Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

xjackiex

[Arquivado] Kavo.exe ¬¬"

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

xjackiex    0

xjackiex
Postado

E ae masters (:

Eu sei que é chato, mas tenho um caso sobre o kavo.exe que está

me encomodando muito. E como vi em outros tópicos, com esse tipo

de malware, cada caso é um caso.

Por isso, vim ver se dá pra vocês inteligentes resolverem meu problema.

 

Baixei o Hijackthis e o Combofix, como vi em alguns tópicos sobre o kavo.

 

Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:16:32, on 14/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\qt6win\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\qt6win\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\ARQuiVoS Di Eu\Programas\Bootskin\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Dados de aplicativos\Audio 4 part browse\logo bin.exe

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [PlaySkip] C:\DOCUME~1\Usuario\DADOSD~1\INTERC~1\Dupeblahburn.exe

O4 - HKCU\..\Run: [RocketDock] "D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl220bd.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FCCABB8-C584-4624-82FE-671E6DD3ABE4}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

 

 

 

Combofix :

 

ComboFix 08-09-13.05 - Usuario 2008-09-14 15:26:30.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.425 [GMT -3:00]

Executando de: C:\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\1t6yxlxx.cmd

C:\1u0o8bnq.cmd

C:\a1.bat

C:\Autorun.inf

C:\Documents and Settings\Usuario\Dados de aplicativos\inst.exe

C:\f.bat

C:\kk3.bat

C:\ov.cmd

C:\pamn.exe

C:\r1y1.bat

C:\test.txt

C:\u9dyi.exe

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\ckvo2.dll

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo1.dll

C:\WINDOWS\system32\kavo2.dll

C:\WINDOWS\system32\mdm.exe

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\tavo0.dll

C:\WINDOWS\system32\tavo1.dll

C:\WINDOWS\winhelp.ini

C:\ylaua.cmd

C:\ypjq1.cmd

D:\1t6yxlxx.cmd

D:\1u0o8bnq.cmd

D:\a1.bat

D:\Autorun.inf

D:\f.bat

D:\kk3.bat

D:\ov.cmd

D:\pamn.exe

D:\r1y1.bat

D:\u9dyi.exe

D:\ylaua.cmd

D:\ypjq1.cmd

G:\1u0o8bnq.cmd

G:\AutoRun.inf

G:\r1y1.bat

G:\ypjq1.cmd

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))))

.

 

2008-09-14 15:16 . 2008-09-14 15:16 <DIR> d-------- C:\HJT

2008-09-14 14:39 . 2008-09-14 14:39 2,849,388 -ra------ C:\ComboFix.exe

2008-09-13 22:46 . 2008-09-13 07:23 94,700 -r-hs---- C:\vxl.exe

2008-09-12 19:03 . 2008-09-12 19:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-12 19:03 . 2008-09-12 19:03 1,409 --a------ C:\WINDOWS\QTFont.for

2008-09-10 13:37 . 2008-09-10 18:55 96,047 -r-hs---- C:\39lpji.com

2008-09-06 09:29 . 2008-09-10 18:41 115,992 -r-hs---- C:\iwjj.com

2008-09-05 10:46 . 2008-09-05 19:30 92,932 -r-hs---- C:\ktnquo.exe

2008-09-03 19:43 . 2008-09-04 20:44 111,805 -r-hs---- C:\okhr.exe

2008-09-02 00:15 . 2008-09-02 00:15 109,992 -r-hs---- C:\rjx0.exe

2008-08-29 10:43 . 2008-08-29 10:43 108,442 -r-hs---- C:\6xdgw26.com

2008-08-27 20:57 . 2008-08-27 20:57 109,392 -r-hs---- C:\3jkkdo.exe

2008-08-27 09:28 . 2008-08-29 20:00 91,084 -r-hs---- C:\ph.com

2008-08-26 20:08 . 2008-08-27 11:20 109,020 -r-hs---- C:\dpu1.exe

2008-08-26 20:08 . 2008-08-26 20:08 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca

2008-08-26 20:08 . 2008-08-26 20:08 37,888 --a------ C:\WINDOWS\system32\sysmon.oca

2008-08-26 10:45 . 2008-08-26 10:45 76,288 --a------ C:\WINDOWS\system32\MSFLXGRD.oca

2008-08-16 19:12 . 2008-08-16 19:12 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-14 13:06 15,858 ----a-w C:\WINDOWS\Fonts\amerika_sans.zip

2008-08-13 16:33 --------- d-----w C:\Arquivos de programas\inter cdrom ace

2008-08-09 02:09 --------- d-----w C:\Arquivos de programas\Skat

2008-07-28 22:06 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-07-28 07:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

2008-07-28 03:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-07-28 03:06 47,360 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\pcouffin.sys

2008-07-28 03:06 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Vso

2008-07-28 03:06 --------- d-----w C:\Arquivos de programas\VSO

2008-07-27 21:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-07-22 21:17 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\CyberLink

2008-07-22 21:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-22 21:04 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2008-07-22 20:21 --------- d-----w C:\Arquivos de programas\CyberLink

2008-07-22 05:05 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Ahead

2008-07-22 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-21 04:33 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-07-11 15:01 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\TYRCPHJYWWPP.SYS

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-07-04 05:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-07-04 05:30 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll

2008-07-04 05:26 583,104 ----a-w C:\WINDOWS\system32\UXTheme Multi-Patcher 5.0.exe

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-06-18 01:06 29,416 ----a-w C:\WINDOWS\Fonts\wrexham.zip

2008-05-11 19:17 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2004-09-03 13:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS

1999-04-01 15:53 99,840 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w C:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w C:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 67128]

"PlaySkip"="C:\DOCUME~1\Usuario\DADOSD~1\INTERC~1\Dupeblahburn.exe" [2008-08-13 485888]

"RocketDock"="D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe" [2007-09-02 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 221184]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]

"QuickTime Task"="D:\qt6win\qttask.exe" [2006-10-25 282624]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-23 185896]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]

"BootSkin Startup Jobs"="D:\ARQuiVoS Di Eu\Programas\Bootskin\BootSkin\BootSkin.exe" [2004-04-26 270336]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2008-07-27 249856]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Part browse safe hold"="C:\Documents and Settings\All Users\Dados de aplicativos\Audio 4 part browse\logo bin.exe" [2008-09-14 2369536]

"VTTimer"="VTTimer.exe" [2004-09-01 C:\WINDOWS\system32\VTTimer.exe]

"PCTVOICE"="pctspk.exe" [2004-01-29 C:\WINDOWS\system32\pctspk.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

"Picasa Media Detector"="D:\ARQuiVoS Di Eu\Programas\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

Symantec Fax Starter Edition Port.lnk - C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE [1999-04-01 46080]

Logitech Desktop Messenger.lnk - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-17 67128]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2004-08-04 69632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.enc"= ITIG726.acm

"VIDC.MJPG"= pvmjpg21.dll

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2004-02-25 17:15 454656 C:\Arquivos de programas\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2004-02-25 17:06 212992 C:\Arquivos de programas\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 D:\ARQuiVoS Di Eu\Programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\ARQuiVoS Di Eu\\Programas\\eMule\\eMule.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\ARQuiVoS Di Eu\\Programas\\GunBound\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 65536]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 1527895]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]

R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]

S0 N10;iriver Internet Audio Player N10;C:\WINDOWS\system32\drivers\N10.sys [2004-03-29 14531]

S3 g0wkudr1ver;g0wkudr1ver;D:\Minhas Imagens(Thi)\Ce- by Tibia\g0wku.sys [ ]

S3 NVDISP;NVDISP;D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1[1].0\CE Lite\nv7800gt.sys [ ]

S3 Wink1;Wink1;D:\Minhas Imagens(Thi)\ShaK3.0\Wink.sys [ ]

.

Conte£do da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

HKLM-Run-Cmaudio - cmicnfg.cpl

MSConfigStartUp-Shareaza - D:\ARQuiVoS Di Eu\Programas\Shareaza\Shareaza.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\mn7e0hhz.default\

FF -: plugin - C:\Arquivos de programas\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF -: plugin - D:\ARQuiVoS Di Eu\Programas\DivX\DivX Player\npDivxPlayerPlugin.dll

FF -: plugin - D:\ARQuiVoS Di Eu\Programas\DivX\DivX Web Player\npdivx32.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin2.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin3.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin4.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin5.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin6.dll

FF -: plugin - d:\qt6win\Plugins\npqtplugin7.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 15:31:19

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

"ImagePath"="\??\D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1

[1].0\CE Lite\nv7800gt.sys"

 

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVDISP]

"ImagePath"="\??\D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\ARQUIVOS DE PROGRAMAS\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\CYBERLINK\SHARED FILES\RICHVIDEO.EXE

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-14 15:34:18 - Maquina reiniciou [usuario]

ComboFix-quarantined-files.txt 2008-09-14 18:34:12

 

Pre-Run: 5,312,413,696 bytes disponíveis

Post-Run: 6,720,651,264 bytes dispon¡veis

 

251 --- E O F --- 2007-07-11 16:19:07

 

 

Agradeço a atenção e espero que uma alma boa me ajude xD

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\vxl.exe

C:\39lpji.com

C:\iwjj.com

C:\ktnquo.exe

C:\okhr.exe

C:\rjx0.exe

C:\6xdgw26.com

C:\3jkkdo.exe

C:\dpu1.exe

C:\WINDOWS\system32\Bitkv0.dll

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

xjackiex    0

xjackiex
Postado

Nossa cara, muito obrigado, eu não esperava uma resposta tão rápida (:

 

Hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 20:08:54, on 14/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

D:\qt6win\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\qt6win\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\ARQuiVoS Di Eu\Programas\Bootskin\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Dados de aplicativos\Audio 4 part browse\logo bin.exe

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [PlaySkip] C:\DOCUME~1\Usuario\DADOSD~1\INTERC~1\Dupeblahburn.exe

O4 - HKCU\..\Run: [RocketDock] "D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

 

Combofix:

ComboFix 08-09-13.05 - Usuario 2008-09-14 19:58:55.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.436 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\39lpji.com

C:\3jkkdo.exe

C:\6xdgw26.com

C:\dpu1.exe

C:\iwjj.com

C:\ktnquo.exe

C:\okhr.exe

C:\rjx0.exe

C:\vxl.exe

C:\WINDOWS\system32\Bitkv0.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))))

.

 

2008-09-14 15:34 . 2008-09-14 15:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-14 15:34 . 2008-09-14 15:34 <DIR> d-------- C:\Documents and Settings\Usuario\Configurações locais

2008-09-14 15:34 . 2008-09-14 15:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-14 15:34 . 2008-09-14 15:34 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-09-14 15:34 . 2008-09-14 15:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-09-14 15:16 . 2008-09-14 15:16 <DIR> d-------- C:\HJT

2008-09-14 14:39 . 2008-09-14 14:39 2,849,388 -ra------ C:\ComboFix.exe

2008-09-12 19:03 . 2008-09-12 19:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-12 19:03 . 2008-09-12 19:03 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-27 09:28 . 2008-08-29 20:00 91,084 -r-hs---- C:\ph.com

2008-08-26 20:08 . 2008-08-26 20:08 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca

2008-08-26 20:08 . 2008-08-26 20:08 37,888 --a------ C:\WINDOWS\system32\sysmon.oca

2008-08-26 10:45 . 2008-08-26 10:45 76,288 --a------ C:\WINDOWS\system32\MSFLXGRD.oca

2008-08-16 19:12 . 2008-08-16 19:12 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-14 13:06 15,858 ----a-w C:\WINDOWS\Fonts\amerika_sans.zip

2008-08-13 16:33 --------- d-----w C:\Arquivos de programas\inter cdrom ace

2008-08-09 02:09 --------- d-----w C:\Arquivos de programas\Skat

2008-07-28 22:06 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-07-28 07:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

2008-07-28 03:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-07-28 03:06 47,360 ----a-w C:\Documents and Settings\Usuario\Dados de aplicativos\pcouffin.sys

2008-07-28 03:06 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Vso

2008-07-28 03:06 --------- d-----w C:\Arquivos de programas\VSO

2008-07-27 21:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-07-22 21:17 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\CyberLink

2008-07-22 21:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-22 21:04 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2008-07-22 20:21 --------- d-----w C:\Arquivos de programas\CyberLink

2008-07-22 05:05 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Ahead

2008-07-22 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-21 04:33 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-07-11 15:01 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\TYRCPHJYWWPP.SYS

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-07-04 05:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-07-04 05:30 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll

2008-07-04 05:26 583,104 ----a-w C:\WINDOWS\system32\UXTheme Multi-Patcher 5.0.exe

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-06-18 01:06 29,416 ----a-w C:\WINDOWS\Fonts\wrexham.zip

2008-05-11 19:17 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2004-09-03 13:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS

1999-04-01 15:53 99,840 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w C:\Arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w C:\Arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w C:\Arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-14_15.33.40.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-14 23:03:02 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_664.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 67128]

"PlaySkip"="C:\DOCUME~1\Usuario\DADOSD~1\INTERC~1\Dupeblahburn.exe" [2008-08-13 485888]

"RocketDock"="D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe" [2007-09-02 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 221184]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"QuickTime Task"="D:\qt6win\qttask.exe" [2006-10-25 282624]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-23 185896]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]

"BootSkin Startup Jobs"="D:\ARQuiVoS Di Eu\Programas\Bootskin\BootSkin\BootSkin.exe" [2004-04-26 270336]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2008-07-27 249856]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Part browse safe hold"="C:\Documents and Settings\All Users\Dados de aplicativos\Audio 4 part browse\logo bin.exe" [2008-09-14 2369536]

"VTTimer"="VTTimer.exe" [2004-09-01 C:\WINDOWS\system32\VTTimer.exe]

"PCTVOICE"="pctspk.exe" [2004-01-29 C:\WINDOWS\system32\pctspk.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

"Picasa Media Detector"="D:\ARQuiVoS Di Eu\Programas\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

Symantec Fax Starter Edition Port.lnk - C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE [1999-04-01 46080]

Logitech Desktop Messenger.lnk - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-17 67128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.enc"= ITIG726.acm

"VIDC.MJPG"= pvmjpg21.dll

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2004-02-25 17:15 454656 C:\Arquivos de programas\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2004-02-25 17:06 212992 C:\Arquivos de programas\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 D:\ARQuiVoS Di Eu\Programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\ARQuiVoS Di Eu\\Programas\\eMule\\eMule.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\ARQuiVoS Di Eu\\Programas\\GunBound\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 65536]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 1527895]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]

R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]

S0 N10;iriver Internet Audio Player N10;C:\WINDOWS\system32\drivers\N10.sys [2004-03-29 14531]

S3 g0wkudr1ver;g0wkudr1ver;D:\Minhas Imagens(Thi)\Ce- by Tibia\g0wku.sys [ ]

S3 NVDISP;NVDISP;D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1[1].0\CE Lite\nv7800gt.sys [ ]

S3 Wink1;Wink1;D:\Minhas Imagens(Thi)\ShaK3.0\Wink.sys [ ]

.

Conte£do da pasta 'Tarefas Agendadas'

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 20:03:28

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

"ImagePath"="\??\D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1

[1].0\CE Lite\nv7800gt.sys"

 

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVDISP]

"ImagePath"="\??\D:\Minhas Imagens(Thi)\CE Lite 1.0\CE_Lite_1

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\ARQUIVOS DE PROGRAMAS\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\CYBERLINK\SHARED FILES\RICHVIDEO.EXE

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-14 20:05:39 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-09-14 23:05:34

ComboFix2.txt 2008-09-14 18:34:20

 

Pre-Run: 6,668,795,904 bytes disponíveis

Post-Run: 6,650,757,120 bytes dispon¡veis

 

188 --- E O F --- 2007-07-11 16:19:07

 

 

 

________________________________________________________________________________

__________________

 

 

Ei, Sr. Perfect, muito obrigado pela predisposição !

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

◘ Faça o download do LopS&D.

◘ Salve-o no Disco Local-C!.

Instale o programa e clique em: LopSD.cmd

◘ Na janela que abrir,aperte o "p" >> Aperte Enter.

◘ Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

◘ Terminando, salve e poste o relatório. ( C:\lopR.txt )

◘ Poste, também,Hijackthis atualizado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

xjackiex    0

xjackiex
Postado

Nossa velho, acho que meu pc está voltando ao normal aos poucos.

E outra, eu postei os logs aqui, mas nem te informei quais eram meus problemas e tudo mais,

mas acho que só pela análise disso tudo ae, você já sabe, né ?

Mas, enfim, vou dar um feedbackzin aqui:

- programas que armazenam em buffer como o youtube, carregavam até alguns segundos somente

e depois voltavam ao ponto inicial, não permitindo assistir mais que isso;

- era só inicializar o windows, sem nem ao menos realizar nenhuma ação, o kavo.exe já aparecia

como algum arquivo encontrado no avast!;

- porém, meu banco de dados do avast! estava desatualizado há pelo menos 3 semanas, e como eu não

tenho a key dele, não conseguia fazer nada;

 

- agora o youtube voltou ao normal;

- o problema com o kavo.exe já está resolvido;

- excluí o avast! e optei pelo kaspersky 2009, só pra mudar a rotina;

(aliás, qual a sua opinião sobre esse antivírus ? tem um que é melhor ?)

 

e mais uma vez, obrigado !

 

________________________________________________________________________________

_______

Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 19:22:42, on 15/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

D:\qt6win\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\qt6win\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\ARQuiVoS Di Eu\Programas\Bootskin\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [RocketDock] "D:\ARQuiVoS Di Eu\Programas\Rocketdock\RocketDock\RocketDock.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FCCABB8-C584-4624-82FE-671E6DD3ABE4}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

________________________________________________________________________________

________

 

 

 

 

Lop S&D:

 

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ )

BIOS : Version 07.00T

USER : Usuario ( Administrator )

BOOT : Normal boot

Antivirus : Kaspersky Anti-Virus 8.0.0.454 (Activated)

A:\ (USB)

C:\ (Local Disk) - FAT32 - Total : 18 Go Free : 6 Go

D:\ (Local Disk) - FAT32 - Total : 18 Go Free : 4 Go

E:\ (CD or DVD)

F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

 

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [2] ( 15/09/2008|18:48 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[19/12/2005|18:20] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[10/05/2006|20:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[09/11/2006|17:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[27/12/2005|21:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\curb title browse bits

[22/07/2008|18:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[18/05/2008|21:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

[14/09/2008|21:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

[14/09/2008|20:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

[19/01/2006|21:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Macrovision

[20/12/2005|21:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[19/12/2005|18:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[27/04/2008|01:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[28/06/2008|09:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[14/09/2008|21:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller

[01/01/2006|23:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\QuickTime

[31/12/2005|13:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[21/12/2005|14:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[28/07/2008|04:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\vsosdk

[06/07/2006|01:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[15/11/2007|13:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[19/12/2005|18:20] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[19/12/2005|18:20] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[10/05/2006|19:37] C:\DOCUME~1\USUARIO\DADOSD~1\Adobe

[10/05/2006|20:21] C:\DOCUME~1\USUARIO\DADOSD~1\AdobeUM

[22/07/2008|02:05] C:\DOCUME~1\USUARIO\DADOSD~1\Ahead

[09/11/2006|17:27] C:\DOCUME~1\USUARIO\DADOSD~1\Apple Computer

[02/03/2006|14:10] C:\DOCUME~1\USUARIO\DADOSD~1\BSplayer

[02/05/2008|23:43] C:\DOCUME~1\USUARIO\DADOSD~1\BSplayer Pro

[22/07/2008|18:17] C:\DOCUME~1\USUARIO\DADOSD~1\CyberLink

[24/06/2008|20:29] C:\DOCUME~1\USUARIO\DADOSD~1\DivX

[02/01/2006|10:38] C:\DOCUME~1\USUARIO\DADOSD~1\Google

[20/01/2006|19:23] C:\DOCUME~1\USUARIO\DADOSD~1\Help

[19/12/2005|18:48] C:\DOCUME~1\USUARIO\DADOSD~1\Identities

[27/12/2005|21:49] C:\DOCUME~1\USUARIO\DADOSD~1\inter cdrom ace

[10/05/2006|22:01] C:\DOCUME~1\USUARIO\DADOSD~1\Leadertech

[20/12/2005|19:30] C:\DOCUME~1\USUARIO\DADOSD~1\Macromedia

[19/12/2005|18:20] C:\DOCUME~1\USUARIO\DADOSD~1\Microsoft

[19/12/2005|18:50] C:\DOCUME~1\USUARIO\DADOSD~1\Microsoft Web Folders

[20/12/2005|19:50] C:\DOCUME~1\USUARIO\DADOSD~1\Mozilla

[28/06/2008|09:24] C:\DOCUME~1\USUARIO\DADOSD~1\Nero

[13/08/2006|19:08] C:\DOCUME~1\USUARIO\DADOSD~1\OLYMPUS

[06/01/2006|23:20] C:\DOCUME~1\USUARIO\DADOSD~1\Real

[29/04/2008|22:39] C:\DOCUME~1\USUARIO\DADOSD~1\Real Desktop

[28/12/2005|16:11] C:\DOCUME~1\USUARIO\DADOSD~1\Roxio

[13/05/2007|00:05] C:\DOCUME~1\USUARIO\DADOSD~1\Screenshot Sender

[31/12/2005|13:32] C:\DOCUME~1\USUARIO\DADOSD~1\Skype

[07/01/2006|22:21] C:\DOCUME~1\USUARIO\DADOSD~1\Sun

[08/06/2008|00:11] C:\DOCUME~1\USUARIO\DADOSD~1\uTorrent

[28/07/2008|00:06] C:\DOCUME~1\USUARIO\DADOSD~1\Vso

[02/05/2008|21:42] C:\DOCUME~1\USUARIO\DADOSD~1\WinRAR

 

[19/12/2005|18:20] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[14/09/2008 19:02][--a------] C:\WINDOWS\tasks\Norton Security Scan.job

[15/09/2008 18:23][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 07:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[10/05/2006|20:20] C:\Arquivos de programas\Adobe

[02/05/2008|23:43] C:\Arquivos de programas\AdVantage

[19/12/2005|19:39] C:\Arquivos de programas\Ahead

[19/12/2005|19:30] C:\Arquivos de programas\Alwil Software

[19/12/2005|18:21] C:\Arquivos de programas\Arquivos comuns

[19/12/2005|19:16] C:\Arquivos de programas\C-Media 3D Audio

[19/12/2005|18:30] C:\Arquivos de programas\ComPlus Applications

[22/07/2008|17:21] C:\Arquivos de programas\CyberLink

[29/02/2008|22:19] C:\Arquivos de programas\DsNET Corp

[29/03/2008|12:32] C:\Arquivos de programas\Firebird

[02/01/2006|10:37] C:\Arquivos de programas\Google

[01/06/2008|21:32] C:\Arquivos de programas\Hewlett-Packard

[01/06/2008|21:32] C:\Arquivos de programas\hp deskjet 656c series

[19/12/2005|19:12] C:\Arquivos de programas\InstallShield Installation Information

[13/08/2008|13:33] C:\Arquivos de programas\inter cdrom ace

[19/12/2005|18:31] C:\Arquivos de programas\Internet Explorer

[13/08/2006|10:07] C:\Arquivos de programas\iriver

[06/01/2006|23:04] C:\Arquivos de programas\Java

[14/09/2008|21:00] C:\Arquivos de programas\Kaspersky Lab

[14/09/2008|23:09] C:\Arquivos de programas\Lavalys

[22/07/2008|18:04] C:\Arquivos de programas\lg_fwupdate

[26/12/2005|19:01] C:\Arquivos de programas\Logitech

[05/07/2008|13:28] C:\Arquivos de programas\Messenger Plus! Live

[19/12/2005|18:34] C:\Arquivos de programas\microsoft frontpage

[19/12/2005|18:50] C:\Arquivos de programas\Microsoft Office

[19/12/2005|18:53] C:\Arquivos de programas\Microsoft Visual Studio

[19/12/2005|18:31] C:\Arquivos de programas\Movie Maker

[20/12/2005|19:50] C:\Arquivos de programas\Mozilla Firefox

[19/12/2005|18:30] C:\Arquivos de programas\MSN Gaming Zone

[20/12/2005|20:05] C:\Arquivos de programas\MSN Messenger

[18/11/2006|13:16] C:\Arquivos de programas\MSXML 4.0

[28/07/2008|19:06] C:\Arquivos de programas\NCH Swift Sound

[28/06/2008|09:21] C:\Arquivos de programas\Nero

[19/12/2005|18:31] C:\Arquivos de programas\NetMeeting

[21/07/2008|01:33] C:\Arquivos de programas\Norton Security Scan

[19/12/2005|19:12] C:\Arquivos de programas\On-line Help Console

[19/12/2005|18:31] C:\Arquivos de programas\Outlook Express

[13/08/2006|18:39] C:\Arquivos de programas\PIXELA

[06/01/2006|23:23] C:\Arquivos de programas\Real

[19/12/2005|19:13] C:\Arquivos de programas\S3Inc

[19/12/2005|18:32] C:\Arquivos de programas\Servi‡os on-line

[08/08/2008|23:09] C:\Arquivos de programas\Skat

[19/12/2005|18:51] C:\Arquivos de programas\Snapshot Viewer

[19/12/2005|18:48] C:\Arquivos de programas\Uninstall Information

[08/06/2008|00:11] C:\Arquivos de programas\uTorrent

[28/07/2008|00:06] C:\Arquivos de programas\VSO

[02/03/2006|14:10] C:\Arquivos de programas\VVSN

[18/03/2008|19:00] C:\Arquivos de programas\Web Publish

[30/06/2007|11:55] C:\Arquivos de programas\Windows Live

[19/12/2005|18:30] C:\Arquivos de programas\Windows Media Player

[19/12/2005|18:29] C:\Arquivos de programas\Windows NT

[19/12/2005|18:32] C:\Arquivos de programas\WindowsUpdate

[20/12/2005|21:25] C:\Arquivos de programas\WinRAR

[19/12/2005|18:34] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[20/01/2006|11:58] C:\Arquivos de programas\Arquivos comuns\Adobe

[22/07/2008|02:02] C:\Arquivos de programas\Arquivos comuns\Ahead

[19/12/2005|18:53] C:\Arquivos de programas\Arquivos comuns\Designer

[07/10/2006|23:24] C:\Arquivos de programas\Arquivos comuns\GTK

[19/12/2005|19:11] C:\Arquivos de programas\Arquivos comuns\InstallShield

[06/01/2006|22:59] C:\Arquivos de programas\Arquivos comuns\Java

[26/12/2005|19:01] C:\Arquivos de programas\Arquivos comuns\Logitech

[19/12/2005|18:21] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[19/12/2005|18:31] C:\Arquivos de programas\Arquivos comuns\MSSoap

[28/06/2008|09:21] C:\Arquivos de programas\Arquivos comuns\Nero

[19/12/2005|18:21] C:\Arquivos de programas\Arquivos comuns\ODBC

[06/01/2006|23:23] C:\Arquivos de programas\Arquivos comuns\Real

[19/12/2005|18:31] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[19/12/2005|18:21] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[04/07/2008|22:19] C:\Arquivos de programas\Arquivos comuns\Stardock

[19/12/2005|18:31] C:\Arquivos de programas\Arquivos comuns\System

[22/05/2008|15:00] C:\Arquivos de programas\Arquivos comuns\Thraex Software

[15/11/2007|13:22] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[23/03/2008|21:36] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 36 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-15 19:16:26

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:37][D:0]-> C:\DOCUME~1\Usuario\CONFIG~1\Temp

[F:1][D:0]-> C:\DOCUME~1\Usuario\Cookies

[F:47][D:4]-> C:\DOCUME~1\Usuario\CONFIG~1\TEMPOR~1\content.IE5

[F:2][D:0]-> C:\Recycled

 

1 - "C:\Lop SD\LopR_1.txt" - 15/09/2008|19:20 - Option : [2]

 

--------------------\\ Verificação completa em 19:20:48

________________________________________________________________________________

___

 

 

cara, eu te amo, AHUASHUSAUHsUHSASUHASAUHSA.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado
- excluí o avast! e optei pelo kaspersky 2009, só pra mudar a rotina;

(aliás, qual a sua opinião sobre esse antivírus ? tem um que é melhor ?)

 

Continue com o seu Kaspersky ele é otimo :)

 

cara, eu te amo, AHUASHUSAUHsUHSASUHASAUHSA.

 

Calma amigo, minha namorado é tão ciumenta, rs.

 

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito