[Arquivado] PC nao abre o HijackThis e outros programas

Guildus · Fevereiro 17, 2009

Bom dia Adms

Bem desde de ontem meu PC acho q pegou um virus, nao quer mais abri antivirus, nem o HijackThis pra mim fazer o log, alguns sites tbm nao abrem, o msn fica mandando virus pra os contatos e quando manda eu nao consigo mais conversar com nenhum deles.

Img de mim mandando o virus:

Algum de vcs teriam a solucao pra este caso?

Consegui fazer o log tah ai embaixo, espero q me ajudem obrigado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:11, on 17/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de Programa\Adobe\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrador\gcs.exe \s

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de Programa\Java\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de Programa\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de Programa\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG AntiVirus Scanner] avgscnr.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\Avast\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [NitroPC] "D:\Arquivos de Programa\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de Programa\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm414YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFA3BF80-ED20-4296-BADA-5939208DAE33}: NameServer = 200.165.132.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de Programa\AVG 8\avgpp.dll (file missing)

O20 - Winlogon Notify: wvutsqr - wvutsqr.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Arquivos de Programa\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de Programa\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de Programa\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de Programa\Java\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - D:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--

End of file - 10092 bytes

Obrigado

DigRam · Fevereiro 19, 2009

Bom Dia! Guildus

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

Abraços!

Guildus · Fevereiro 19, 2009

Bom dia DigRam

Eu fiz oq você mandou mas depois q saiu o log do combofix, o pc nao tah mais com acesso a internet =[ To numa lan pra postar aki pra você, quando eu coloco pra reparar a net da a seguinte msg:

O Windows não pôde concluir o reparo do problema porque a seguinte ação não pôde ser concluida:

Falha ao consultar as configurações de TCP/IP da conexão.

Não é possível continuar.

O q eu fasso pra voltar a conexão?

O log do combofix e do HijackThis tao no meu pc mas sem net pra postar =[

Obrigado!

DigRam · Fevereiro 19, 2009

Bom dia DigRam

Eu fiz oq você mandou mas depois q saiu o log do combofix, o pc nao tah mais com acesso a internet =[ To numa lan pra postar aki pra você, quando eu coloco pra reparar a net da a seguinte msg:

O Windows não pôde concluir o reparo do problema porque a seguinte ação não pôde ser concluida:

Falha ao consultar as configurações de TCP/IP da conexão.

Não é possível continuar.

O q eu fasso pra voltar a conexão?

O log do combofix e do HijackThis tao no meu pc mas sem net pra postar =[

Obrigado!

<><><><><><><><><>

Opa! Guildus

<!> O ComboFix,para estes incidentes,estabelece um Ponto de restauração do sistema.

<><><><><><><><><>

<!> Vá até a Restauração do sistema,e escolha: Restaurar o computador mais cedo

Abraços!

Guildus · Fevereiro 19, 2009

Boa Tarde DigRam

Consegui resolver a parada da conexão segue abaixo os log do combofix e hijacjthis:

Log ComboFix

ComboFix 09-02-17.02 - Administrador 2009-02-19 9:05:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1022.658 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.58824824 [VPS 090205-1] *On-access scanning disabled* (Outdated)

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\cdeeg.ini

c:\windows\system32\cdeeg.ini2

c:\windows\Tasks\startt.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Passthru

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-19 to 2009-02-19 ))))))))))))))))))))))))))))

.

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\xircom

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\oobe

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-02-19 08:51 . 2009-02-19 08:51 301 --a------ c:\windows\wininit.ini

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek Sound Manager

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2009-02-17 12:10 . 2009-02-17 12:10 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-02-17 12:09 . 2009-02-17 12:10 <DIR> d-------- C:\HJTInastall

2009-02-17 06:36 . 2009-02-17 06:36 11,264 --ah----- c:\documents and settings\Administrador\gcs.exe

2009-02-17 06:27 . 2009-02-17 06:27 11,264 --ah----- c:\documents and settings\Administrador\otoxodf.exe

2009-02-16 21:49 . 2009-02-19 08:51 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-02-16 15:17 . 2009-02-16 15:17 34,016 --a------ c:\windows\system32\drivers\dpqqznsb.sys

2009-02-16 15:15 . 2009-02-17 06:36 67,072 ---h----- c:\windows\system32\secupdat.dat

2009-02-16 15:15 . 2009-02-17 06:36 54,400 --a------ c:\windows\system32\drivers\ndisio.sys

2009-02-16 15:15 . 2009-02-11 12:52 49,152 -r-hs---- c:\windows\system32\avgscnr.exe

2009-02-16 15:15 . 2009-02-16 15:15 11,264 --ah----- c:\documents and settings\Administrador\prmibah.exe

2009-02-08 19:17 . 2009-02-09 08:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-01 10:04 . 2009-02-01 10:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\2DBoy

2009-01-29 00:34 . 2009-01-29 00:34 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-27 10:18 . 2009-01-27 10:18 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-01-27 09:58 . 2009-01-27 09:58 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-19 10:44 --------- d-----w c:\arquivos de programas\AvRack

2009-02-17 10:39 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-17 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-17 09:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-02-17 09:22 --------- d-s---w c:\documents and settings\André\Dados de aplicativos\Microsoft

2009-02-17 01:00 --------- d-----w c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-17 00:57 --------- d-----w c:\arquivos de programas\StepMania CVS

2009-02-02 23:26 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-02-02 13:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-24 11:07 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\IGN_DLM

2009-01-16 22:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2009-01-16 12:40 --------- d-----w c:\arquivos de programas\Free Audio Pack

2009-01-10 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express

2008-12-30 11:11 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\MP3Rocket

2008-12-30 11:11 --------- d-----w c:\arquivos de programas\ESET

2008-12-26 13:00 --------- d-----w c:\arquivos de programas\QuickTime

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="d:\arquivos de programa\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"SpybotSD TeaTimer"="d:\arquivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD8373"="del" [X]

"SpybotDeletingD4697"="del" [X]

"SpybotDeletingB6054"="command.com" [2001-10-28 c:\windows\system32\command.com]

"SpybotDeletingB7766"="command.com" [2001-10-28 c:\windows\system32\command.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-05-28 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-12-26 413696]

"SunJavaUpdateSched"="d:\arquivos de programa\Java\bin\jusched.exe" [2009-01-29 136600]

"Adobe Reader Speed Launcher"="d:\arquivos de programa\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast!"="d:\arquiv~1\Avast\ashDisp.exe" [2009-02-05 81000]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

"AVG AntiVirus Scanner"="avgscnr.exe" [2009-02-11 c:\windows\system32\avgscnr.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingC6730"="del" [X]

"SpybotDeletingC3822"="del" [X]

"SpybotDeletingA2280"="command.com" [2001-10-28 c:\windows\system32\command.com]

"SpybotDeletingA4567"="command.com" [2001-10-28 c:\windows\system32\command.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de Programa\\OnGame\\GunBoundWC\\GunBound.gme"=

"d:\\Arquivos de Programa\\Doom\\Bin\\Doomsday.exe"=

"d:\\Arquivos de Programa\\Ares\\Ares.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitdm.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitnet.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"d:\arquivos de programa\Combat Arms\CombatArms.exe"= d:\arquivos de programa\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"d:\arquivos de programa\Combat Arms\Engine.exe"= d:\arquivos de programa\Combat Arms\Engine.exe:*Enabled:Engine.exe

"d:\\Arquivos de Programa\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12521:TCP"= 12521:TCP:BitComet 12521 TCP

"12521:UDP"= 12521:UDP:BitComet 12521 UDP

R0 dpqqznsb;dpqqznsb;c:\windows\system32\drivers\dpqqznsb.sys [2009-02-16 34016]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b442ebf-8325-11dc-a8eb-001558b27f33}]

\Shell\Auto\command - Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f80e7b3-c5b2-11dc-a9f5-001558b27f33}]

\Shell\AutoRun\command - RavMon.exe

\Shell\explore\Command - RavMon.exe -e

\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d36ffe-f5ce-11dd-909a-001558b27f33}]

\Shell\AutoRun\command - wscript.exe .\.vbs

\Shell\open\command - wscript.exe .\.vbs

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-NitroPC - d:\arquivos de programa\NitroPC\NitroPC.exe

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

Notify-wvutsqr - wvutsqr.dll

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

IE: &Download by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/204

IE: &Search - ?p=ZNxdm414YYBR

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

IE: Do&wnload selected by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/202

TCP: {BFA3BF80-ED20-4296-BADA-5939208DAE33} = 200.165.132.155

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\

FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: d:\arquivos de programa\Adobe\Reader\browser\nppdf32.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npjp2.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nppl3260.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprjplug.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-19 09:20:54

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"d:\arquivos de programa\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\arquivos de programa\MySQL Server 5.0\my.ini\" MySQL"

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programa\Avast\aswUpdSv.exe

d:\arquivos de programa\Avast\ashServ.exe

d:\arquivos de programa\Java\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WgaTray.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-19 9:23:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-02-19 12:23:48

PrÚ-execuþÒo: 64.483.328 bytes dispon¡veis

P¾s execuþÒo: 247,857,152 bytes dispon¡veis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

209 --- E O F --- 2008-11-12 09:51:19

Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:14, on 19/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896