[Resolvido!] Virus CID,Como remover?

[Ben-Hur 0]

algumas janelas com titulo CID, contendo propagandas tem aparecido em meu computardor. Já utilizei varios anti-spyware e o avg tambem nao conseguiu remover esse virus(suponho q seja um virus).Não sei oque fazer.

 

aguardo instruções

 

Obrigado!

[DigRam 144]

algumas janelas com titulo CID, contendo propagandas tem aparecido em meu computardor. Já utilizei varios anti-spyware e o avg tambem nao conseguiu remover esse virus(suponho q seja um virus).Não sei oque fazer.

 

aguardo instruções

 

Obrigado!

<><><><><><><><><><>

Opa! Ben-Hur

 

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

[Ben-Hur 0]

Aqui esta o log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:08:58, on 20/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\svchost.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [second bat creative peak] C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\Vga grey.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [siteHole] C:\DOCUME~1\ADMINI~1\DADOSD~1\GREATR~1\modempeg.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 10247 bytes

[DigRam 144]

Boa Tarde! Ben-Hur

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Ben-Hur 0]

Não foi possivel executar o aplicativo LopSD...

 

recebi esta mensagem de erro:

 

[DigRam 144]

Não foi possivel executar o aplicativo LopSD...

 

recebi esta mensagem de erro:

 

<><><><><><><><><><>

Opa! Ben-Hur

 

<!> Voçê já verificou,se possui atributos administrativos?

<><><><><><><><><><>

<@> Baixe: < FindLop >

<@> Descompacte-o e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

<@> Mas,não execute-o ainda!

<@> Baixe: < new_uninstall >

<@> Caso o antivírus bloqueie o download,ignore o aviso e permita sua execução.

<@> Se o navegador impedir o download,coloque: < http://lop.com >,como Site Preferencial.

<@> Desabilite as proteções residentes de antivírus e antispywares.

<@> Execute o desinstalador!

<@> Digite os números e,confirme!

<@> Ps: Não sendo possível,executar o desinstalador,siga apenas com o FindLop.

<@> Execute,agora,o findlop.bat.

<@> Será gerado um relatório ( findlop.txt ) no Disco local (C)

<@> Poste: findlop.txt

<><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

Estarei fora por hoje.... e estarei retornando amanhã.... provavelmente post a resposta amanhã ou no maximo quarta.

 

obrigado pela atenção!

[DigRam 144]

Estarei fora por hoje.... e estarei retornando amanhã.... provavelmente post a resposta amanhã ou no maximo quarta.

 

obrigado pela atenção!

<><><><><><><><><><>

Opa! Ben-Hur

 

<!> Ok! :thumbsup:

 

Abraços!

[Ben-Hur 0]

Apenas uma Dúvida antes de ir adiante, o log do FindLop foi apenas :

 

[TRACE] Enumerating jobs and queues

 

 

 

Isso é normal?

[DigRam 144]

Apenas uma Dúvida antes de ir adiante, o log do FindLop foi apenas :

 

[TRACE] Enumerating jobs and queues

 

Isso é normal?

<><><><><><>

Opa! Ben-Hur

 

<!> O relatório indica ausência de agendamentos,pelo lop,mas...o ComboFix pode confirmar tal fato.

<!> Siga,portanto,com o ComboFix e poste seu relatório. ( ComboFix.txt )

 

Abraços!

[Ben-Hur 0]

Aqui estão ComboFix e Hijack logs Respectivamente:

 

 

ComboFix 09-04-22.A23 - Administrador 22/04/2009 14:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1523 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))

.

 

2009-04-22 15:38 . 2009-04-22 15:38 -------- d-----w C:\FindLop.exe

2009-04-20 15:26 . 2009-04-22 00:20 -------- d-----w C:\LopSD

2009-04-20 15:05 . 2009-04-20 15:08 -------- d-----w C:\HiJackThis

2009-04-11 22:10 . 2000-05-23 01:58 608448 ----a-w c:\windows\system32\comctl32.ocx

2009-04-11 22:04 . 2009-04-11 22:04 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\vdownloader

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\system32\xircom

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\system32\oobe

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\srchasst

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\msagent

2009-04-08 18:24 . 2008-12-11 11:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys

2009-04-08 18:24 . 2009-04-22 17:23 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-08 18:24 . 2009-03-06 19:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys

2009-04-08 18:24 . 2008-12-18 15:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-08 18:24 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys

2009-04-08 18:24 . 2009-04-08 18:24 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PC Tools

2009-04-08 18:24 . 2009-04-08 18:24 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\PC Tools

2009-04-06 17:39 . 2009-04-06 17:39 -------- d-sh--w c:\windows\ftpcache

2009-04-05 15:43 . 2009-04-05 15:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Publish Providers

2009-04-05 15:42 . 2009-04-05 15:42 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Sony

2009-04-05 15:38 . 2002-12-17 19:23 33340 ------w c:\windows\system32\dbmsqlgc.dll

2009-04-05 15:38 . 2002-10-20 17:05 24576 ------w c:\windows\system32\dbmsgnet.dll

2009-04-05 15:37 . 2009-04-05 15:42 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Sony

2009-04-05 15:37 . 2009-04-05 15:37 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\windows\system32\{sys}

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\windows\system32\mem

2009-04-03 00:29 . 2009-04-03 00:29 -------- d-----w c:\windows\system32\EXP

2009-03-31 16:23 . 2009-03-31 16:23 8192 ----a-w c:\windows\REGLOCS.OLD

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 17:22 . 2008-12-21 12:17 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-04-22 16:02 . 2008-07-30 15:38 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\foobar2000

2009-04-22 15:43 . 2009-04-22 15:43 37 ----a-w C:\findlop.txt

2009-04-22 15:34 . 2009-04-08 18:24 -------- d-----w c:\arquivos de programas\Spyware Doctor

2009-04-22 15:12 . 2008-07-30 16:25 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-04-22 15:12 . 2008-12-21 12:17 -------- d-----w c:\arquivos de programas\DNA

2009-04-15 19:58 . 2008-12-21 12:22 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-04-11 22:14 . 2008-07-30 12:35 1068032 ----a-w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-11 22:10 . 2009-04-11 22:10 -------- d-----w c:\arquivos de programas\Total Video Converter

2009-04-11 22:04 . 2009-04-11 22:04 -------- d-----w c:\arquivos de programas\VDOWNLOADER

2009-04-09 11:58 . 2009-03-13 16:06 -------- d-----w c:\arquivos de programas\SUPERAntiSpyware

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-08 18:28 . 2009-04-08 18:24 -------- d-----w c:\arquivos de programas\Arquivos comuns\PC Tools

2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w c:\windows\system32\perfc016.dat

2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w c:\windows\system32\perfh016.dat

2009-04-05 15:38 . 2009-04-05 15:38 -------- d-----w c:\arquivos de programas\Microsoft SQL Server

2009-04-05 15:37 . 2009-04-05 15:37 -------- d-----w c:\arquivos de programas\Vstplugins

2009-04-05 15:37 . 2008-09-09 00:44 -------- d-----w c:\arquivos de programas\Sony

2009-04-05 15:35 . 2009-04-05 15:35 -------- d-----w c:\arquivos de programas\Sony Setup

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\arquivos de programas\DanDans Audio Editor

2009-03-16 23:47 . 2008-07-30 16:25 -------- d-----w c:\arquivos de programas\Orbitdownloader

2009-03-13 16:46 . 2008-11-01 18:59 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-13 16:07 . 2009-03-13 16:07 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-03-13 16:06 . 2009-03-13 16:06 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2009-03-13 16:06 . 2008-11-04 18:30 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-03-11 17:24 . 2008-08-18 01:25 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2009-03-11 16:54 . 2008-08-09 16:54 34 ----a-w c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2009-03-08 18:25 . 2009-03-07 15:06 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-03-07 15:06 . 2009-03-07 15:06 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-03-07 15:06 . 2009-03-07 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-07 15:06 . 2009-03-07 15:06 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-07 15:06 . 2008-07-30 13:23 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-03-02 18:49 . 2008-09-03 15:50 -------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-28 17:26 . 2009-02-28 17:26 -------- d-----w c:\arquivos de programas\OnGame

2009-02-27 21:16 . 2008-08-25 22:04 -------- d-----w c:\arquivos de programas\Warcraft III

2009-02-25 19:49 . 2009-01-29 17:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PIXELA

2009-02-25 11:43 . 2008-08-18 01:25 -------- d-----w c:\arquivos de programas\LimeWire

2009-02-18 21:54 . 2008-08-04 17:32 316 ----a-w C:\Realmlist.txt

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2008-09-26 16:38 . 2008-09-26 16:38 146 ----a-w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\fusioncache.dat

.

 

------- Sigcheck -------

 

[-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll

 

[-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe

[7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe

 

[-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe

 

[-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 19:24 325000 ----a-w c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-09 1830128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325]

"DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 14:05 356352 ----a-w c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-07 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7700:TCP"= 7700:TCP:THE DUEL

"7800:TCP"= 7800:TCP:THE DUEL

 

R3 GarenaPEngine;GarenaPEngine; [x]

R3 npggsvc;nProtect GameGuard Service; [x]

R3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R3 XDva186;XDva186; [x]

R3 XDva223;XDva223; [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-07 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-07 107912]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-09 9968]

S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-03-07 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

 

 

--- ---

 

*Deregistered* - mchInjDrv

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584d8994-6a43-11dd-abe6-001d7dfd1203}]

\Shell\AutoRun\command - RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

\Shell\open\command - RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc867ed0-d08f-11dd-ace9-001d7dfd1203}]

\Shell\AutoRun\command - H:\fooool.exe

\Shell\explore\Command - H:\fooool.exe

\Shell\open\Command - H:\fooool.exe

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 14:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\docume~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_c44.dat 16384 bytes

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\GPE2B.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(808)

c:\windows\system32\sfc_os.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'explorer.exe'(2436)

c:\windows\system32\CRYPT32.dll

c:\windows\system32\MSASN1.dll

c:\arquivos de programas\VisualTaskTips\VttHooks.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-04-22 14:33

ComboFix-quarantined-files.txt 2009-04-22 17:33

 

Pré-execução: 24 pasta(s) 49.895.481.344 bytes disponíveis

Pós execução: 23 pasta(s) 49.881.817.088 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

283

 

================================================================================

=

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:38:31, on 22/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8750 bytes

[DigRam 144]

Boa Tarde! Ben-Hur

 

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

<><><><><><><><><><><><><><>

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Driver::

"CiSvc"

"npggsvc"

"GarenaPEngine"

File::

H:\fooool.exe

c:\docume~1\ADMINI~1\CONFIG~1\Temp\GPE2B.tmp

c:\docume~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_c44.dat

c:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

H:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

Registry::

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"=-

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc867ed0-d08f-11dd-ace9-001d7dfd1203}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584d8994-6a43-11dd-abe6-001d7dfd1203}]

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

aqui seguem respectivamente os logs do ToolBarSD, ComboFix e Hijackthis:

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : Award Modular BIOS v6.00PG

USER : Administrador ( Administrator )

BOOT : Fail-safe boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:146 Go (Free:46 Go)

D:\ (Local Disk) - NTFS - Total:86 Go (Free:25 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( qua 22/04/2009|17:06 )

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskBarDis\bar

Deletado! - C:\Arquivos de programas\AskBarDis\PopSwatter

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe

Deletado! - C:\Arquivos de programas\AskBarDis

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(Administrador) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="about:blank"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qua 22/04/2009|17:07 - Option : [2]

 

-----------\\ Verificação completa em 17:07:36,81

 

===========================================================

 

 

ComboFix 09-04-22.A23 - Administrador 22/04/2009 17:17.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1555 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))

.

 

2009-04-22 20:06 . 2009-04-22 20:07 -------- d-----w C:\ToolBar SD

2009-04-22 19:19 . 2009-04-22 19:20 -------- d-----w C:\ToolBarSD

2009-04-22 15:38 . 2009-04-22 15:38 -------- d-----w C:\FindLop.exe

2009-04-20 15:26 . 2009-04-22 00:20 -------- d-----w C:\LopSD

2009-04-20 15:05 . 2009-04-22 17:38 -------- d-----w C:\HiJackThis

2009-04-11 22:10 . 2000-05-23 01:58 608448 ----a-w c:\windows\system32\comctl32.ocx

2009-04-11 22:04 . 2009-04-11 22:04 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\vdownloader

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\system32\xircom

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\system32\oobe

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\srchasst

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\windows\msagent

2009-04-08 18:24 . 2008-12-11 11:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys

2009-04-08 18:24 . 2009-04-22 17:23 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-08 18:24 . 2009-03-06 19:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys

2009-04-08 18:24 . 2008-12-18 15:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-08 18:24 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys

2009-04-08 18:24 . 2009-04-08 18:24 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PC Tools

2009-04-08 18:24 . 2009-04-08 18:24 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\PC Tools

2009-04-06 17:39 . 2009-04-06 17:39 -------- d-sh--w c:\windows\ftpcache

2009-04-05 15:43 . 2009-04-05 15:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Publish Providers

2009-04-05 15:42 . 2009-04-05 15:42 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Sony

2009-04-05 15:38 . 2002-12-17 19:23 33340 ------w c:\windows\system32\dbmsqlgc.dll

2009-04-05 15:38 . 2002-10-20 17:05 24576 ------w c:\windows\system32\dbmsgnet.dll

2009-04-05 15:37 . 2009-04-05 15:42 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Sony

2009-04-05 15:37 . 2009-04-05 15:37 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\windows\system32\{sys}

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\windows\system32\mem

2009-04-03 00:29 . 2009-04-03 00:29 -------- d-----w c:\windows\system32\EXP

2009-03-31 16:23 . 2009-03-31 16:23 8192 ----a-w c:\windows\REGLOCS.OLD

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 20:19 . 2008-12-21 12:17 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-04-22 20:09 . 2008-07-30 16:25 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-04-22 20:09 . 2008-12-21 12:17 -------- d-----w c:\arquivos de programas\DNA

2009-04-22 20:07 . 2009-04-22 20:06 1915 ----a-w C:\TB.txt

2009-04-22 16:02 . 2008-07-30 15:38 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\foobar2000

2009-04-22 15:43 . 2009-04-22 15:43 37 ----a-w C:\findlop.txt

2009-04-22 15:34 . 2009-04-08 18:24 -------- d-----w c:\arquivos de programas\Spyware Doctor

2009-04-15 19:58 . 2008-12-21 12:22 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-04-11 22:14 . 2008-07-30 12:35 1068032 ----a-w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-11 22:10 . 2009-04-11 22:10 -------- d-----w c:\arquivos de programas\Total Video Converter

2009-04-11 22:04 . 2009-04-11 22:04 -------- d-----w c:\arquivos de programas\VDOWNLOADER

2009-04-09 11:58 . 2009-03-13 16:06 -------- d-----w c:\arquivos de programas\SUPERAntiSpyware

2009-04-09 11:55 . 2009-04-09 11:55 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-08 18:28 . 2009-04-08 18:24 -------- d-----w c:\arquivos de programas\Arquivos comuns\PC Tools

2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w c:\windows\system32\perfc016.dat

2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w c:\windows\system32\perfh016.dat

2009-04-05 15:38 . 2009-04-05 15:38 -------- d-----w c:\arquivos de programas\Microsoft SQL Server

2009-04-05 15:37 . 2009-04-05 15:37 -------- d-----w c:\arquivos de programas\Vstplugins

2009-04-05 15:37 . 2008-09-09 00:44 -------- d-----w c:\arquivos de programas\Sony

2009-04-05 15:35 . 2009-04-05 15:35 -------- d-----w c:\arquivos de programas\Sony Setup

2009-04-03 00:38 . 2009-04-03 00:38 -------- d-----w c:\arquivos de programas\DanDans Audio Editor

2009-03-16 23:47 . 2008-07-30 16:25 -------- d-----w c:\arquivos de programas\Orbitdownloader

2009-03-13 16:46 . 2008-11-01 18:59 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-13 16:07 . 2009-03-13 16:07 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-03-13 16:06 . 2009-03-13 16:06 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2009-03-13 16:06 . 2008-11-04 18:30 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-03-11 17:24 . 2008-08-18 01:25 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2009-03-11 16:54 . 2008-08-09 16:54 34 ----a-w c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2009-03-08 18:25 . 2009-03-07 15:06 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-03-07 15:06 . 2009-03-07 15:06 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-03-07 15:06 . 2009-03-07 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-07 15:06 . 2009-03-07 15:06 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-07 15:06 . 2008-07-30 13:23 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-03-02 18:49 . 2008-09-03 15:50 -------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-28 17:26 . 2009-02-28 17:26 -------- d-----w c:\arquivos de programas\OnGame

2009-02-27 21:16 . 2008-08-25 22:04 -------- d-----w c:\arquivos de programas\Warcraft III

2009-02-25 19:49 . 2009-01-29 17:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PIXELA

2009-02-25 11:43 . 2008-08-18 01:25 -------- d-----w c:\arquivos de programas\LimeWire

2009-02-18 21:54 . 2008-08-04 17:32 316 ----a-w C:\Realmlist.txt

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2008-09-26 16:38 . 2008-09-26 16:38 146 ----a-w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\fusioncache.dat

.

 

------- Sigcheck -------

 

[-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll

 

[-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe

[7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe

 

[-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe

 

[-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-09 1830128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325]

"DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 14:05 356352 ----a-w c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-07 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7700:TCP"= 7700:TCP:THE DUEL

"7800:TCP"= 7800:TCP:THE DUEL

 

R3 GarenaPEngine;GarenaPEngine; [x]

R3 npggsvc;nProtect GameGuard Service; [x]

R3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R3 XDva186;XDva186; [x]

R3 XDva223;XDva223; [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-07 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-07 107912]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-09 9968]

S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-03-07 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584d8994-6a43-11dd-abe6-001d7dfd1203}]

\Shell\AutoRun\command - RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

\Shell\open\command - RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc867ed0-d08f-11dd-ace9-001d7dfd1203}]

\Shell\AutoRun\command - H:\fooool.exe

\Shell\explore\Command - H:\fooool.exe

\Shell\open\Command - H:\fooool.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 17:20

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\GPE2B.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

c:\windows\system32\sfc_os.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'explorer.exe'(660)

c:\windows\system32\CRYPT32.dll

c:\windows\system32\MSASN1.dll

c:\arquivos de programas\VisualTaskTips\VttHooks.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-04-22 17:21

ComboFix-quarantined-files.txt 2009-04-22 20:21

ComboFix2.txt 2009-04-22 17:33

 

Pré-execução: 26 pasta(s) 49.843.462.144 bytes disponíveis

Pós execução: 25 pasta(s) 49.830.858.752 bytes disponíveis

 

271

 

===================================================

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:26:38, on 22/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8605 bytes

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><><><><><>

<@> Baixe: < OTMoveIt3 > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

CiSvc

npggsvc

GarenaPEngine

:Files

H:\fooool.exe

c:\docume~1\ADMINI~1\CONFIG~1\Temp\GPE2B.tmp

c:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

H:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe

c:\docume~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_c44.dat

:Reg

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"=-

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc867ed0-d08f-11dd-ace9-001d7dfd1203}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584d8994-6a43-11dd-abe6-001d7dfd1203}]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Ben-Hur 0]

Aqui estão respectivamente OTMove e Hijack:

 

 

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver CiSvc deleted successfully.

 

Service\Driver npggsvc deleted successfully.

 

Service\Driver GarenaPEngine deleted successfully.

========== FILES ==========

File/Folder H:\fooool.exe not found.

File/Folder c:\docume~1\ADMINI~1\CONFIG~1\Temp\GPE2B.tmp not found.

File/Folder c:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe not found.

File/Folder H:\RESTORE\k-1-3542-4232123213-7676767-8888886\BLUE.exe not found.

File/Folder c:\docume~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_c44.dat not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc not found.

Registry key HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc867ed0-d08f-11dd-ace9-001d7dfd1203}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584d8994-6a43-11dd-abe6-001d7dfd1203}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1.wmz scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\etilqs_R1dD8FSXlPON6gEJp1je scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_5ec.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~DFED79.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\CP4D4HWN\index[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_203711

 

Files moved on Reboot...

File C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1.wmz not found!

File C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\etilqs_R1dD8FSXlPON6gEJp1je not found!

File C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Perflib_Perfdata_5ec.dat not found!

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~DFED79.tmp moved successfully.

File C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\CP4D4HWN\index[1].htm not found!

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\XUL.mfl moved successfully.

 

=========================================================================

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44:31, on 22/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8638 bytes

 

 

Desculpe a demora com a resposta.....

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

 

<@> Marque,àcima,esta entrada --> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Abra o OTMoveIt3 --> Clique em < > --> Aguarde! --> Yes!

<><><><><><><><><><>

<@> Atualize o Java.

<@> Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><>

<@> Faça download da última versão do Java Runtime Environment (JRE) 6u13.

<@> Localize: "Java Runtime Environment (JRE) 6 Update 13"

<@> Clique no botão Download.

<@> Marque a opção que diz: "Accept License Agreement"

<@> A página será atualizada!

<@> Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

<@> Feche o IE ou Firefox + Programas que estejam sendo executados.

<@> Vá em Iniciar --> Painel de Controle.

<@> Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><>

<@> Exemplos de antigas versões:

 

< > Java 2 Runtime Environment, SE v1.4.2

< > J2SE Runtime Environment 5.0

< > J2SE Runtime Environment 5.0 Update 6

 

<@> Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

<@> Clique no botão Remover ou Alterar/Remover.

<@> Repita quantas vezes for necessária,para remover cada versão do Java.

<@> Concluindo,reinicie o computador!

<@> Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

<><><><><><><><><><>

<!> O log está limpo! ;)

<!> CiD,ainda,lhe incomoda?

 

Abraços!

[Ben-Hur 0]

Sem problemas com o CiD! Problema resolvido!

 

Agradeço a atenção e admiro a dedicação!

 

Muito grato, abraço!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.