008-07-29 08:55 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-08 10:11 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 662,528 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 12:22 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll 2007-11-10 21:47 47,360 ----a-w C:\Documents and Settings\eu\Application Data\pcouffin.sys . ------- Sigcheck ------- 2004-08-04 00:57 544768 e357804df72d85d35374eaf9c7cd10f4 C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:57 544768 e357804df72d85d35374eaf9c7cd10f4 C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 00:57 505344 42d8303e00cd0545182bbd202900194b C:\WINDOWS\VistaMizer\old\winlogon.exe 2005-03-02 19:12 2060800 9084480351ffb4d15ee7034b37a363d9 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 17:07 2063232 dd3cb4069fe2937b200febf454f63013 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2004-08-04 01:08 2019328 4d6d35c9481413b01d7c05499b723c8a C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 19:07 2019328 95c8a2d6adf0076883858218da8a7000 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 17:02 2061440 5f25794d38ffaf2633d335a6deee27e8 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-02-28 17:02 2276864 2144065e4426f514c8667c398bd22a3a C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2007-02-28 17:02 2019840 638ed9060674cb37d03f109510e33866 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 2005-03-02 19:13 2183424 37451da5f4495b1d134644acc2032092 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 17:07 2185984 8c13966df96ecf4bfcbf7509068cf9eb C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2004-08-04 00:49 2152448 65a0f53ccef1287eb5cfcd48a46c1086 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 19:07 2139648 0e2f1b8258bc08c5f0bde698591f76dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 17:02 2184192 8b2d9379324bf7d84bdd75220666ffe2 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-02-28 17:02 2397184 7d192871a1fbfcb3be3721502f5aa391 C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2007-02-28 17:02 2140160 e8a019235cb9ca29da6bb33da803b2fb C:\WINDOWS\VistaMizer\old\ntoskrnl.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\explorer.exe 2007-06-13 14:10 1035264 4b1174a06f3e4bd5341521d151b84dce C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 00:57 1034240 7a28f6b962dcdbfd94280338b4a8e6fb C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 14:22 1553920 fb015fa632a16ad116d26f2051a7101a C:\WINDOWS\system32\VITrans\explorer.exe 2007-06-13 14:22 1035264 e33d51ece9047331fcf59dbfa4f4b856 C:\WINDOWS\VistaMizer\old\explorer.exe 2004-08-04 00:56 25088 21a39ea1d956a04b1faeff85abc0f842 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:56 25088 21a39ea1d956a04b1faeff85abc0f842 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 00:56 15360 62b37f1f519a08af502e6f6bb41d2dff C:\WINDOWS\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088] "msnmsgr"="C:\Programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-03 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-03 86016] "!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088] "Nokia.PCSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\ BTTray.lnk - C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe [2006-05-12 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 10:25 6731312 C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-10-27 19:46 2321600 C:\Programas\Ficheiros comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2008-07-29 09:56 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-10-27 19:46 202024 C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 00:56 25088 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-06-29 12:44 1990704 C:\Programas\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-12-18 02:02 471040 C:\Programas\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-12-10 11:12 695808 C:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 17:24 71216 C:\Programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-28 21:40 1271032 c:\Programas\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-03 01:31 68856 C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-10-18 18:00 180269 C:\Programas\Windows Media Player\K-Lite Codec Pack\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt] --a------ 2007-12-13 17:31 8824112 C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Programas\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-11-03 07:02 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -ra------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programas\\Valve\\hl.exe"= "C:\\Programas\\Messenger\\msmsgs.exe"= "C:\\Programas\\Valve\\hlds.exe"= "C:\\Programas\\eMule\\emule.exe"= "C:\\Programas\\Ficheiros comuns\\Nero\\Nero Web\\SetupX.exe"= "C:\\Programas\\HLSW\\hlsw.exe"= "C:\\Programas\\Bonjour\\mDNSResponder.exe"= "C:\\Programas\\BHOvX\\uninstall.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\killer_461\\counter-strike\\hl.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\killer_461\\condition zero\\hl.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programas\\Valve\\Steam\\steam.exe"= "C:\\Programas\\BT Next Evolution\\btnext.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Programas\\age\\age2_x1.exe"= "C:\\Programas\\Valve\\hltv.exe"= "C:\\Programas\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programas\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Programas\\Mozilla Firefox\\firefox.exe"= "C:\\Programas\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "C:\\Programas\\Teamspeak2_RC2\\server_windows.exe"= "C:\\Programas\\AVG\\AVG8\\avgupd.exe"= "C:\\Programas\\AVG\\AVG8\\avgnsx.exe"= "C:\\Programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programas\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "C:\\Programas\\FlashGet\\FlashGet.exe"= R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-20 12936] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-29 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programas\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-29 231704] R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-29 1220888] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 76040] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496] S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-20 23296] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 01:51:54 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Programas\CyberLink\PowerDVD\000.fcl" . Tempo para conclusão: 2008-09-05 1:56:21 ComboFix-quarantined-files.txt 2008-09-05 00:55:18 ComboFix2.txt 2008-09-04 10:58:12 Pre-Run: 11,560,267,776 bytes livres Post-Run: 11,558,453,248 bytes livres 213 --- E O F --- 2008-08-31 13:40:49 HijackThis Logfile of HijackThis v1.99.1 Scan saved at n00b^^[1:59:43], on 05-09-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\WINDOWS\RTHDCPL.EXE C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe C:\Programas\Bonjour\mDNSResponder.exe C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programas\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\explorer.exe C:\Programas\Mozilla Firefox\firefox.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://down2crazy.com/?checknow=ok& R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All with FlashGet - C:\Programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0f73c2decced4d58b219bbad45820698 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll O13 - DefaultPrefix: http://click.vnn.bz/?checknow=ok&url= O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Setembro 8, 2008 Opa KiLLeR__, O Malwarebytes AntiMalware é um produto relativamente novo, porém com grande eficácia na remoção de infecções comuns. O programa é pequeno, gratuito e em português. A sua instalação é o primeiro passo para a limpeza de um sistema operacional infectado. Neste tutorial você aprenderá a instalá-lo e executá-lo. 1) Primeiramente faça o download do programa: http://www.malwarebytes.org/mbam/program/mbam-setup.exe 2) Agora proceda a instalação do programa, conforme segue: Execute o programa de instalação: Logo após a execução do arquivo de instalação, será exibida a seguinte tela: Agora, clique em Instalar para concluir: Ao término da instalação deixe marcadas as opções de Atualização e Execução: Será exibida então a tela de atualização do programa: 3) Essa é a tela inicial do programa. Marque a opção Verificação Completa e clique no botão Verificar. Aguarde até o final da verificação: Ao concluir a verificação, será exibida essa mensagem: O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados. Para efetivar a limpeza, clique em Remover selecionados: Para concluir a limpeza haverá a necessidade da reinicialização do computador: O programa guarda os logs das verificações feitas na pasta C:\Documents and Settings\Seu nome de Usuario\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\Logs, que também pode ser acessados na aba Logs, dentro do programa. Retorne com o resultado da varredura. Créditos: Fabio Assolini. Link para a postagem original: aqui. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 9, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
