[Resolvido!]I.E abrindo sozinho toda hora de novo

leandro'lf · Outubro 12, 2008

Meu explorer volto a abri sozinho..o arquivo xvyu5i4c.exe reapareceu

eu deletei o xvyu5i4c.exe manualmente e ele nao volto... fui em tarefas agendadas tinha um monte de tarefa la q eu nao puis tbm deletei todas só q nada resolveu o problema!

alguem me ajuda? =/

ta ai meu log do hijack:

Logfile of HijackThis v1.99.1

Scan saved at 23:38:46, on 11/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GetModule\GetModule23.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Arquivos de programas\BChanger\bchanger.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Arquivos de programas\QdrDrive\QdrDrive16.dll

O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Arquivos de programas\QdrDrive\QdrDrive20.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\ARQUIV~1\FREEDO~1\0.999\fdahlp.dll

O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\XVYUhIjC.dll

O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll

O2 - BHO: bannerstyles15 browser enhancer - {d6a99296-a6ca-ad88-6553-c72021cdff69} - C:\WINDOWS\system32\chpkulxbdruckdcb.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdabar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [vbncbuqkzd] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\chpkulxbdruckdcb.dll"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [GetModule23] "C:\Arquivos de programas\GetModule\GetModule23.exe"

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaie.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200424221406

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201204891156

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

DigRam · Outubro 12, 2008

Bom Dia! leandro'lf

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Digite a opção para continuar! --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

leandro'lf · Outubro 12, 2008

executei do jeito que me pediu

o scan se iniciou sozinho tambem Oo

segue o log criado pelo combofix seguido do hijackthis:

Combofix:

ComboFix 08-10-11.04 - Winxp 2008-10-12 15:53:56.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1674 [GMT -3:00]

Executando de: C:\Documents and Settings\Winxp\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\BChanger

C:\Arquivos de programas\BChanger\bchanger.dll

C:\Arquivos de programas\BChanger\data.dat

C:\Arquivos de programas\BChanger\Uninstall.exe

C:\Arquivos de programas\FBrowserAdvisor

C:\Arquivos de programas\GetModule

C:\Arquivos de programas\GetModule\GetModule23.exe

C:\Arquivos de programas\GetModule\kwdik.gz

C:\Arquivos de programas\GetPack

C:\Arquivos de programas\GetPack\GetPack20.exe

C:\Arquivos de programas\GetPack\GetPack21.exe

C:\Arquivos de programas\GetPack\GetPack22.exe

C:\Arquivos de programas\GetPack\trgtame.gz

C:\Arquivos de programas\iCheck

C:\Arquivos de programas\iCheck\Uninstall.exe

C:\Arquivos de programas\ISM

C:\Arquivos de programas\ISM\ism.exe

C:\Arquivos de programas\ISM\Uninstall.exe

C:\Arquivos de programas\PlayMP3z

C:\Arquivos de programas\PlayMP3z\PlayMP3.exe

C:\Arquivos de programas\PlayMP3z\uninstall.exe

C:\Arquivos de programas\QdrDrive

C:\Arquivos de programas\QdrDrive\QdrDrive16.dll

C:\Arquivos de programas\QdrDrive\QdrDrive20.dll

C:\Arquivos de programas\QdrDrive\qdrloader.exe

C:\Arquivos de programas\VnrBlock

C:\Arquivos de programas\VnrBlock\VnrBlock20.exe

C:\Arquivos de programas\VnrBlock\VnrBlock21.exe

C:\Arquivos de programas\VnrBlock\xenvertupd.exe

C:\Arquivos de programas\VnrBlock\xoffdic.gz

C:\Arquivos de programas\VnrBlock\xtarga.gz

C:\Arquivos de programas\VnrPack

C:\Arquivos de programas\VnrPack\ilaupd.exe

C:\Arquivos de programas\VnrPack\trgts.gz

C:\Arquivos de programas\VnrPack\VnrPack20.exe

C:\autorun.inf

C:\bo1dhu.bat

C:\Documents and Settings\All Users\Dados de aplicativos\Rabio

C:\Documents and Settings\Winxp\Menu Iniciar\Programas\Internet Speed Monitor

C:\Documents and Settings\Winxp\Menu Iniciar\Programas\Internet Speed Monitor\Check Now.lnk

C:\Documents and Settings\Winxp\Menu Iniciar\Programas\Internet Speed Monitor\Uninstall.lnk

C:\e.exe

C:\itsduel.exe

C:\n6t1h.cmd

C:\p.cmd

C:\uxkktr.cmd

C:\vva0hc0p.cmd

C:\WINDOWS\308.exe

C:\WINDOWS\system32\38m7YFUD.exe.a_a

C:\WINDOWS\system32\Bitkv1.dll

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo1.dll

C:\WINDOWS\system32\systeminfo3.dll

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\tavo1.dll

C:\WINDOWS\system32\UpMedia

C:\WINDOWS\system32\WinNB55.dll

C:\WINDOWS\system32\XVYUhIjC.dll

C:\WINDOWS\system32\yRU3BQv4.exe.a_a

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-12 to 2008-10-12 ))))))))))))))))))))))))))))

.

2008-10-12 15:35 . 2008-10-12 15:39 116,154 -r-hs---- C:\gx.com

2008-10-09 18:08 . 2008-10-10 22:32 101,500 -r-hs---- C:\08dgu.com

2008-10-05 00:01 . 2008-10-05 13:06 119,960 -r-hs---- C:\o6pq1n8.com

2008-10-03 11:10 . 2008-10-03 11:10 156,672 --a------ C:\WINDOWS\system32\chpkulxbdruckdcb.dll

2008-09-29 22:57 . 2008-10-05 23:53 <DIR> dr------- C:\Documents and Settings\NetworkService\Meus documentos

2008-09-29 22:57 . 2008-09-29 22:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Iniciar

2008-09-29 22:57 . 2008-09-29 22:57 <DIR> d--h----- C:\Documents and Settings\NetworkService\Ambiente de rede

2008-09-29 15:14 . 2008-09-19 09:28 116,277 -r-hs---- C:\sasyg1y8.com

2008-09-23 11:10 . 2008-09-23 11:10 167,936 --a------ C:\WINDOWS\system32\_chpkulxbdruckdcb.dll

2008-09-20 18:33 . 2008-09-20 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-09-20 18:31 . 2008-09-20 18:31 <DIR> d-------- C:\Arquivos de programas\SlySoft

2008-09-20 11:04 . 2008-09-20 11:04 30,272 --a------ C:\WINDOWS\system32\yRU3BQv4.exe

2008-09-20 11:04 . 2008-09-20 11:04 30,272 --a------ C:\WINDOWS\system32\38m7YFUD.exe

2008-09-20 07:44 . 2008-09-20 07:44 99,648 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

2008-09-16 20:20 . 2008-09-16 20:20 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Sony Corporation

2008-09-16 19:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-09-16 19:17 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-09-16 19:17 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-09-16 19:17 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-09-16 19:17 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2008-09-16 19:15 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe

2008-09-16 19:15 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe

2008-09-16 19:15 . 2006-11-02 16:57 36,624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-09-16 19:15 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-16 19:15 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-16 19:07 . 2008-09-16 19:07 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\InstallShield

2008-09-16 19:07 . 2008-09-16 19:07 <DIR> d-------- C:\Arquivos de programas\Sony

2008-09-15 23:40 . 2008-09-15 23:40 <DIR> d-------- C:\Documents and Settings\Winxp\Dados de aplicativos\Leadertech

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-12 18:51 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\MegauploadToolbar

2008-10-12 18:49 --------- d-----w C:\Arquivos de programas\Steam

2008-10-12 00:10 --------- d-----w C:\Arquivos de programas\QuickTime

2008-10-12 00:08 81,920 ----a-w C:\Documents and Settings\Winxp\Dados de aplicativos\ezpinst.exe

2008-10-12 00:08 47,360 ----a-w C:\Documents and Settings\Winxp\Dados de aplicativos\pcouffin.sys

2008-10-12 00:08 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\Vso

2008-10-12 00:00 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-10-11 18:10 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-10-06 22:05 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\LimeWire

2008-10-03 23:32 79,097 ----a-w C:\WINDOWS\system32\mnbeqougpmnlsvqwj.exe

2008-10-03 01:48 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\Skype

2008-10-02 17:48 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\skypePM

2008-09-28 17:05 --------- d-----w C:\Arquivos de programas\PowerArchiver

2008-09-20 13:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-09-16 22:17 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-11 00:12 --------- d-----w C:\Documents and Settings\Winxp\Dados de aplicativos\Tibia

2008-09-11 00:12 --------- d-----w C:\Arquivos de programas\Tibia

2008-09-09 22:01 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-24 23:45 266,524 ----a-w C:\WINDOWS\ISMSetup.exe

2008-07-18 21:55 401,408 ----a-w C:\WINDOWS\system32\winih75.dll

.

((((((((((((((((((((((((((((( snapshot@2008-05-22_12.40.17,70 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-25 00:17:13 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-07-25 00:18:21 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe

+ 2008-07-29 14:58:52 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\ARPPRODUCTICON.exe

+ 2008-07-29 14:58:52 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut2_4BDFD2CE632942E498019B3D1F10D79B.exe

+ 2008-07-29 14:58:52 65,536 ----a-r C:\WINDOWS\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut3_4BDFD2CE632942E498019B3D1F10D79B.exe

+ 2008-07-25 20:05:31 102,400 ----a-r C:\WINDOWS\Installer\{B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9}\iTunesIco.exe

+ 2008-08-02 16:38:34 65,952 ----a-r C:\WINDOWS\Installer\{B6826FA8-04C8-4147-AA3C-5B900AB887A1}\POWERARC.exe

- 2000-08-31 11:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 11:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

+ 2008-09-23 14:10:20 167,936 ----a-w C:\WINDOWS\system32\_chpkulxbdruckdcb.dll

+ 2004-08-04 03:45:34 69,632 ----a-w C:\WINDOWS\system32\Bitkv0.dll

+ 2008-10-06 02:54:38 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

+ 2005-02-05 22:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll

+ 2005-03-18 20:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll

+ 2005-05-26 18:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll

+ 2005-07-22 22:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll

+ 2005-12-05 21:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll

+ 2006-02-03 11:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll

+ 2006-03-31 15:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll

+ 2006-09-28 19:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll

+ 2006-11-29 16:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll

+ 2004-08-04 03:45:24 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll

+ 2001-08-18 01:02:20 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys

+ 2001-09-06 02:20:20 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys

+ 2001-08-18 00:56:16 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonypvu1.sys

+ 2004-08-04 02:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys

+ 2004-08-04 02:08:48 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys

+ 2007-07-24 18:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe

+ 2007-07-24 18:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

+ 2008-07-21 12:11:58 24,392 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys

+ 2008-01-29 15:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2001-08-18 01:02:20 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys

+ 2001-09-06 02:20:20 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys

+ 2007-02-16 00:56:49 11,984 ----a-w C:\WINDOWS\system32\drivers\RegKill.sys

+ 2001-08-18 00:56:16 7,552 ----a-w C:\WINDOWS\system32\drivers\SONYPVU1.SYS

+ 2008-08-03 19:41:46 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

+ 2008-07-03 05:12:48 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

+ 2004-08-04 02:07:56 59,264 ----a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys

+ 2004-08-04 02:08:48 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys

+ 2008-07-03 05:12:48 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys

+ 2008-06-26 11:06:39 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll

- 2008-05-17 16:17:09 187,408 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-07-29 17:27:14 191,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-01-29 15:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2004-08-04 03:45:24 21,504 ----a-w C:\WINDOWS\system32\hidserv.dll

+ 2005-06-15 09:00:00 8,192 ----a-w C:\WINDOWS\system32\libcvr-1.0.0.dll

+ 2005-06-15 09:00:00 30,720 ----a-w C:\WINDOWS\system32\libdsw-1.0.0.dll

+ 2005-06-15 09:00:00 16,384 ----a-w C:\WINDOWS\system32\libgif-1.0.0.dll

+ 2005-06-15 09:00:00 22,016 ----a-w C:\WINDOWS\system32\libhav-1.0.0.dll

+ 2005-06-15 09:00:00 205,824 ----a-w C:\WINDOWS\system32\libjp2-1.0.0.dll

+ 2005-06-15 09:00:00 110,592 ----a-w C:\WINDOWS\system32\libjpg-1.0.0.dll

+ 2005-06-15 09:00:00 969,728 ----a-w C:\WINDOWS\system32\libmcl-4.4.0.dll

+ 2005-06-15 09:00:00 1,679,872 ----a-w C:\WINDOWS\system32\libmpg-1.0.0.dll

+ 2005-06-15 09:00:00 1,185,280 ----a-w C:\WINDOWS\system32\libogg-1.0.0.dll

+ 2005-06-15 09:00:00 149,504 ----a-w C:\WINDOWS\system32\libpng-1.0.0.dll

+ 2005-06-15 09:00:00 301,056 ----a-w C:\WINDOWS\system32\libtif-1.0.0.dll

+ 2005-06-15 09:00:00 39,936 ----a-w C:\WINDOWS\system32\libxpm-1.0.0.dll

+ 2003-11-07 14:03:34 204,800 ----a-w C:\WINDOWS\system32\PixologyIRISS011.dll

+ 2006-10-18 22:43:36 64,248 ----a-w C:\WINDOWS\system32\PxCpyA64.exe

+ 2006-11-02 19:57:04 72,440 ----a-w C:\WINDOWS\system32\pxhpinst.exe

+ 2006-11-02 19:57:04 64,760 ----a-w C:\WINDOWS\system32\PxInsA64.exe

+ 2006-11-02 19:57:04 39,672 ----a-w C:\WINDOWS\system32\vxblock.dll

+ 2007-11-30 15:08:00 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL

+ 2006-02-03 11:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll

+ 2007-03-05 15:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2006-02-03 11:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll

+ 2006-03-31 15:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll

+ 2006-05-31 10:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll

+ 2006-07-28 12:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll

+ 2006-09-28 19:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll

+ 2006-12-08 15:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll

+ 2006-03-31 15:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll

+ 2006-07-28 12:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll

+ 2007-04-04 21:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

+ 2005-12-05 21:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll

+ 2006-12-02 01:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 01:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6a99296-a6ca-ad88-6553-c72021cdff69}]

2008-10-03 11:10 156672 --a------ C:\WINDOWS\system32\chpkulxbdruckdcb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"vbncbuqkzd"="C:\WINDOWS\system32\chpkulxbdruckdcb.dll" [2008-10-03 156672]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.iv41"= ir41_32.dll

"msacm.iac2"= C:\WINDOWS\system32\iac25_32. ax

"VIDC.VP40"= vp4vfw.dll

"vidc.X264"= x264vfw.dll

"VIDC.DRAW"= DVIDEO.DLL

"VIDC.YV12"= yv12vfw.dll

"VIDC.MSUD"= msulvc05.dll

"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=C:\Documents and Settings\Winxp\Desktop\ntosboot.bat

[HKLM\~\startupfolder\C:^Documents and Settings^Winxp^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

path=C:\Documents and Settings\Winxp\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk

backup=C:\WINDOWS\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

--a------ 2008-09-20 07:45 2177984 C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\counter-strike\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\day of defeat\\hl.exe"=

"C:\\Arquivos de programas\\Steam\\steamapps\\mdkzinho\\deathmatch classic\\hl.exe"=

"C:\\Arquivos de programas\\K-Lite\\kazaa.core"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\empires2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Documents and Settings\\Winxp\\Meus documentos\\Age Of Empires II\\age2_x1.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9e4b0-8d69-11dd-b6cd-00173182f7ef}]

\Shell\AutoRun\command - G:\sasyg1y8.com

\Shell\explore\Command - G:\sasyg1y8.com

\Shell\open\Command - G:\sasyg1y8.com

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

HKCU-Run-GetModule23 - C:\Arquivos de programas\GetModule\GetModule23.exe

ShellExecuteHooks-{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} - C:\WINDOWS\system32\Bitkv1.dll

MSConfigStartUp-DAEMON Tools Lite - C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

MSConfigStartUp-GetModule23 - C:\Arquivos de programas\GetModule\GetModule23.exe

MSConfigStartUp-GetPack21 - C:\Arquivos de programas\GetPack\GetPack21.exe

MSConfigStartUp-GetPack22 - C:\Arquivos de programas\GetPack\GetPack22.exe

MSConfigStartUp-QuickTime Task - C:\Arquivos de programas\QuickTime\qttask.exe

MSConfigStartUp-VnrBlock20 - C:\Arquivos de programas\VnrBlock\VnrBlock20.exe

MSConfigStartUp-VnrBlock21 - C:\Arquivos de programas\VnrBlock\VnrBlock21.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Winxp\Dados de aplicativos\Mozilla\Firefox\Profiles\qzfjszea.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.orkut.com

FF -: plugin - C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin8.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-12 15:57:02

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-12 16:00:03

ComboFix-quarantined-files.txt 2008-10-12 18:59:12

ComboFix2.txt 2008-05-27 20:51:11

ComboFix3.txt 2008-05-23 03:31:34

ComboFix4.txt 2008-05-22 15:40:58

Pré-execução: 16 pasta(s) 113.300.307.968 bytes disponíveis

Pós execução: 20 pasta(s) 113,400,397,824 bytes disponíveis

316

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 16:03:06, on 12/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Downloads Accelerator\0.999\fdaagent.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896