[Arquivado] PC nao abre o HijackThis e outros programas

[Guildus 0]

Bom dia Adms

 

Bem desde de ontem meu PC acho q pegou um virus, nao quer mais abri antivirus, nem o HijackThis pra mim fazer o log, alguns sites tbm nao abrem, o msn fica mandando virus pra os contatos e quando manda eu nao consigo mais conversar com nenhum deles.

Img de mim mandando o virus:

 

Algum de vcs teriam a solucao pra este caso?

 

Consegui fazer o log tah ai embaixo, espero q me ajudem obrigado

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:11, on 17/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de Programa\Adobe\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrador\gcs.exe \s

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de Programa\Java\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de Programa\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de Programa\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG AntiVirus Scanner] avgscnr.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\Avast\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [NitroPC] "D:\Arquivos de Programa\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de Programa\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm414YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFA3BF80-ED20-4296-BADA-5939208DAE33}: NameServer = 200.165.132.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de Programa\AVG 8\avgpp.dll (file missing)

O20 - Winlogon Notify: wvutsqr - wvutsqr.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Arquivos de Programa\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de Programa\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de Programa\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de Programa\Java\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - D:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 10092 bytes

 

Obrigado

[DigRam 144]

Bom Dia! Guildus

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Guildus 0]

Bom dia DigRam

 

Eu fiz oq você mandou mas depois q saiu o log do combofix, o pc nao tah mais com acesso a internet =[ To numa lan pra postar aki pra você, quando eu coloco pra reparar a net da a seguinte msg:

 

O Windows não pôde concluir o reparo do problema porque a seguinte ação não pôde ser concluida:

Falha ao consultar as configurações de TCP/IP da conexão.

Não é possível continuar.

 

O q eu fasso pra voltar a conexão?

O log do combofix e do HijackThis tao no meu pc mas sem net pra postar =[

 

Obrigado!

[DigRam 144]

Bom dia DigRam

 

Eu fiz oq você mandou mas depois q saiu o log do combofix, o pc nao tah mais com acesso a internet =[ To numa lan pra postar aki pra você, quando eu coloco pra reparar a net da a seguinte msg:

 

O Windows não pôde concluir o reparo do problema porque a seguinte ação não pôde ser concluida:

Falha ao consultar as configurações de TCP/IP da conexão.

Não é possível continuar.

 

O q eu fasso pra voltar a conexão?

O log do combofix e do HijackThis tao no meu pc mas sem net pra postar =[

 

Obrigado!

<><><><><><><><><>

Opa! Guildus

 

<!> O ComboFix,para estes incidentes,estabelece um Ponto de restauração do sistema.

<><><><><><><><><>

<!> Vá até a Restauração do sistema,e escolha: Restaurar o computador mais cedo

 

Abraços!

[Guildus 0]

Boa Tarde DigRam

 

Consegui resolver a parada da conexão segue abaixo os log do combofix e hijacjthis:

 

Log ComboFix

 

ComboFix 09-02-17.02 - Administrador 2009-02-19 9:05:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1022.658 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.58824824 [VPS 090205-1] *On-access scanning disabled* (Outdated)

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\cdeeg.ini

c:\windows\system32\cdeeg.ini2

c:\windows\Tasks\startt.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Passthru

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-19 to 2009-02-19 ))))))))))))))))))))))))))))

.

 

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\xircom

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\oobe

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-02-19 08:51 . 2009-02-19 08:51 301 --a------ c:\windows\wininit.ini

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek Sound Manager

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2009-02-17 12:10 . 2009-02-17 12:10 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-02-17 12:09 . 2009-02-17 12:10 <DIR> d-------- C:\HJTInastall

2009-02-17 06:36 . 2009-02-17 06:36 11,264 --ah----- c:\documents and settings\Administrador\gcs.exe

2009-02-17 06:27 . 2009-02-17 06:27 11,264 --ah----- c:\documents and settings\Administrador\otoxodf.exe

2009-02-16 21:49 . 2009-02-19 08:51 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-02-16 15:17 . 2009-02-16 15:17 34,016 --a------ c:\windows\system32\drivers\dpqqznsb.sys

2009-02-16 15:15 . 2009-02-17 06:36 67,072 ---h----- c:\windows\system32\secupdat.dat

2009-02-16 15:15 . 2009-02-17 06:36 54,400 --a------ c:\windows\system32\drivers\ndisio.sys

2009-02-16 15:15 . 2009-02-11 12:52 49,152 -r-hs---- c:\windows\system32\avgscnr.exe

2009-02-16 15:15 . 2009-02-16 15:15 11,264 --ah----- c:\documents and settings\Administrador\prmibah.exe

2009-02-08 19:17 . 2009-02-09 08:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-01 10:04 . 2009-02-01 10:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\2DBoy

2009-01-29 00:34 . 2009-01-29 00:34 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-27 10:18 . 2009-01-27 10:18 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-01-27 09:58 . 2009-01-27 09:58 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-19 10:44 --------- d-----w c:\arquivos de programas\AvRack

2009-02-17 10:39 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-17 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-17 09:53 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-02-17 09:22 --------- d-s---w c:\documents and settings\André\Dados de aplicativos\Microsoft

2009-02-17 01:00 --------- d-----w c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-17 00:57 --------- d-----w c:\arquivos de programas\StepMania CVS

2009-02-02 23:26 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-02-02 13:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-24 11:07 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\IGN_DLM

2009-01-16 22:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2009-01-16 12:40 --------- d-----w c:\arquivos de programas\Free Audio Pack

2009-01-10 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express

2008-12-30 11:11 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\MP3Rocket

2008-12-30 11:11 --------- d-----w c:\arquivos de programas\ESET

2008-12-26 13:00 --------- d-----w c:\arquivos de programas\QuickTime

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="d:\arquivos de programa\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"SpybotSD TeaTimer"="d:\arquivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD8373"="del" [X]

"SpybotDeletingD4697"="del" [X]

"SpybotDeletingB6054"="command.com" [2001-10-28 c:\windows\system32\command.com]

"SpybotDeletingB7766"="command.com" [2001-10-28 c:\windows\system32\command.com]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-05-28 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-12-26 413696]

"SunJavaUpdateSched"="d:\arquivos de programa\Java\bin\jusched.exe" [2009-01-29 136600]

"Adobe Reader Speed Launcher"="d:\arquivos de programa\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast!"="d:\arquiv~1\Avast\ashDisp.exe" [2009-02-05 81000]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

"AVG AntiVirus Scanner"="avgscnr.exe" [2009-02-11 c:\windows\system32\avgscnr.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingC6730"="del" [X]

"SpybotDeletingC3822"="del" [X]

"SpybotDeletingA2280"="command.com" [2001-10-28 c:\windows\system32\command.com]

"SpybotDeletingA4567"="command.com" [2001-10-28 c:\windows\system32\command.com]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de Programa\\OnGame\\GunBoundWC\\GunBound.gme"=

"d:\\Arquivos de Programa\\Doom\\Bin\\Doomsday.exe"=

"d:\\Arquivos de Programa\\Ares\\Ares.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitdm.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitnet.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"d:\arquivos de programa\Combat Arms\CombatArms.exe"= d:\arquivos de programa\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"d:\arquivos de programa\Combat Arms\Engine.exe"= d:\arquivos de programa\Combat Arms\Engine.exe:*Enabled:Engine.exe

"d:\\Arquivos de Programa\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12521:TCP"= 12521:TCP:BitComet 12521 TCP

"12521:UDP"= 12521:UDP:BitComet 12521 UDP

 

R0 dpqqznsb;dpqqznsb;c:\windows\system32\drivers\dpqqznsb.sys [2009-02-16 34016]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b442ebf-8325-11dc-a8eb-001558b27f33}]

\Shell\Auto\command - Cn911.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f80e7b3-c5b2-11dc-a9f5-001558b27f33}]

\Shell\AutoRun\command - RavMon.exe

\Shell\explore\Command - RavMon.exe -e

\Shell\open\Command - RavMon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d36ffe-f5ce-11dd-909a-001558b27f33}]

\Shell\AutoRun\command - wscript.exe .\.vbs

\Shell\open\command - wscript.exe .\.vbs

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-NitroPC - d:\arquivos de programa\NitroPC\NitroPC.exe

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

Notify-wvutsqr - wvutsqr.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

IE: &Download by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/204

IE: &Search - ?p=ZNxdm414YYBR

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

IE: Do&wnload selected by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/202

TCP: {BFA3BF80-ED20-4296-BADA-5939208DAE33} = 200.165.132.155

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\

FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: d:\arquivos de programa\Adobe\Reader\browser\nppdf32.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npjp2.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nppl3260.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprjplug.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-19 09:20:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"d:\arquivos de programa\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\arquivos de programa\MySQL Server 5.0\my.ini\" MySQL"

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programa\Avast\aswUpdSv.exe

d:\arquivos de programa\Avast\ashServ.exe

d:\arquivos de programa\Java\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WgaTray.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-19 9:23:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-02-19 12:23:48

 

PrÚ-execuþÒo: 64.483.328 bytes dispon¡veis

P¾s execuþÒo: 247,857,152 bytes dispon¡veis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

209 --- E O F --- 2008-11-12 09:51:19

 

 

Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:14, on 19/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de Programa\Java\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de Programa\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de Programa\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG AntiVirus Scanner] avgscnr.exe

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\Avast\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - ?p=ZNxdm414YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: wvutsqr - C:\WINDOWS\

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Arquivos de Programa\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de Programa\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de Programa\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de Programa\Java\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - D:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 8757 bytes

 

 

Obrigado tah me ajudando muito

[DigRam 144]

Boa Noite! Guildus

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><><>

<@> Abra o HijackThis --> Clique: Do a system scan only

 

<><><><><><><><><><><><><><><><><><><><><><>

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [AVG AntiVirus Scanner] avgscnr.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de Programa\AVG 8\avgpp.dll (file missing)

O20 - Winlogon Notify: wvutsqr - wvutsqr.dll (file missing)

<><><><><><><><><><><><><><><><><><><><><><>

 

<@> Marque,àcima,estas entradas --> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Vá a este link,e baixe: < alwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Guildus 0]

Boa noite DigRam

 

A entrada 016 e 020 nao encontrei do jeito q você falou, as outras sim e ja fiz o procedimento q você mandou.

Abaixo os Logs do Malwarebytes e do HijackThis:

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1780

Windows 5.1.2600 Service Pack 2

 

19/2/2009 23:00:33

mbam-log-2009-02-19 (23-00-33).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 139344

Tempo decorrido: 45 minute(s), 7 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 2

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Arquivos de programas\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:22, on 19/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

 

 

Obrigado, espero sua resposta.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de Programa\Java\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de Programa\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de Programa\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\Avast\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - ?p=ZNxdm414YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - Winlogon Notify: wvutsqr - C:\WINDOWS\

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Arquivos de Programa\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de Programa\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de Programa\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de Programa\Java\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - D:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 8297 bytes

[DigRam 144]

Bom Dia! Guildus

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

<@> Desabilite o Spybot. <-- TeaTimer

 

KillAll::

 

File::

c:\documents and settings\Administrador\prmibah.exe

c:\windows\system32\drivers\dpqqznsb.sys

c:\windows\system32\drivers\ndisio.sys

c:\windows\system32\secupdat.dat

c:\windows\system32\avgscnr.exe

c:\windows\system32\command.com

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b442ebf-8325-11dc-a8eb-001558b27f33}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f80e7b3-c5b2-11dc-a9f5-001558b27f33}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d36ffe-f5ce-11dd-909a-001558b27f33}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD8373"=-

"SpybotDeletingD4697"=-

"SpybotDeletingB6054"=-

"SpybotDeletingB7766"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingC6730"=-

"SpybotDeletingC3822"=-

"SpybotDeletingA2280"=-

"SpybotDeletingA4567"=-

 

Driver::

"dpqqznsb"

"ndisio"

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Guildus 0]

Bom dia DigRam

 

Apareceu essa msg:

O Change CodePage Utility encontrou um problema e precisa ser fechado.

E o combofix declara q o avg esta aberto mas nao sei onde ele tah pra eu fechar

 

Obrigado

[DigRam 144]

Bom dia DigRam

 

Apareceu essa msg:

O Change CodePage Utility encontrou um problema e precisa ser fechado.

E o combofix declara q o avg esta aberto mas nao sei onde ele tah pra eu fechar

 

Obrigado

<><><><><><><><>

Opa! Guildus

 

<!> Vá em Adicionar ou remover programas e desinstale o AVG e,posteriormente,faça a opção por apenas 1 antivírus. A proteção não aumenta,como muitos acham,ao te-los em grande número.

 

Abraços!

[Guildus 0]

Opa DigRam

 

O AVG nao esta tbm em adicionar ou remover programas =[

[DigRam 144]

Opa DigRam

 

O AVG nao esta tbm em adicionar ou remover programas =[

<><><><><><><><><>

Opa! Guildus

 

<!> Creio que fui o culpado por esse problema! Analista,também,erra. rsrsrs... :grin:

<!> Aonde,induzido pela presença do Avast,fui levado a crer que entradas do AVG,seriam resquícios desse antivírus.

<!> Mas...o HijackThis criou um backup de seus fixes e,vamos restaurar duas entradas pertencentes ao AVG.

<><><><><><><><><>

<!> Abra o HijackThis --> Clique em “View the list of backup“

<!> Selecione:

 

O4 - HKLM\..\Run: [AVG AntiVirus Scanner] avgscnr.exe

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de Programa\AVG 8\avgpp.dll (file missing)

 

<!> Clique em RESTORE.

<!> Reinicie o computador!

<!> Tendo êxito,desinstale o AVG.

<!> Utilize,preferencialmente,o uninstall do próprio programa. <-- Mais recomendável!

 

Abraços!

[Guildus 0]

Boa noite DigRam

 

Mano msm assim o AVG nao apareceu nem na unidade C nem D nem em Adicionar ou Remover Programas =[

[DigRam 144]

Boa noite DigRam

 

Mano msm assim o AVG nao apareceu nem na unidade C nem D nem em Adicionar ou Remover Programas =[

<><><><><><><><>

Opa! Guildus

 

<!> Utilize este desinstalador: RevoUninstaler,que possui variadas opções de limpeza.

<><><><><><><><>

<@> Baixe: < Revo Uninstaller >

<@> Salve-o no desktop.

<@> Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.

<@> Selecione-o e clique em Desinstalar.

<@> Para maiores detalhes,leia o < Tutorial >

 

Abraços!

[Guildus 0]

Opa DigRam

 

Acho q consegui tirar o AVG^^

Mas quanto ao erro esse abaixo:

O Change CodePage Utility encontrou um problema e precisa ser fechado.

[DigRam 144]

Opa DigRam

 

Acho q consegui tirar o AVG^^

Mas quanto ao erro esse abaixo:

O Change CodePage Utility encontrou um problema e precisa ser fechado.

<><><><><><><><><>

Opa! Guildus

 

<!> É complexa a correção desse erro. Mas...se impedir a execução do CFScript,voçê terá que executá-la.

 

< http://translate.google.com.br/translate?h...ll%26hl%3Dpt-BR >

 

<!> Nesta página,encontram-se instruções na solução do problema.

<><><><>>><><><><>

<!> Caso não encontre impedimentos,ao executar o ComboFix,pode realizá-lo.

 

Abraços!

[Guildus 0]

Opa DigRam

 

Eh tipo assim esse erro eu puxo o CFScript pra o icone do combofix ai da esse erro mas o combofix executa eu continuo msm com o erro eu so dou continuidade se nao aparecer esse erro?

[DigRam 144]

Opa DigRam

 

Eh tipo assim esse erro eu puxo o CFScript pra o icone do combofix ai da esse erro mas o combofix executa eu continuo msm com o erro eu so dou continuidade se nao aparecer esse erro?

<><><><><><><><>

Bom Dia! Guildus

 

<!> Em Modo de Segurança,o erro pode não existir....tente em Modo Seguro.

<!> Se o erro aparecer,continue com a execução da ferramenta. ( ComboFix )

 

Abraços!

[Guildus 0]

Bom dia DigRam

 

Desculpa a demora tah ai os logs xD

 

ComboFix:

 

ComboFix 09-02-21.01 - Administrador 2009-02-23 7:59:02.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1022.709 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.8.60370624 [VPS 090205-1] *On-access scanning disabled* (Outdated)

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\documents and settings\Administrador\prmibah.exe

c:\windows\system32\avgscnr.exe

c:\windows\system32\command.com

c:\windows\system32\drivers\dpqqznsb.sys

c:\windows\system32\drivers\ndisio.sys

c:\windows\system32\secupdat.dat

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\prmibah.exe

c:\windows\system32\avgscnr.exe

c:\windows\system32\command.com

c:\windows\system32\drivers\dpqqznsb.sys

c:\windows\system32\drivers\ndisio.sys

c:\windows\system32\secupdat.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DPQQZNSB

-------\Service_dpqqznsb

-------\Service_Passthru

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))

.

 

2009-02-21 09:38 . 2009-02-21 09:38 <DIR> d-------- c:\arquivos de programas\VS Revo Group

2009-02-19 22:12 . 2009-02-19 22:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-19 22:12 . 2009-02-19 22:12 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-02-19 22:12 . 2009-02-19 22:12 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-19 22:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-19 22:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-19 12:08 . 2005-09-19 16:43 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\xircom

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\windows\system32\oobe

2009-02-19 09:15 . 2009-02-19 09:15 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-02-19 08:51 . 2009-02-19 08:51 301 --a------ c:\windows\wininit.ini

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek Sound Manager

2009-02-19 07:44 . 2009-02-19 07:44 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2009-02-17 12:10 . 2009-02-17 12:10 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-02-17 12:09 . 2009-02-17 12:10 <DIR> d-------- C:\HJTInastall

2009-02-17 06:36 . 2009-02-17 06:36 11,264 --ah----- c:\documents and settings\Administrador\gcs.exe

2009-02-17 06:27 . 2009-02-17 06:27 11,264 --ah----- c:\documents and settings\Administrador\otoxodf.exe

2009-02-16 21:49 . 2009-02-19 22:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-02-08 19:17 . 2009-02-09 08:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2009-02-02 16:59 . 2009-02-02 16:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-01 10:04 . 2009-02-01 10:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\2DBoy

2009-01-29 00:34 . 2009-01-29 00:34 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-27 10:18 . 2009-01-27 10:18 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-01-27 09:58 . 2009-01-27 09:58 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-23 11:03 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-02-19 10:44 --------- d-----w c:\arquivos de programas\AvRack

2009-02-17 10:39 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-17 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-17 01:00 --------- d-----w c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-17 00:57 --------- d-----w c:\arquivos de programas\StepMania CVS

2009-02-02 23:26 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-02-02 13:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-24 11:07 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\IGN_DLM

2009-01-16 22:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2009-01-16 12:40 --------- d-----w c:\arquivos de programas\Free Audio Pack

2009-01-10 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Image Zone Express

2008-12-30 11:11 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\MP3Rocket

2008-12-30 11:11 --------- d-----w c:\arquivos de programas\ESET

2008-12-26 13:00 --------- d-----w c:\arquivos de programas\QuickTime

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-19_ 9.21.35.73 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-23 11:02:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3d4.dat

+ 2009-02-23 11:02:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_59c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"DAEMON Tools Lite"="d:\arquivos de programa\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-05-28 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-12-26 413696]

"SunJavaUpdateSched"="d:\arquivos de programa\Java\bin\jusched.exe" [2009-01-29 136600]

"Adobe Reader Speed Launcher"="d:\arquivos de programa\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast!"="d:\arquiv~1\Avast\ashDisp.exe" [2009-02-05 81000]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - d:\arquivos de programa\Orbitdownloader\orbitdm.exe [2008-09-16 1715400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutsqr]

[bU]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de Programa\\OnGame\\GunBoundWC\\GunBound.gme"=

"d:\\Arquivos de Programa\\Doom\\Bin\\Doomsday.exe"=

"d:\\Arquivos de Programa\\Ares\\Ares.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitdm.exe"=

"d:\\Arquivos de Programa\\Orbitdownloader\\orbitnet.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"d:\arquivos de programa\Combat Arms\CombatArms.exe"= d:\arquivos de programa\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"d:\arquivos de programa\Combat Arms\Engine.exe"= d:\arquivos de programa\Combat Arms\Engine.exe:*Enabled:Engine.exe

"d:\\Arquivos de Programa\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12521:TCP"= 12521:TCP:BitComet 12521 TCP

"12521:UDP"= 12521:UDP:BitComet 12521 UDP

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-23 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

IE: &Download by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/204

IE: &Search - ?p=ZNxdm414YYBR

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

IE: Do&wnload selected by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - d:\arquivos de programa\Orbitdownloader\orbitmxt.dll/202

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\

FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\xqhjibu5.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: d:\arquivos de programa\Adobe\Reader\browser\nppdf32.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\arquivos de programa\Java\bin\new_plugin\npjp2.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nppl3260.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprjplug.dll

FF - plugin: d:\arquivos de programa\Real Player\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-23 08:03:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"d:\arquivos de programa\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\arquivos de programa\MySQL Server 5.0\my.ini\" MySQL"

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programa\Avast\aswUpdSv.exe

d:\arquivos de programa\Avast\ashServ.exe

d:\arquivos de programa\Java\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\rundll32.exe

d:\arquivos de programa\Avast\ashMaiSv.exe

d:\arquivos de programa\Avast\ashWebSv.exe

d:\arquivos de programa\Orbitdownloader\orbitnet.exe

c:\windows\system32\WgaTray.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-23 8:06:15 - Máquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2009-02-23 11:06:09

ComboFix2.txt 2009-02-19 12:23:54

 

Pré-execução: 222.208.000 bytes disponíveis

Pós execução: 243,245,056 bytes disponíveis

 

209 --- E O F --- 2008-11-12 09:51:19

 

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:08:16, on 23/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Arquivos de Programa\Avast\aswUpdSv.exe

D:\Arquivos de Programa\Avast\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de Programa\Java\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de Programa\Java\bin\jusched.exe

D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe

D:\ARQUIV~1\Avast\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Arquivos de Programa\Avast\ashMaiSv.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe

D:\Arquivos de Programa\Avast\ashWebSv.exe

D:\Arquivos de Programa\Orbitdownloader\orbitdm.exe

D:\Arquivos de Programa\Orbitdownloader\orbitnet.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\ABC.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de Programa\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de Programa\Java\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de Programa\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de Programa\Java\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de Programa\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\Avast\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de Programa\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de Programa\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search - ?p=ZNxdm414YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c85cdbd777a24a5084769900012745c3

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de Programa\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de Programa\Java\bin\jp2iexp.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - Winlogon Notify: wvutsqr - C:\WINDOWS\

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Arquivos de Programa\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de Programa\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de Programa\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de Programa\Avast\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de Programa\Java\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - D:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 8588 bytes

 

 

Obrigado

[DigRam 144]

Bom Dia! Guildus

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><>

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

c:\documents and settings\Administrador\gcs.exe

c:\documents and settings\Administrador\otoxodf.exe

:Reg

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutsqr]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!